|
270661
|
6.5 |
MEDIUM
Network
|
redhat
canonical
|
libvirt
ubuntu_linux
|
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unl…
|
CWE-284
Improper Access Control
|
CVE-2015-5247
|
2024-11-21 11:32 |
2016-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270662
|
7.6 |
HIGH
Network
|
apache
debian
|
subversion
debian_linux
|
Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server cra…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-5343
|
2024-11-21 11:32 |
2016-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270663
|
6.1 |
MEDIUM
Network
|
apache
|
wicket
|
Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5347
|
2024-11-21 11:32 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270664
|
6.5 |
MEDIUM
Network
|
apache
|
ranger
|
The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5167
|
2024-11-21 11:32 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270665
|
5.5 |
MEDIUM
Local
|
qemu
|
qemu
|
Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance c…
|
CWE-787
Out-of-bounds Write
|
CVE-2015-5158
|
2024-11-21 11:32 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270666
|
7.8 |
HIGH
Local
|
apache
|
ldap_studio
directory_studio
|
The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a craf…
|
CWE-77
Command Injection
|
CVE-2015-5349
|
2024-11-21 11:32 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270667
|
7.3 |
HIGH
Network
|
redhat
|
openstack
|
The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for rem…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5329
|
2024-11-21 11:32 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270668
|
2.5 |
LOW
Local
|
redhat
|
libvirt
|
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows l…
|
CWE-22
Path Traversal
|
CVE-2015-5313
|
2024-11-21 11:32 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270669
|
7.5 |
HIGH
Network
|
openstack
|
tripleo_heat_templates
|
The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the…
|
CWE-254
7PK - Security Features
|
CVE-2015-5303
|
2024-11-21 11:32 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270670
|
4.2 |
MEDIUM
Network
|
theforeman
redhat
|
foreman
satellite
|
Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary h…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5233
|
2024-11-21 11:32 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
