|
277911
|
9.8 |
CRITICAL
Network
|
opensuse
php
|
leap
php
|
Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a f…
|
NVD-CWE-Other
|
CVE-2015-4116
|
2024-11-21 11:30 |
2016-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277912
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system cra…
|
NVD-CWE-Other
|
CVE-2015-4178
|
2024-11-21 11:30 |
2016-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277913
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a deni…
|
NVD-CWE-Other
|
CVE-2015-4177
|
2024-11-21 11:30 |
2016-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277914
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of…
|
CWE-200
Information Exposure
|
CVE-2015-4176
|
2024-11-21 11:30 |
2016-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277915
|
4.7 |
MEDIUM
Local
|
linux
redhat
|
linux_kernel
enterprise_linux_for_ibm_z_systems_eus
enterprise_linux_for_power_big_endian_eus
enterprise_linux_server_eus
enterprise_linux_for_power_little_endian_eus
enterprise_linux_…
|
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_do…
|
CWE-362
Race Condition
|
CVE-2015-4170
|
2024-11-21 11:30 |
2016-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277916
|
5.4 |
MEDIUM
Network
|
advantech
|
webaccess
|
Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-3948
|
2024-11-21 11:30 |
2016-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277917
|
8.1 |
HIGH
Network
|
advantech
|
webaccess
|
SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2015-3947
|
2024-11-21 11:30 |
2016-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277918
|
8.8 |
HIGH
Network
|
advantech
|
webaccess
|
Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
CWE-352
Origin Validation Error
|
CVE-2015-3946
|
2024-11-21 11:30 |
2016-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277919
|
5.3 |
MEDIUM
Network
|
advantech
|
webaccess
|
Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2015-3943
|
2024-11-21 11:30 |
2016-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277920
|
- |
|
acunetix
|
web_vulnerability_scanner
|
The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a p…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4027
|
2024-11-21 11:30 |
2015-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
