Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-5286 | 2 Openstack, Redhat | 2 Image Registry And Delivery Service \(glance\), Openstack | 2024-08-06 | N/A |
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623. | ||||
CVE-2015-5339 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
The core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users to obtain sensitive course-participant information via a web-service request. | ||||
CVE-2015-5265 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
The wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 does not consider the mod/wiki:managefiles capability before authorizing file management, which allows remote authenticated users to delete arbitrary files by using a manage-files button in a text editor. | ||||
CVE-2015-5268 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to obtain sensitive information by reading a rating value. | ||||
CVE-2015-5264 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role. | ||||
CVE-2015-5304 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-08-06 | N/A |
Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors. | ||||
CVE-2015-5266 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script. | ||||
CVE-2015-5253 | 2 Apache, Redhat | 2 Cxf, Jboss Fuse | 2024-08-06 | N/A |
The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack." | ||||
CVE-2015-5251 | 2 Openstack, Redhat | 2 Image Registry And Delivery Service \(glance\), Openstack | 2024-08-06 | N/A |
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*. | ||||
CVE-2015-5252 | 4 Canonical, Debian, Redhat and 1 more | 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more | 2024-08-06 | 7.2 High |
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share. | ||||
CVE-2015-5256 | 1 Apache | 1 Cordova | 2024-08-06 | N/A |
Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI. | ||||
CVE-2015-5228 | 2 Criu, Opensuse | 2 Checkpoint\/restore In Userspace, Opensuse | 2024-08-06 | N/A |
The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path. | ||||
CVE-2015-5198 | 2 Canonical, Libvdpau Project | 2 Ubuntu Linux, Libvdpau | 2024-08-06 | N/A |
libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable. | ||||
CVE-2015-5244 | 1 Mod Nss Project | 1 Mod Nss | 2024-08-06 | N/A |
The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions. | ||||
CVE-2015-5217 | 1 Ipsilon Project | 1 Ipsilon | 2024-08-06 | N/A |
providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name. | ||||
CVE-2015-5233 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-08-06 | N/A |
Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs. | ||||
CVE-2015-5167 | 1 Apache | 1 Ranger | 2024-08-06 | N/A |
The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API. | ||||
CVE-2015-5222 | 1 Redhat | 1 Openshift | 2024-08-06 | N/A |
Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors. | ||||
CVE-2015-5166 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2024-08-06 | N/A |
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice. | ||||
CVE-2015-5157 | 2 Linux, Redhat | 9 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 6 more | 2024-08-06 | N/A |
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI. |