|
274101
|
- |
|
libunwind_project
|
libunwind
|
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.
|
CWE-189
Numeric Errors
|
CVE-2015-3239
|
2024-11-21 11:28 |
2015-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274102
|
- |
|
openstack
|
neutron
|
OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) …
|
CWE-20
Improper Input Validation
|
CVE-2015-3221
|
2024-11-21 11:28 |
2015-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274103
|
- |
|
picketlink
|
picketlink
|
The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote au…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-3158
|
2024-11-21 11:28 |
2015-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274104
|
6.5 |
MEDIUM
Network
|
linux-pam
oracle
|
linux-pam
sparc-opl_service_processor
|
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial …
|
CWE-200
Information Exposure
|
CVE-2015-3238
|
2024-11-21 11:28 |
2015-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274105
|
- |
|
mobile_devices
|
c4_obd-ii_dongle_firmware
|
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbit…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2015-2908
|
2024-11-21 11:28 |
2015-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274106
|
- |
|
mobile_devices
|
c4_obd-ii_dongle_firmware
|
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to ob…
|
NVD-CWE-Other
|
CVE-2015-2907
|
2024-11-21 11:28 |
2015-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274107
|
- |
|
mobile_devices
|
c4_obd-ii_dongle_firmware
|
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installatio…
|
NVD-CWE-Other
|
CVE-2015-2906
|
2024-11-21 11:28 |
2015-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274108
|
- |
|
actiontec
|
_ncs01_firmware
|
Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN modems with firmware before NCS01-1.0.13 allows remote attackers to hijack the authentication or intranet connectivity of arbitrar…
|
CWE-352
Origin Validation Error
|
CVE-2015-2905
|
2024-11-21 11:28 |
2015-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274109
|
- |
|
actiontec
|
_ncs01_firmware
|
Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interfa…
|
NVD-CWE-Other
|
CVE-2015-2904
|
2024-11-21 11:28 |
2015-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274110
|
- |
|
trendmicro
|
deep_discovery_inspector
|
Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions a…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2015-2873
|
2024-11-21 11:28 |
2015-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
