CVE-2015-0266
The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs.
Source: CVE-2015-0266
[월:] 2016년 04월
CVE-2015-0265
CVE-2015-0265
Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header.
Source: CVE-2015-0265
CVE-2016-3678
CVE-2016-3678
Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic.
Source: CVE-2016-3678
CVE-2016-3676
CVE-2016-3676
Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to a fake network.
Source: CVE-2016-3676
CVE-2016-3675
CVE-2016-3675
SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases.
Source: CVE-2016-3675
CVE-2016-3659
CVE-2016-3659
SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.
Source: CVE-2016-3659
CVE-2016-3065
CVE-2016-3065
The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page.
Source: CVE-2016-3065
CVE-2016-2385
CVE-2016-2385
Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet.
Source: CVE-2016-2385
CVE-2016-2193
CVE-2016-2193
PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role.
Source: CVE-2016-2193
CVE-2016-1235
CVE-2016-1235
The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.
Source: CVE-2016-1235