Security Vulnerabilities - CVEs Published In January 2016
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page.
CVSS Score
6.1
EPSS Score
0.002
Published
2016-01-15
Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display.
CVSS Score
6.2
EPSS Score
0.0
Published
2016-01-15
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.
CVSS Score
5.5
EPSS Score
0.488
Published
2016-01-15
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.
CVSS Score
5.5
EPSS Score
0.292
Published
2016-01-15
Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request.
CVSS Score
9.8
EPSS Score
0.018
Published
2016-01-15
Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request.
CVSS Score
7.5
EPSS Score
0.013
Published
2016-01-15
Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request.
CVSS Score
8.1
EPSS Score
0.012
Published
2016-01-15
Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.082
Published
2016-01-15
Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.609
Published
2016-01-15
Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.035
Published
2016-01-15