5 matches found
DEBIAN-CVE-2015-9244
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with mysql.escape which could lead to SQL Injection...
DEBIAN-CVE-2015-2318
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue...
DEBIAN-CVE-2015-8623
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different...
DEBIAN-CVE-2015-7313
LibTIFF before 4.0.7 allows remote attackers to cause a denial of service memory consumption and crash via a crafted tiff file...
DEBIAN-CVE-2015-8665
tifgetimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service out-of-bounds read via the SamplesPerPixel tag in a TIFF image...