|
267971
|
5.5 |
MEDIUM
Local
|
wireshark
|
wireshark
|
The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attac…
|
CWE-20
Improper Input Validation
|
CVE-2015-8712
|
2024-11-21 11:39 |
2016-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267972
|
5.5 |
MEDIUM
Local
|
wireshark
|
wireshark
|
epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of se…
|
CWE-20
Improper Input Validation
|
CVE-2015-8711
|
2024-11-21 11:39 |
2016-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267973
|
7.5 |
HIGH
Network
|
heartcombo
|
devise
|
The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2015-8314
|
2024-11-21 11:38 |
2023-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267974
|
8.8 |
HIGH
Network
|
getcomposer
|
composer
|
Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because o…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2015-8371
|
2024-11-21 11:38 |
2023-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267975
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-ba…
|
CWE-787
Out-of-bounds Write
|
CVE-2015-8546
|
2024-11-21 11:38 |
2020-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267976
|
8.8 |
HIGH
Network
|
lenovo
|
solution_center
|
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to vers…
|
CWE-352
Origin Validation Error
|
CVE-2015-8536
|
2024-11-21 11:38 |
2020-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267977
|
7.8 |
HIGH
Local
|
lenovo
|
solution_center
|
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center…
|
CWE-22
Path Traversal
|
CVE-2015-8535
|
2024-11-21 11:38 |
2020-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267978
|
7.8 |
HIGH
Local
|
lenovo
|
solution_center
|
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution…
|
CWE-269
Improper Privilege Management
|
CVE-2015-8534
|
2024-11-21 11:38 |
2020-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267979
|
7.1 |
HIGH
Local
|
pyamf
|
pyamf
|
XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload.
|
CWE-611
XXE
|
CVE-2015-8549
|
2024-11-21 11:38 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267980
|
9.8 |
CRITICAL
Network
|
libraw
|
libraw
|
The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.
|
CWE-665
Improper Initialization
|
CVE-2015-8367
|
2024-11-21 11:38 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
