|
269361
|
5.3 |
MEDIUM
Local
|
apache
|
cordova
|
Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods.
|
CWE-254
CWE-284
7PK - Security Features
Improper Access Control
|
CVE-2015-5207
|
2024-11-21 11:32 |
2016-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269362
|
5.9 |
MEDIUM
Network
|
samba
canonical
|
samba
ubuntu_linux
|
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a…
|
NVD-CWE-noinfo
|
CVE-2015-5370
|
2024-11-21 11:32 |
2016-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269363
|
7.5 |
HIGH
Network
|
redhat
openstack
|
openstack
tripleo_heat_templates
|
The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline w…
|
CWE-200
Information Exposure
|
CVE-2015-5271
|
2024-11-21 11:32 |
2016-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269364
|
8.1 |
HIGH
Network
|
apache
|
camel
|
Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arb…
|
CWE-19
Data Processing Errors
|
CVE-2015-5348
|
2024-11-21 11:32 |
2016-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269365
|
6.5 |
MEDIUM
Network
|
redhat
canonical
|
libvirt
ubuntu_linux
|
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unl…
|
CWE-284
Improper Access Control
|
CVE-2015-5247
|
2024-11-21 11:32 |
2016-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269366
|
7.6 |
HIGH
Network
|
apache
debian
|
subversion
debian_linux
|
Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server cra…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-5343
|
2024-11-21 11:32 |
2016-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269367
|
6.1 |
MEDIUM
Network
|
apache
|
wicket
|
Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5347
|
2024-11-21 11:32 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269368
|
6.5 |
MEDIUM
Network
|
apache
|
ranger
|
The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5167
|
2024-11-21 11:32 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269369
|
5.5 |
MEDIUM
Local
|
qemu
|
qemu
|
Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance c…
|
CWE-787
Out-of-bounds Write
|
CVE-2015-5158
|
2024-11-21 11:32 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269370
|
7.8 |
HIGH
Local
|
apache
|
ldap_studio
directory_studio
|
The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a craf…
|
CWE-77
Command Injection
|
CVE-2015-5349
|
2024-11-21 11:32 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
