|
271421
|
8.8 |
HIGH
Network
|
huawei
|
oceanstor_uds_firmware
|
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts.
|
CWE-94
Code Injection
|
CVE-2015-2252
|
2024-11-21 11:27 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271422
|
7.5 |
HIGH
Network
|
huawei
|
oceanstor_uds_firmware
|
The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript.
|
CWE-200
Information Exposure
|
CVE-2015-2251
|
2024-11-21 11:27 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271423
|
3.3 |
LOW
Local
|
huawei
|
p7-l10_firmware
|
The MeWidget module on Huawei P7 smartphones with software P7-L10 V100R001C00B136 and earlier versions could lead to the disclosure of contact information.
|
CWE-200
Information Exposure
|
CVE-2015-2246
|
2024-11-21 11:27 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271424
|
3.3 |
LOW
Local
|
cloudera
|
cloudera_manager
|
Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeM…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-2263
|
2024-11-21 11:27 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271425
|
7.5 |
HIGH
Network
|
webkitgtk
|
webkitgtk
|
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-2330
|
2024-11-21 11:27 |
2017-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271426
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subs…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-2686
|
2024-11-21 11:27 |
2016-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271427
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection again…
|
CWE-20
Improper Input Validation
|
CVE-2015-2672
|
2024-11-21 11:27 |
2016-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271428
|
6.5 |
MEDIUM
Network
|
edx
|
open_edx
|
lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover passw…
|
CWE-200
Information Exposure
|
CVE-2015-2286
|
2024-11-21 11:27 |
2016-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271429
|
5.4 |
MEDIUM
Network
|
vmware
|
vrealize_automation
|
Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-2344
|
2024-11-21 11:27 |
2016-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271430
|
- |
|
oracle
pcre
|
linux
pcre
|
PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have…
|
CWE-19
Data Processing Errors
|
CVE-2015-2328
|
2024-11-21 11:27 |
2015-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
