Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-4544 | 1 Emc | 1 Documentum Content Server | 2024-08-06 | N/A |
EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626. | ||||
CVE-2015-4531 | 1 Emc | 1 Documentum Content Server | 2024-08-06 | N/A |
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4622. | ||||
CVE-2015-4535 | 1 Emc | 1 Documentum Content Server | 2024-08-06 | N/A |
Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket. | ||||
CVE-2015-4532 | 1 Emc | 1 Documentum Content Server | 2024-08-06 | N/A |
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2514. | ||||
CVE-2015-4523 | 1 Symantec | 2 Malware Analysis Appliance, Malware Analyzer G2 | 2024-08-06 | N/A |
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis. | ||||
CVE-2015-4505 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2024-08-06 | N/A |
updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service. | ||||
CVE-2015-4483 | 3 Mozilla, Opensuse, Oracle | 3 Firefox, Opensuse, Solaris | 2024-08-06 | N/A |
Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request. | ||||
CVE-2015-4394 | 1 Services Project | 1 Services | 2024-08-06 | N/A |
The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote attackers to bypass the field_access restriction and obtain sensitive private field information via unspecified vectors. | ||||
CVE-2015-4389 | 1 Open Graph Importer Project | 1 Open Graph Importer | 2024-08-06 | N/A |
The Open Graph Importer (og_tag_importer) 7.x-1.x for Drupal does not properly check the create permission for content types created during import, which allows remote authenticated users to bypass intended restrictions by leveraging the "import og_tag_importer" permission. | ||||
CVE-2015-4331 | 1 Cisco | 1 Prime Infrastructure | 2024-08-06 | N/A |
Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authentication is used, allows remote authenticated users to bypass intended access restrictions via a username with a modified composition of lowercase and uppercase characters, aka Bug ID CSum59958. | ||||
CVE-2015-4344 | 1 Services Basic Authentication Project | 1 Services Basic Authentication | 2024-08-06 | N/A |
The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for Drupal allows remote attackers to bypass intended resource restrictions via vectors related to page caching. | ||||
CVE-2015-4325 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2024-08-06 | N/A |
The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID CSCuv12272. | ||||
CVE-2015-4351 | 1 Web-dorado | 1 Web-dorado Spider Video Player | 2024-08-06 | N/A |
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL. | ||||
CVE-2015-4322 | 1 Cisco | 1 Content Security Management Appliance | 2024-08-06 | N/A |
Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894. | ||||
CVE-2015-4287 | 1 Cisco | 1 Firepower Extensible Operating System | 2024-08-06 | N/A |
Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230. | ||||
CVE-2015-4304 | 1 Cisco | 1 Prime Collaboration Assurance | 2024-08-06 | N/A |
The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and CSCus62652. | ||||
CVE-2015-4306 | 1 Cisco | 1 Prime Collaboration Assurance | 2024-08-06 | N/A |
The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334. | ||||
CVE-2015-4307 | 1 Cisco | 1 Prime Collaboration Provisioning | 2024-08-06 | N/A |
The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111. | ||||
CVE-2015-4303 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2024-08-06 | N/A |
Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333. | ||||
CVE-2015-4237 | 1 Cisco | 38 Mds 9100, Mds 9140, Mds 9500 and 35 more | 2024-08-06 | N/A |
The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436. |