|
212401
|
8.8 |
HIGH
Network
|
samsung
|
galaxy_s6
|
SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.
|
CWE-20
Improper Input Validation
|
CVE-2015-7893
|
2024-11-21 11:37 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212402
|
9.8 |
CRITICAL
Network
|
botan_project
|
botan
|
botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by acc…
|
CWE-295
Improper Certificate Validation
|
CVE-2015-7826
|
2024-11-21 11:37 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212403
|
7.5 |
HIGH
Network
|
botan_project
|
botan
|
botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the cer…
|
NVD-CWE-Other
|
CVE-2015-7825
|
2024-11-21 11:37 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212404
|
7.5 |
HIGH
Network
|
botan_project
|
botan
|
botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites.
|
CWE-200
Information Exposure
|
CVE-2015-7824
|
2024-11-21 11:37 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212405
|
5.5 |
MEDIUM
Local
|
huawei
|
e3272s_firmware
|
Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious …
|
CWE-20
Improper Input Validation
|
CVE-2015-7847
|
2024-11-21 11:37 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212406
|
7.5 |
HIGH
Network
|
huawei
|
fusionaccess
|
Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not …
|
CWE-20
Improper Input Validation
|
CVE-2015-7844
|
2024-11-21 11:37 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212407
|
6.1 |
MEDIUM
Network
|
icinga
opensuse_project
opensuse
|
icinga
leap
|
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8010
|
2024-11-21 11:37 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212408
|
7.8 |
HIGH
Local
|
exfat_project
|
exfat
|
Heap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) or possibly execute arbitr…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8026
|
2024-11-21 11:37 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212409
|
8.1 |
HIGH
Network
|
windriver
|
vxworks
|
Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a de…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2015-7599
|
2024-11-21 11:37 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212410
|
3.3 |
LOW
Local
|
saltstack
|
salt
|
The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.
|
CWE-200
Information Exposure
|
CVE-2015-8034
|
2024-11-21 11:37 |
2017-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
