|
277671
|
5.0 |
MEDIUM
Local
|
huawei
|
oceanstor_uds_firmware
|
The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.
|
CWE-200
Information Exposure
|
CVE-2015-2253
|
2024-11-21 11:27 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277672
|
8.8 |
HIGH
Network
|
huawei
|
oceanstor_uds_firmware
|
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts.
|
CWE-94
Code Injection
|
CVE-2015-2252
|
2024-11-21 11:27 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277673
|
7.5 |
HIGH
Network
|
huawei
|
oceanstor_uds_firmware
|
The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript.
|
CWE-200
Information Exposure
|
CVE-2015-2251
|
2024-11-21 11:27 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277674
|
3.3 |
LOW
Local
|
huawei
|
p7-l10_firmware
|
The MeWidget module on Huawei P7 smartphones with software P7-L10 V100R001C00B136 and earlier versions could lead to the disclosure of contact information.
|
CWE-200
Information Exposure
|
CVE-2015-2246
|
2024-11-21 11:27 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277675
|
3.3 |
LOW
Local
|
cloudera
|
cloudera_manager
|
Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeM…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-2263
|
2024-11-21 11:27 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277676
|
7.5 |
HIGH
Network
|
webkitgtk
|
webkitgtk
|
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-2330
|
2024-11-21 11:27 |
2017-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277677
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subs…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-2686
|
2024-11-21 11:27 |
2016-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277678
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection again…
|
CWE-20
Improper Input Validation
|
CVE-2015-2672
|
2024-11-21 11:27 |
2016-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277679
|
6.5 |
MEDIUM
Network
|
edx
|
open_edx
|
lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover passw…
|
CWE-200
Information Exposure
|
CVE-2015-2286
|
2024-11-21 11:27 |
2016-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277680
|
5.4 |
MEDIUM
Network
|
vmware
|
vrealize_automation
|
Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-2344
|
2024-11-21 11:27 |
2016-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
