|
273201
|
7.5 |
HIGH
Network
|
samsung
|
galaxy_s4_firmware
|
The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information.
|
CWE-200
Information Exposure
|
CVE-2015-1800
|
2024-11-21 11:26 |
2017-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273202
|
6.8 |
MEDIUM
Physics
|
thalesesecurity
|
nshield_connect_firmware
|
Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract t…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1878
|
2024-11-21 11:26 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273203
|
9.8 |
CRITICAL
Network
|
musl-libc
|
musl
|
Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-1817
|
2024-11-21 11:26 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273204
|
7.5 |
HIGH
Network
|
fedoraproject
entrouvert
|
fedora
lasso
|
The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-1783
|
2024-11-21 11:26 |
2017-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273205
|
9.8 |
CRITICAL
Network
|
rest-client_project
|
rest-client
|
REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a respon…
|
CWE-384
Session Fixation
|
CVE-2015-1820
|
2024-11-21 11:26 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273206
|
7.5 |
HIGH
Network
|
appserver
|
appserver
|
Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. (dot dot) in a crafted URL.
|
CWE-22
Path Traversal
|
CVE-2015-1847
|
2024-11-21 11:26 |
2017-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273207
|
7.8 |
HIGH
Local
|
redhat
|
gluster_storage
|
Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1795
|
2024-11-21 11:26 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273208
|
9.8 |
CRITICAL
Network
|
opendaylight
|
opendaylight
|
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.
|
CWE-287
Improper Authentication
|
CVE-2015-1778
|
2024-11-21 11:26 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273209
|
5.5 |
MEDIUM
Local
|
redhat
|
automatic_bug_reporting_tool
|
The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information fr…
|
CWE-200
Information Exposure
|
CVE-2015-1870
|
2024-11-21 11:26 |
2017-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273210
|
8.8 |
HIGH
Network
|
zend
|
zend_framework
|
Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.
|
CWE-352
Origin Validation Error
|
CVE-2015-1786
|
2024-11-21 11:26 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
