Security Vulnerabilities - CVEs Published In February 2016
Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.
CVSS Score
6.5
EPSS Score
0.002
Published
2016-02-06
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS Score
9.8
EPSS Score
0.008
Published
2016-02-06
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password.
CVSS Score
8.1
EPSS Score
0.008
Published
2016-02-06
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.192
Published
2016-02-05
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.101
Published
2016-02-05
rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query.
CVSS Score
5.9
EPSS Score
0.095
Published
2016-02-04
The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number.
CVSS Score
7.5
EPSS Score
0.008
Published
2016-02-04
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.
CVSS Score
9.8
EPSS Score
0.016
Published
2016-02-03
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
CVSS Score
7.7
EPSS Score
0.001
Published
2016-02-03
The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.
CVSS Score
10.0
EPSS Score
0.013
Published
2016-02-03