Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5515 | 1 Views Bulk Operations Project | 1 Views Bulk Operations | 2024-08-06 | N/A |
| The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging access to a user account listing view with VBO enabled. | ||||
| CVE-2015-5509 | 1 Administration Views Project | 1 Administration Views | 2024-08-06 | N/A |
| The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, when used with other unspecified modules, does not properly grant access to administration pages, which allows remote administrators to bypass intended restrictions via unspecified vectors. | ||||
| CVE-2015-5498 | 1 Shipwire Api Project | 1 Shipwire Api | 2024-08-06 | N/A |
| The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive information via a request to the page. | ||||
| CVE-2015-5496 | 1 Pass2pdf Project | 1 Pass2pdf | 2024-08-06 | N/A |
| The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors. | ||||
| CVE-2015-5493 | 1 Entityform Block Project | 1 Entityform Block | 2024-08-06 | N/A |
| The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityforms via unspecified vectors. | ||||
| CVE-2015-5413 | 1 Hp | 1 Version Control Repository Manager | 2024-08-06 | N/A |
| HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-5400 | 3 Debian, Fedoraproject, Squid-cache | 3 Debian Linux, Fedora, Squid | 2024-08-06 | N/A |
| Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. | ||||
| CVE-2015-5434 | 1 Hp | 87 Jc072b Hp 12500 Main Processing Unit, Jc085a Hp A12518 Switch Chassis, Jc086a Hp A12508 Switch Chassis and 84 more | 2024-08-06 | N/A |
| HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping." | ||||
| CVE-2015-5402 | 1 Hp | 2 Matrix Operating Environment, Systems Insight Manager | 2024-08-06 | N/A |
| HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows local users to gain privileges, and consequently obtain sensitive information, modify data, or cause a denial of service, via unspecified vectors. | ||||
| CVE-2015-5323 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
| Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user. | ||||
| CVE-2015-5324 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
| Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api. | ||||
| CVE-2015-5367 | 1 Hp | 39 Elite X2 1010 G2, Elitebook 1040 G1, Elitebook 1040 G2 and 36 more | 2024-08-06 | N/A |
| The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2015-5352 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2024-08-06 | N/A |
| The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. | ||||
| CVE-2015-5342 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
| The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state. | ||||
| CVE-2015-5301 | 1 Ipsilon Project | 1 Ipsilon | 2024-08-06 | N/A |
| providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider (SP). | ||||
| CVE-2015-5272 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
| The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants." | ||||
| CVE-2015-5329 | 1 Redhat | 2 Openstack, Openstack-director | 2024-08-06 | N/A |
| The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials. | ||||
| CVE-2015-5340 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
| Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) badges/overview.php or (2) badges/view.php. | ||||
| CVE-2015-5281 | 1 Redhat | 1 Enterprise Linux | 2024-08-06 | N/A |
| The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu. | ||||
| CVE-2015-5341 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
| mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors. | ||||