|
267421
|
9.8 |
CRITICAL
Network
|
freetype
|
freetype
|
In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again.
|
CWE-125
Out-of-bounds Read
|
CVE-2015-9290
|
2024-11-21 11:40 |
2019-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267422
|
6.5 |
MEDIUM
Network
|
unity
|
web_player
|
The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials
|
CWE-200
Information Exposure
|
CVE-2015-9288
|
2024-11-21 11:40 |
2019-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267423
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the usersp…
|
CWE-125
Out-of-bounds Read
|
CVE-2015-9289
|
2024-11-21 11:40 |
2019-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267424
|
9.8 |
CRITICAL
Network
|
cam
|
the_university_of_cambridge_web_authentication_system_apache_authentication_agent
|
Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field ("kid") of the IdP's HTTP response message ("WLS-Response") can be manipulate…
|
CWE-22
Path Traversal
|
CVE-2015-9287
|
2024-11-21 11:40 |
2019-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267425
|
6.1 |
MEDIUM
Network
|
nodebb
|
nodebb
|
Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9286
|
2024-11-21 11:40 |
2019-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267426
|
6.1 |
MEDIUM
Network
|
esotalk
|
esotalk
|
esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9285
|
2024-11-21 11:40 |
2019-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267427
|
8.8 |
HIGH
Network
|
omniauth
|
omniauth
|
The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without …
|
CWE-352
Origin Validation Error
|
CVE-2015-9284
|
2024-11-21 11:40 |
2019-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267428
|
6.1 |
MEDIUM
Network
|
grafana
|
piechart-panel
|
The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. When a chart is included in a Grafana dashboard, this vulnerability could allow an atta…
|
CWE-79
Cross-site Scripting
|
CVE-2015-9282
|
2024-11-21 11:40 |
2019-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267429
|
6.1 |
MEDIUM
Network
|
sas
|
web_infrastructure_platform
|
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9281
|
2024-11-21 11:40 |
2019-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267430
|
10.0 |
CRITICAL
Network
|
mailenable
|
mailenable
|
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.
|
CWE-611
XXE
|
CVE-2015-9280
|
2024-11-21 11:40 |
2019-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
