|
271151
|
9.8 |
CRITICAL
Network
|
accellion
|
file_transfer_appliance
|
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.
|
CWE-77
Command Injection
|
CVE-2015-2857
|
2024-11-21 11:28 |
2017-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271152
|
5.5 |
MEDIUM
Local
|
openstack
|
trove
|
The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_c…
|
CWE-59
Link Following
|
CVE-2015-3156
|
2024-11-21 11:28 |
2017-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271153
|
5.5 |
MEDIUM
Local
|
rsyslog
|
rsyslog
|
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2015-3243
|
2024-11-21 11:28 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271154
|
5.5 |
MEDIUM
Local
|
sos_project
|
sos
|
sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.
|
CWE-200
Information Exposure
|
CVE-2015-3171
|
2024-11-21 11:28 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271155
|
5.5 |
MEDIUM
Local
|
redhat
|
enterprise_linux_desktop
enterprise_linux_server_eus
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node
enterprise_linux_server_aus
enterprise_linux_hpc_…
|
The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.
|
CWE-59
Link Following
|
CVE-2015-3149
|
2024-11-21 11:28 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271156
|
9.8 |
CRITICAL
Network
|
web-dorado
|
contact_form_maker
|
SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2015-2798
|
2024-11-21 11:28 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271157
|
7.5 |
HIGH
Network
|
redhat
|
jboss_wildfly_application_server
|
The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL.
|
CWE-200
Information Exposure
|
CVE-2015-3198
|
2024-11-21 11:28 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271158
|
5.5 |
MEDIUM
Local
|
selinux_project
|
selinux
|
selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .con…
|
CWE-254
7PK - Security Features
|
CVE-2015-3170
|
2024-11-21 11:28 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271159
|
7.5 |
HIGH
Network
|
redhat
|
virtio-win
|
The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for th…
|
CWE-20
Improper Input Validation
|
CVE-2015-3215
|
2024-11-21 11:28 |
2017-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271160
|
4.7 |
MEDIUM
Local
|
redhat
|
automatic_bug_reporting_tool
|
The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensi…
|
CWE-200
Information Exposure
|
CVE-2015-3142
|
2024-11-21 11:28 |
2017-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
