|
282561
|
10.0 |
CRITICAL
Network
|
adblock
|
adblock
|
AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters.
|
CWE-284
Improper Access Control
|
CVE-2015-2692
|
2024-11-21 11:27 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282562
|
5.9 |
MEDIUM
Network
|
huawei
|
ar1220_firmware
|
Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE …
|
CWE-19
Data Processing Errors
|
CVE-2015-2255
|
2024-11-21 11:27 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282563
|
5.0 |
MEDIUM
Local
|
huawei
|
oceanstor_uds_firmware
|
The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.
|
CWE-200
Information Exposure
|
CVE-2015-2253
|
2024-11-21 11:27 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282564
|
8.8 |
HIGH
Network
|
huawei
|
oceanstor_uds_firmware
|
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts.
|
CWE-94
Code Injection
|
CVE-2015-2252
|
2024-11-21 11:27 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282565
|
7.5 |
HIGH
Network
|
huawei
|
oceanstor_uds_firmware
|
The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript.
|
CWE-200
Information Exposure
|
CVE-2015-2251
|
2024-11-21 11:27 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282566
|
3.3 |
LOW
Local
|
huawei
|
p7-l10_firmware
|
The MeWidget module on Huawei P7 smartphones with software P7-L10 V100R001C00B136 and earlier versions could lead to the disclosure of contact information.
|
CWE-200
Information Exposure
|
CVE-2015-2246
|
2024-11-21 11:27 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282567
|
3.3 |
LOW
Local
|
cloudera
|
cloudera_manager
|
Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeM…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-2263
|
2024-11-21 11:27 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282568
|
7.5 |
HIGH
Network
|
webkitgtk
|
webkitgtk
|
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies.
|
CWE-295
Improper Certificate Validation
|
CVE-2015-2330
|
2024-11-21 11:27 |
2017-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282569
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subs…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-2686
|
2024-11-21 11:27 |
2016-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282570
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection again…
|
CWE-20
Improper Input Validation
|
CVE-2015-2672
|
2024-11-21 11:27 |
2016-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
