|
270981
|
6.5 |
MEDIUM
Network
|
apache
|
ranger
|
The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5167
|
2024-11-21 11:32 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270982
|
5.5 |
MEDIUM
Local
|
qemu
|
qemu
|
Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance c…
|
CWE-787
Out-of-bounds Write
|
CVE-2015-5158
|
2024-11-21 11:32 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270983
|
7.8 |
HIGH
Local
|
apache
|
ldap_studio
directory_studio
|
The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a craf…
|
CWE-77
Command Injection
|
CVE-2015-5349
|
2024-11-21 11:32 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270984
|
7.3 |
HIGH
Network
|
redhat
|
openstack
|
The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for rem…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5329
|
2024-11-21 11:32 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270985
|
2.5 |
LOW
Local
|
redhat
|
libvirt
|
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows l…
|
CWE-22
Path Traversal
|
CVE-2015-5313
|
2024-11-21 11:32 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270986
|
7.5 |
HIGH
Network
|
openstack
|
tripleo_heat_templates
|
The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the…
|
CWE-254
7PK - Security Features
|
CVE-2015-5303
|
2024-11-21 11:32 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270987
|
4.2 |
MEDIUM
Network
|
theforeman
redhat
|
foreman
satellite
|
Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary h…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5233
|
2024-11-21 11:32 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270988
|
7.5 |
HIGH
Network
|
redhat
|
enterprise_linux_desktop
enterprise_linux_server_aus
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node
enterprise_linux_server_eus
enterprise_linux
e…
|
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of s…
|
CWE-17
Code
|
CVE-2015-5229
|
2024-11-21 11:32 |
2016-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270989
|
8.8 |
HIGH
Network
|
apache
debian
canonical
|
tomcat
debian_linux
ubuntu_linux
|
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, wh…
|
CWE-352
Origin Validation Error
|
CVE-2015-5351
|
2024-11-21 11:32 |
2016-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270990
|
8.1 |
HIGH
Network
|
apache
canonical
debian
|
tomcat
ubuntu_linux
debian_linux
|
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the sam…
|
NVD-CWE-Other
|
CVE-2015-5346
|
2024-11-21 11:32 |
2016-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
