|
272441
|
5.4 |
MEDIUM
Network
|
10web
|
photo_gallery
|
Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1394
|
2024-11-21 11:25 |
2020-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272442
|
7.8 |
HIGH
Local
|
google
|
android
|
media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted appl…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2015-1530
|
2024-11-21 11:25 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272443
|
5.5 |
MEDIUM
Local
|
google
|
android
|
audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address.
|
CWE-20
Improper Input Validation
|
CVE-2015-1525
|
2024-11-21 11:25 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272444
|
7.5 |
HIGH
Network
|
gnu
debian
|
patch
debian_linux
|
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an in…
|
CWE-22
Path Traversal
|
CVE-2015-1396
|
2024-11-21 11:25 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272445
|
5.5 |
MEDIUM
Local
|
gnupg
canonical
|
gnupg
ubuntu_linux
|
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (inval…
|
CWE-20
Improper Input Validation
|
CVE-2015-1607
|
2024-11-21 11:25 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272446
|
5.5 |
MEDIUM
Local
|
gnupg
debian
|
gnupg
debian_linux
|
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
|
CWE-416
Use After Free
|
CVE-2015-1606
|
2024-11-21 11:25 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272447
|
5.3 |
MEDIUM
Network
|
canonical
|
ubuntu_linux
|
All versions of unity-scope-gdrive logs search terms to syslog.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2015-1343
|
2024-11-21 11:25 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272448
|
7.8 |
HIGH
Local
|
canonical
|
ubuntu_linux
apport
|
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1341
|
2024-11-21 11:25 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272449
|
8.1 |
HIGH
Network
|
linuxcontainers
|
lxd
|
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause a…
|
CWE-362
Race Condition
|
CVE-2015-1340
|
2024-11-21 11:25 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272450
|
7.8 |
HIGH
Local
|
canonical
|
ubuntu_linux
|
Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transf…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1327
|
2024-11-21 11:25 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
