|
212491
|
9.8 |
CRITICAL
Network
|
apple
|
watchos
iphone_os
mac_os_x
airport_base_station_firmware
mdnsresponder
|
The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vecto…
|
NVD-CWE-Other
|
CVE-2015-7988
|
2024-11-21 11:37 |
2016-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212492
|
9.8 |
CRITICAL
Network
|
apple
|
watchos
iphone_os
mac_os_x
airport_base_station_firmware
mdnsresponder
|
Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueFor…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-7987
|
2024-11-21 11:37 |
2016-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212493
|
4.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vul…
|
CWE-200
Information Exposure
|
CVE-2015-7776
|
2024-11-21 11:37 |
2016-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212494
|
5.4 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-20…
|
CWE-79
Cross-site Scripting
|
CVE-2015-7775
|
2024-11-21 11:37 |
2016-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212495
|
9.8 |
CRITICAL
Network
|
zend
debian
|
zend_framework
debian_linux
|
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.
|
CWE-89
SQL Injection
|
CVE-2015-7695
|
2024-11-21 11:37 |
2016-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212496
|
8.1 |
HIGH
Network
|
apache
|
james_server
|
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.
|
CWE-78
OS Command
|
CVE-2015-7611
|
2024-11-21 11:37 |
2016-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212497
|
5.4 |
MEDIUM
Network
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a diff…
|
CWE-79
Cross-site Scripting
|
CVE-2015-7989
|
2024-11-21 11:37 |
2016-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212498
|
7.5 |
HIGH
Network
|
fedoraproject
botan_project
debian
|
fedora
botan
debian_linux
|
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
|
CWE-200
Information Exposure
|
CVE-2015-7827
|
2024-11-21 11:37 |
2016-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212499
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (…
|
CWE-20
Improper Input Validation
|
CVE-2015-8019
|
2024-11-21 11:37 |
2016-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212500
|
5.5 |
MEDIUM
Local
|
optipng_project
canonical
|
optipng
ubuntu_linux
|
gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-7802
|
2024-11-21 11:37 |
2016-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
