|
273481
|
7.5 |
HIGH
Network
|
apache
|
struts
|
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.
|
CWE-20
Improper Input Validation
|
CVE-2015-5209
|
2024-11-21 11:32 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273482
|
5.9 |
MEDIUM
Network
|
redhat
|
enterprise_virtualization_manager
|
Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a …
|
CWE-284
Improper Access Control
|
CVE-2015-5293
|
2024-11-21 11:32 |
2017-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273483
|
5.3 |
MEDIUM
Network
|
fedoraproject
debian
ntp
|
fedora
debian_linux
ntp
|
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote config…
|
CWE-20
Improper Input Validation
|
CVE-2015-5146
|
2024-11-21 11:32 |
2017-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273484
|
9.8 |
CRITICAL
Network
|
kernel
|
util-linux
|
The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.
|
NVD-CWE-noinfo
|
CVE-2015-5224
|
2024-11-21 11:32 |
2017-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273485
|
8.8 |
HIGH
Network
|
fedoraproject
vmware
|
fedora
spring_social
|
Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.
|
CWE-352
Origin Validation Error
|
CVE-2015-5258
|
2024-11-21 11:32 |
2017-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273486
|
8.8 |
HIGH
Network
|
pulp_project
|
pulp
|
Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name.
|
CWE-275
Permission Issues
|
CVE-2015-5153
|
2024-11-21 11:32 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273487
|
8.8 |
HIGH
Network
|
django-cms
|
django_cms
|
Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified …
|
CWE-352
Origin Validation Error
|
CVE-2015-5081
|
2024-11-21 11:32 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273488
|
6.1 |
MEDIUM
Network
|
broken_link_checker_project
|
broken_link_checker
|
Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed.
|
CWE-79
Cross-site Scripting
|
CVE-2015-5057
|
2024-11-21 11:32 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273489
|
9.8 |
CRITICAL
Network
|
mod_nss_project
|
mod_nss
|
The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5244
|
2024-11-21 11:32 |
2017-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273490
|
5.5 |
MEDIUM
Local
|
fedoraproject
opensuse_project
opensuse
jasper_project
|
fedora
leap
opensuse
jasper
|
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
|
CWE-415
Double Free
|
CVE-2015-5203
|
2024-11-21 11:32 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
