|
212041
|
5.3 |
MEDIUM
Network
|
ntp
|
ntp
|
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.
|
CWE-284
Improper Access Control
|
CVE-2015-8139
|
2024-11-21 11:38 |
2017-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212042
|
5.3 |
MEDIUM
Network
|
ntp
|
ntp
|
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.
|
CWE-20
Improper Input Validation
|
CVE-2015-8138
|
2024-11-21 11:38 |
2017-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212043
|
7.5 |
HIGH
Network
|
vercel
|
ms
|
The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2015-8315
|
2024-11-21 11:38 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212044
|
9.8 |
CRITICAL
Network
|
netbsd
|
netbsd
|
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware pr…
|
CWE-20
Improper Input Validation
|
CVE-2015-8212
|
2024-11-21 11:38 |
2017-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212045
|
6.1 |
MEDIUM
Network
|
exponentcms
|
exponent_cms
|
Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspe…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8684
|
2024-11-21 11:38 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212046
|
6.1 |
MEDIUM
Network
|
exponentcms
|
exponent_cms
|
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.
|
CWE-79
Cross-site Scripting
|
CVE-2015-8667
|
2024-11-21 11:38 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212047
|
6.5 |
MEDIUM
Local
|
qemu
|
qemu
|
QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in 'tx_consume' routine, if a desc…
|
CWE-193
Off-by-one Error
|
CVE-2015-8701
|
2024-11-21 11:38 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212048
|
8.8 |
HIGH
Network
|
open-xchange
|
ox_guard
|
An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Cl…
|
CWE-320
Key Management Errors
|
CVE-2015-8542
|
2024-11-21 11:38 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212049
|
6.1 |
MEDIUM
Network
|
broadcom
|
release_automation
|
Multiple cross-site scripting (XSS) vulnerabilities in CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 befo…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8699
|
2024-11-21 11:38 |
2016-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212050
|
7.1 |
HIGH
Local
|
broadcom
|
release_automation
|
CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allows remote attackers to read arbitrary…
|
NVD-CWE-Other
|
CVE-2015-8698
|
2024-11-21 11:38 |
2016-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
