|
277281
|
7.5 |
HIGH
Network
|
php
canonical
|
php
ubuntu_linux
|
The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, w…
|
CWE-310
Cryptographic Issues
|
CVE-2015-8867
|
2024-11-21 11:39 |
2016-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277282
|
6.1 |
MEDIUM
Network
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8834
|
2024-11-21 11:39 |
2016-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277283
|
9.6 |
CRITICAL
Network
|
php
canonical
suse
opensuse
|
php
ubuntu_linux
linux_enterprise_software_development_kit
linux_enterprise_module_for_web_scripting
leap
opensuse
|
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote att…
|
CWE-611
XXE
|
CVE-2015-8866
|
2024-11-21 11:39 |
2016-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277284
|
7.3 |
HIGH
Local
|
php
apple
|
php
mac_os_x
|
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, whi…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8865
|
2024-11-21 11:39 |
2016-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277285
|
7.5 |
HIGH
Network
|
opensuse
php
|
leap
php
|
Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8874
|
2024-11-21 11:39 |
2016-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277286
|
7.5 |
HIGH
Network
|
php
opensuse
|
php
leap
|
Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) …
|
CWE-20
Improper Input Validation
|
CVE-2015-8873
|
2024-11-21 11:39 |
2016-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277287
|
5.9 |
MEDIUM
Network
|
php
|
php
|
ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof serve…
|
CWE-284
Improper Access Control
|
CVE-2015-8838
|
2024-11-21 11:39 |
2016-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277288
|
9.8 |
CRITICAL
Network
|
php
|
php
|
The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a…
|
NVD-CWE-Other
|
CVE-2015-8835
|
2024-11-21 11:39 |
2016-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277289
|
7.8 |
HIGH
Local
|
fedoraproject
debian
canonical
freedesktop
|
fedora
debian_linux
ubuntu_linux
poppler
|
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or poss…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8868
|
2024-11-21 11:39 |
2016-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277290
|
9.8 |
CRITICAL
Network
|
opensuse
jq_project
|
leap
opensuse
jq
|
Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8863
|
2024-11-21 11:39 |
2016-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
