|
271231
|
- |
|
documentcloud
|
navis_documentcloud
|
Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase pa…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2807
|
2024-11-21 11:28 |
2015-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271232
|
- |
|
linux
qemu
arista
debian
lenovo
redhat
|
linux_kernel
qemu
eos
debian_linux
emc_px12-450r_ivx
emc_px12-400r_ivx
enterprise_linux_workstation
enterprise_linux_for_scientific_computing
openstack
enterprise_linux_ser…
|
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitra…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-3214
|
2024-11-21 11:28 |
2015-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271233
|
- |
|
linux
|
linux_kernel
|
Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets,…
|
CWE-362
Race Condition
|
CVE-2015-3212
|
2024-11-21 11:28 |
2015-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271234
|
- |
|
type74
|
ed
|
Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smal…
|
CWE-17
Code
|
CVE-2015-2987
|
2024-11-21 11:28 |
2015-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271235
|
- |
|
libunwind_project
|
libunwind
|
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.
|
CWE-189
Numeric Errors
|
CVE-2015-3239
|
2024-11-21 11:28 |
2015-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271236
|
- |
|
openstack
|
neutron
|
OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) …
|
CWE-20
Improper Input Validation
|
CVE-2015-3221
|
2024-11-21 11:28 |
2015-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271237
|
- |
|
picketlink
|
picketlink
|
The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote au…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-3158
|
2024-11-21 11:28 |
2015-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271238
|
6.5 |
MEDIUM
Network
|
linux-pam
oracle
|
linux-pam
sparc-opl_service_processor
|
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial …
|
CWE-200
Information Exposure
|
CVE-2015-3238
|
2024-11-21 11:28 |
2015-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271239
|
- |
|
mobile_devices
|
c4_obd-ii_dongle_firmware
|
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbit…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2015-2908
|
2024-11-21 11:28 |
2015-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271240
|
- |
|
mobile_devices
|
c4_obd-ii_dongle_firmware
|
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to ob…
|
NVD-CWE-Other
|
CVE-2015-2907
|
2024-11-21 11:28 |
2015-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
