|
277641
|
7.5 |
HIGH
Network
|
torproject
|
tor
|
buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of ser…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2015-2688
|
2024-11-21 11:27 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277642
|
5.5 |
MEDIUM
Local
|
pcre
opensuse
mariadb
php
|
pcre
opensuse
mariadb
php
|
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group cont…
|
CWE-125
Out-of-bounds Read
|
CVE-2015-2326
|
2024-11-21 11:27 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277643
|
7.8 |
HIGH
Local
|
pcre
opensuse
mariadb
php
|
pcre
opensuse
mariadb
php
|
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other uns…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2015-2325
|
2024-11-21 11:27 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277644
|
6.1 |
MEDIUM
Network
|
synacor
|
zimbra_collaboration_server
|
Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console.
|
CWE-79
Cross-site Scripting
|
CVE-2015-2230
|
2024-11-21 11:27 |
2019-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277645
|
9.1 |
CRITICAL
Network
|
huawei
|
oceanstor_uds_firmware
|
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compr…
|
CWE-200
Information Exposure
|
CVE-2015-2254
|
2024-11-21 11:27 |
2019-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277646
|
5.4 |
MEDIUM
Network
|
10web
|
photo_gallery
|
Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web scri…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2324
|
2024-11-21 11:27 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277647
|
6.1 |
MEDIUM
Network
|
woocommerce
|
woocommerce
|
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order.
|
CWE-79
Cross-site Scripting
|
CVE-2015-2329
|
2024-11-21 11:27 |
2018-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277648
|
7.5 |
HIGH
Network
|
etherpad
|
etherpad
|
node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID.
|
CWE-200
Information Exposure
|
CVE-2015-2298
|
2024-11-21 11:27 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277649
|
9.8 |
CRITICAL
Network
|
mono-project
debian
|
mono
debian_linux
|
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-2320
|
2024-11-21 11:27 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277650
|
7.5 |
HIGH
Network
|
mono-project
|
mono
|
The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different v…
|
CWE-295
Improper Certificate Validation
|
CVE-2015-2319
|
2024-11-21 11:27 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
