|
270551
|
5.4 |
MEDIUM
Network
|
synology
|
photo_station
|
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML v…
|
CWE-79
Cross-site Scripting
|
CVE-2015-9102
|
2024-11-21 11:39 |
2017-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270552
|
5.5 |
MEDIUM
Local
|
lame_project
|
lame
|
The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-ba…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-9101
|
2024-11-21 11:39 |
2017-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270553
|
5.5 |
MEDIUM
Local
|
lame_project
|
lame
|
The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio fi…
|
CWE-476
NULL Pointer Dereference
|
CVE-2015-9100
|
2024-11-21 11:39 |
2017-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270554
|
5.5 |
MEDIUM
Local
|
lame_project
|
lame
|
The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file with a negati…
|
CWE-125
Out-of-bounds Read
|
CVE-2015-9099
|
2024-11-21 11:39 |
2017-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270555
|
9.8 |
CRITICAL
Network
|
red-gate
|
sql_monitor
|
In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitor…
|
CWE-89
SQL Injection
|
CVE-2015-9098
|
2024-11-21 11:39 |
2017-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270556
|
6.1 |
MEDIUM
Network
|
elastic
|
kibana
|
Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9056
|
2024-11-21 11:39 |
2017-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270557
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, a QTEE system call fails to validate a pointer.
|
CWE-20
Improper Input Validation
|
CVE-2015-9033
|
2024-11-21 11:39 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270558
|
3.3 |
LOW
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications.
|
CWE-200
Information Exposure
|
CVE-2015-9032
|
2024-11-21 11:39 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270559
|
3.3 |
LOW
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP.
|
CWE-200
Information Exposure
|
CVE-2015-9031
|
2024-11-21 11:39 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270560
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2015-9030
|
2024-11-21 11:39 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
