|
275781
|
9.8 |
CRITICAL
Network
|
postgresql
debian
canonical
|
postgresql
debian_linux
ubuntu_linux
|
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-3166
|
2024-11-21 11:28 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275782
|
6.1 |
MEDIUM
Network
|
projectpier
|
projectpier
|
Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.ph…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2796
|
2024-11-21 11:28 |
2018-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275783
|
5.9 |
MEDIUM
Network
|
yodobashi
|
yodobashi
|
The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a…
|
CWE-295
Improper Certificate Validation
|
CVE-2015-2981
|
2024-11-21 11:28 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275784
|
9.8 |
CRITICAL
Network
|
apache
|
traffic_server
|
The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-3249
|
2024-11-21 11:28 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275785
|
8.8 |
HIGH
Network
|
watchguard
|
hawkeye_g
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary acco…
|
CWE-352
Origin Validation Error
|
CVE-2015-2878
|
2024-11-21 11:28 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275786
|
5.9 |
MEDIUM
Network
|
fedoraproject
|
spin-kickstarts
|
fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to conduct man-in-the-middle attacks by leveraging use of HTTP to download Fedora Atomic updates.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-3229
|
2024-11-21 11:28 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275787
|
9.8 |
CRITICAL
Network
|
berta
|
berta_cms
|
Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct re…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2015-2780
|
2024-11-21 11:28 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275788
|
7.4 |
HIGH
Network
|
rakutencard
|
rakuten_card
|
Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-2988
|
2024-11-21 11:28 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275789
|
7.5 |
HIGH
Network
|
accellion
|
file_transfer_appliance
|
Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (d…
|
CWE-22
Path Traversal
|
CVE-2015-2856
|
2024-11-21 11:28 |
2017-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275790
|
7.5 |
HIGH
Network
|
tcpdump
opensuse_project
opensuse
|
tcpdump
leap
|
print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).
|
CWE-20
Improper Input Validation
|
CVE-2015-3138
|
2024-11-21 11:28 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
