Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-12-28 CVE-2015-8660 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.
local
low complexity
linux CWE-264
6.7
2015-12-28 CVE-2015-8374 Information Exposure vulnerability in Linux Kernel
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
local
low complexity
linux CWE-200
4.0
2015-12-28 CVE-2015-7990 Race Condition vulnerability in Linux Kernel
Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.
local
high complexity
linux CWE-362
5.8
2015-12-28 CVE-2015-7509 Improper Input Validation vulnerability in Linux Kernel
fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015.
local
low complexity
linux CWE-20
4.4
2015-12-28 CVE-2013-7446 Unspecified vulnerability in Linux Kernel
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.
local
high complexity
linux
5.3
2015-12-27 CVE-2015-7783 Cross-site Scripting vulnerability in Let'S PHP! Pbbs 4.05
Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS before 4.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
let-s-php CWE-79
6.1
2015-12-27 CVE-2015-7665 Information Exposure vulnerability in Tails Project Tails 1.6
Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP to active FTP, which allows remote FTP servers to discover the Tor client IP address by reading a (1) PORT or (2) EPRT command.
network
low complexity
tails-project CWE-200
5.3
2015-12-27 CVE-2015-8262 Unspecified vulnerability in Buffalotech products
Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.
network
high complexity
buffalotech
6.8
2015-12-27 CVE-2015-8254 Insufficient Verification of Data Authenticity vulnerability in RSI Video Technologies Frontel Protocol 2.0
The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2) deactivate an alarm by modifying the client-server data stream.
network
high complexity
rsi-video-technologies CWE-345
5.9
2015-12-27 CVE-2015-8252 Information Exposure vulnerability in RSI Video Technologies Frontel Protocol 2.0
The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number.
network
high complexity
rsi-video-technologies CWE-200
5.9