|
211881
|
9.8 |
CRITICAL
Network
|
nettle_project
canonical
opensuse
|
nettle
ubuntu_linux
leap
opensuse
|
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allo…
|
CWE-310
CWE-254
Cryptographic Issues
7PK - Security Features
|
CVE-2015-8803
|
2024-11-21 11:39 |
2016-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211882
|
6.1 |
MEDIUM
Network
|
apache
|
solr
|
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HT…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8797
|
2024-11-21 11:39 |
2016-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211883
|
6.1 |
MEDIUM
Network
|
apache
|
solr
|
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a craf…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8796
|
2024-11-21 11:39 |
2016-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211884
|
6.1 |
MEDIUM
Network
|
apache
|
solr
|
Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled duri…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8795
|
2024-11-21 11:39 |
2016-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211885
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or…
|
CWE-476
NULL Pointer Dereference
|
CVE-2015-8787
|
2024-11-21 11:39 |
2016-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211886
|
6.2 |
MEDIUM
Local
|
linux
suse
|
linux_kernel
linux_enterprise_real_time_extension
|
The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero lengt…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2015-8785
|
2024-11-21 11:39 |
2016-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211887
|
6.2 |
MEDIUM
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a c…
|
CWE-362
Race Condition
|
CVE-2015-8767
|
2024-11-21 11:39 |
2016-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211888
|
7.0 |
HIGH
Local
|
linux
|
linux_kernel
|
kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter th…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-8709
|
2024-11-21 11:39 |
2016-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211889
|
5.3 |
MEDIUM
Network
|
radicale
|
radicale
|
Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-8748
|
2024-11-21 11:39 |
2016-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211890
|
10.0 |
CRITICAL
Network
|
radicale
|
radicale
|
The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.
|
CWE-20
Improper Input Validation
|
CVE-2015-8747
|
2024-11-21 11:39 |
2016-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
