|
267031
|
7.8 |
HIGH
Local
|
suse
canonical
linux
|
linux_enterprise_real_time_extension
ubuntu_linux
linux_kernel
|
The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to se…
|
CWE-269
Improper Privilege Management
|
CVE-2015-8539
|
2024-11-21 11:38 |
2016-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267032
|
7.5 |
HIGH
Network
|
fisher-price
|
smart_toy_bear
|
The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an accou…
|
CWE-287
Improper Authentication
|
CVE-2015-8269
|
2024-11-21 11:38 |
2016-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267033
|
7.5 |
HIGH
Network
|
huawei
|
e5151_firmware
e5186_firmware
|
Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source…
|
CWE-20
Improper Input Validation
|
CVE-2015-8265
|
2024-11-21 11:38 |
2016-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267034
|
7.5 |
HIGH
Network
|
opensuse
golang
|
leap
go
|
The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys…
|
CWE-200
Information Exposure
|
CVE-2015-8618
|
2024-11-21 11:38 |
2016-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267035
|
8.8 |
HIGH
Network
|
cakephp
|
cakephp
|
CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.
|
CWE-352
Origin Validation Error
|
CVE-2015-8379
|
2024-11-21 11:38 |
2016-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267036
|
9.8 |
CRITICAL
Network
|
harman
|
amx_firmware
|
The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access…
|
CWE-255
Credentials Management
|
CVE-2015-8362
|
2024-11-21 11:38 |
2016-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267037
|
7.3 |
HIGH
Network
|
apple
libpng
|
mac_os_x
libpng
|
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers t…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8472
|
2024-11-21 11:38 |
2016-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267038
|
7.0 |
HIGH
Network
|
isc
|
bind
|
buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash)…
|
CWE-20
Improper Input Validation
|
CVE-2015-8705
|
2024-11-21 11:38 |
2016-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267039
|
6.5 |
MEDIUM
Network
|
isc
|
bind
|
apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed …
|
CWE-20
Improper Input Validation
|
CVE-2015-8704
|
2024-11-21 11:38 |
2016-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267040
|
9.8 |
CRITICAL
Network
|
php
|
php
|
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a …
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2015-8617
|
2024-11-21 11:38 |
2016-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
