CVE & Exploit Intelligence Database

CVE-2016-0862 6.5 MEDIUM 1 PoC Analysis EPSS 0.19

General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.

CWE-200 Feb 05, 2016

CVE-2016-1284 5.9 MEDIUM EPSS 0.09

rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query.

CWE-20 Feb 04, 2016

CVE-2015-8748 5.3 MEDIUM EPSS 0.01

Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".

CWE-264 Feb 03, 2016

CVE-2015-7536 5.4 MEDIUM EPSS 0.00

Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.

CWE-79 Feb 03, 2016

CVE-2016-2213 6.5 MEDIUM EPSS 0.01

The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.

CWE-119 Feb 03, 2016

CVE-2015-8783 6.5 MEDIUM EPSS 0.01

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.

CWE-125 Feb 01, 2016

CVE-2015-8782 6.5 MEDIUM EPSS 0.02

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.

CWE-787 Feb 01, 2016

CVE-2015-8781 6.5 MEDIUM EPSS 0.02

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.

CWE-787 Feb 01, 2016

CVE-2016-1730 5.4 MEDIUM EPSS 0.00

WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal.

CWE-19 Feb 01, 2016

CVE-2016-1728 4.3 MEDIUM EPSS 0.01

The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site.

CWE-200 Feb 01, 2016

CVE-2016-1948 5.3 MEDIUM EPSS 0.00

Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream.

CWE-310 Jan 31, 2016

CVE-2016-1947 4.7 MEDIUM EPSS 0.01

Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.

CWE-19 Jan 31, 2016

CVE-2016-1943 4.7 MEDIUM EPSS 0.01

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.

CWE-17 Jan 31, 2016

CVE-2016-1941 6.1 MEDIUM EPSS 0.00

The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.

CWE-79 Jan 31, 2016

CVE-2016-1940 5.3 MEDIUM EPSS 0.00

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.

CWE-17 Jan 31, 2016

CVE-2016-1939 5.3 MEDIUM EPSS 0.01

Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208.

CWE-200 Jan 31, 2016

CVE-2016-1938 6.5 MEDIUM 1 Writeup EPSS 0.01

The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.

CWE-310 Jan 31, 2016

CVE-2016-1937 6.1 MEDIUM EPSS 0.00

The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.

CWE-79 Jan 31, 2016

CVE-2016-1933 6.5 MEDIUM EPSS 0.01

Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image.

CWE-189 Jan 31, 2016

CVE-2016-1144 5.4 MEDIUM EPSS 0.00

Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM before 1.2.2 and -JOB WEB SYSTEM High Income 1.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jan 30, 2016