Search Results (322830 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-20067 1 Wp Attachment Export Project 1 Wp Attachment Export 2024-11-21 7.5 High
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress
CVE-2015-20019 1 Content Text Slider On Post Project 1 Content Text Slider On Post 2024-11-21 5.4 Medium
The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues
CVE-2015-20001 1 Rust-lang 1 Rust 2024-11-21 7.5 High
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory safety violation.
CVE-2015-1975 1 Ibm 1 Tivoli Directory Server 2024-11-21 N/A
The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection. IBM X-Force ID: 103694.
CVE-2015-1957 1 Ibm 1 Websphere Mq 2024-11-21 N/A
IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. IBM X-Force ID: 103482.
CVE-2015-1952 1 Ibm 1 Security Appscan 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in IBM AppScan Enterprise Edition 9.0.x before 9.0.2 iFix 001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 103416.
CVE-2015-1931 3 Ibm, Redhat, Suse 10 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Eus and 7 more 2024-11-21 5.5 Medium
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.
CVE-2015-1877 2 Debian, Freedesktop 2 Debian Linux, Xdg-utils 2024-11-21 8.8 High
The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file.
CVE-2015-1869 1 Redhat 2 Automatic Bug Reporting Tool, Enterprise Linux 2024-11-21 7.8 High
The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.
CVE-2015-1862 1 Abrt Project 1 Abrt 2024-11-21 N/A
The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.
CVE-2015-1857 1 Linuxfoundation 1 Opendaylight 2024-11-21 5.3 Medium
The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions.
CVE-2015-1855 3 Debian, Puppet, Ruby-lang 5 Debian Linux, Puppet Agent, Puppet Enterprise and 2 more 2024-11-21 5.9 Medium
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
CVE-2015-1853 2 Redhat, Tuxfamily 2 Enterprise Linux, Chrony 2024-11-21 6.5 Medium
chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.
CVE-2015-1811 2 Jenkins, Redhat 2 Cloudbees, Openshift 2024-11-21 7.5 High
XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.
CVE-2015-1809 2 Jenkins, Redhat 2 Cloudbees, Openshift 2024-11-21 7.5 High
XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.
CVE-2015-1785 1 Imagely 1 Nextgen Gallery 2024-11-21 6.5 Medium
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.
CVE-2015-1784 1 Imagely 1 Nextgen Gallery 2024-11-21 8.8 High
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.
CVE-2015-1780 1 Redhat 2 Ovirt-engine, Virtualization 2024-11-21 6.5 Medium
oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center
CVE-2015-1777 1 Redhat 3 Enterprise Linux, Gluster Storage, Rhn-client-tools 2024-11-21 N/A
rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack.
CVE-2015-1607 2 Canonical, Gnupg 2 Ubuntu Linux, Gnupg 2024-11-21 5.5 Medium
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."