|
270341
|
7.5 |
HIGH
Network
|
qdpm
|
qdpm
|
Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qd…
|
CWE-200
Information Exposure
|
CVE-2015-3881
|
2024-11-21 11:30 |
2017-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270342
|
6.1 |
MEDIUM
Network
|
qdpm
|
qdpm
|
Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) search[keywords] parameter to index.php/users page; the (2) "…
|
CWE-79
Cross-site Scripting
|
CVE-2015-3883
|
2024-11-21 11:30 |
2017-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270343
|
7.5 |
HIGH
Network
|
dell
|
vce_vision_intelligent_operations
|
The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover th…
|
CWE-200
Information Exposure
|
CVE-2015-4057
|
2024-11-21 11:30 |
2017-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270344
|
6.7 |
MEDIUM
Local
|
dell
|
vce_vision_intelligent_operations
|
The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrati…
|
CWE-310
Cryptographic Issues
|
CVE-2015-4056
|
2024-11-21 11:30 |
2017-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270345
|
6.8 |
MEDIUM
Network
|
unisys
|
mcp-firmware
|
Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 might allow remote authenticated users to cause a denial of service (data corruption or syst…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-4049
|
2024-11-21 11:30 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270346
|
9.8 |
CRITICAL
Network
|
opensuse
php
|
leap
php
|
Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a f…
|
NVD-CWE-Other
|
CVE-2015-4116
|
2024-11-21 11:30 |
2016-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270347
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system cra…
|
NVD-CWE-Other
|
CVE-2015-4178
|
2024-11-21 11:30 |
2016-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270348
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a deni…
|
NVD-CWE-Other
|
CVE-2015-4177
|
2024-11-21 11:30 |
2016-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270349
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of…
|
CWE-200
Information Exposure
|
CVE-2015-4176
|
2024-11-21 11:30 |
2016-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270350
|
4.7 |
MEDIUM
Local
|
linux
redhat
|
linux_kernel
enterprise_linux_for_ibm_z_systems_eus
enterprise_linux_for_power_big_endian_eus
enterprise_linux_server_eus
enterprise_linux_for_power_little_endian_eus
enterprise_linux_…
|
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_do…
|
CWE-362
Race Condition
|
CVE-2015-4170
|
2024-11-21 11:30 |
2016-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
