|
211881
|
7.5 |
HIGH
Network
|
heartcombo
|
devise
|
The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2015-8314
|
2024-11-21 11:38 |
2023-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211882
|
8.8 |
HIGH
Network
|
getcomposer
|
composer
|
Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because o…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2015-8371
|
2024-11-21 11:38 |
2023-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211883
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-ba…
|
CWE-787
Out-of-bounds Write
|
CVE-2015-8546
|
2024-11-21 11:38 |
2020-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211884
|
8.8 |
HIGH
Network
|
lenovo
|
solution_center
|
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to vers…
|
CWE-352
Origin Validation Error
|
CVE-2015-8536
|
2024-11-21 11:38 |
2020-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211885
|
7.8 |
HIGH
Local
|
lenovo
|
solution_center
|
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center…
|
CWE-22
Path Traversal
|
CVE-2015-8535
|
2024-11-21 11:38 |
2020-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211886
|
7.8 |
HIGH
Local
|
lenovo
|
solution_center
|
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution…
|
CWE-269
Improper Privilege Management
|
CVE-2015-8534
|
2024-11-21 11:38 |
2020-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211887
|
7.1 |
HIGH
Local
|
pyamf
|
pyamf
|
XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload.
|
CWE-611
XXE
|
CVE-2015-8549
|
2024-11-21 11:38 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211888
|
9.8 |
CRITICAL
Network
|
libraw
|
libraw
|
The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.
|
CWE-665
Improper Initialization
|
CVE-2015-8367
|
2024-11-21 11:38 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211889
|
9.8 |
CRITICAL
Network
|
libraw
|
libraw
|
Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.
|
CWE-129
Improper Validation of Array Index
|
CVE-2015-8366
|
2024-11-21 11:38 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211890
|
5.9 |
MEDIUM
Network
|
gnu
debian
|
gnutls
debian_linux
|
GnuTLS incorrectly validates the first byte of padding in CBC modes
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2015-8313
|
2024-11-21 11:38 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
