|
270591
|
7.5 |
HIGH
Network
|
openslp
debian
|
openslp
debian_linux
|
Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.
|
CWE-415
Double Free
|
CVE-2015-5177
|
2024-11-21 11:32 |
2017-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270592
|
9.8 |
CRITICAL
Network
|
gsi-office
|
winpat_portal
|
SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field.
|
CWE-89
SQL Injection
|
CVE-2015-5376
|
2024-11-21 11:32 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270593
|
8.8 |
HIGH
Network
|
inboundnow
|
wordpress_landing_pages
|
The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter.
|
CWE-74
Injection
|
CVE-2015-5227
|
2024-11-21 11:32 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270594
|
7.2 |
HIGH
Network
|
pulpproject
|
qpid
|
The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2015-5164
|
2024-11-21 11:32 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270595
|
8.1 |
HIGH
Network
|
theforeman
|
foreman
|
The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.
|
CWE-254
7PK - Security Features
|
CVE-2015-5246
|
2024-11-21 11:32 |
2017-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270596
|
3.1 |
LOW
Network
|
wesnoth
fedoraproject
|
battle_for_wesnoth
fedora
|
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insens…
|
CWE-200
Information Exposure
|
CVE-2015-5070
|
2024-11-21 11:32 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270597
|
4.3 |
MEDIUM
Network
|
wesnoth
fedoraproject
|
battle_for_wesnoth
fedora
|
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attack…
|
CWE-200
Information Exposure
|
CVE-2015-5069
|
2024-11-21 11:32 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270598
|
6.5 |
MEDIUM
Network
|
linux
|
linux_kernel
|
Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.
|
CWE-125
Out-of-bounds Read
|
CVE-2015-5327
|
2024-11-21 11:32 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270599
|
8.1 |
HIGH
Network
|
pulpproject
|
pulp
|
pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-5263
|
2024-11-21 11:32 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270600
|
7.5 |
HIGH
Network
|
redhat
|
jboss_enterprise_web_server
amq
|
Console: CORS headers set to allow all in Red Hat AMQ.
|
NVD-CWE-noinfo
|
CVE-2015-5184
|
2024-11-21 11:32 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
