Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-0266 | 1 Apache | 1 Ranger | 2024-08-06 | N/A |
The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs. | ||||
CVE-2015-0257 | 1 Redhat | 2 Enterprise Virtualization Manager, Rhev Manager | 2024-08-06 | N/A |
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory. | ||||
CVE-2015-0214 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request. | ||||
CVE-2015-0175 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors. | ||||
CVE-2015-0237 | 1 Redhat | 2 Enterprise Virtualization Manager, Rhev Manager | 2024-08-06 | N/A |
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain. | ||||
CVE-2015-0149 | 1 Ibm | 1 Api Management | 2024-08-06 | N/A |
The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls. | ||||
CVE-2015-0227 | 2 Apache, Redhat | 6 Wss4j, Jboss Amq, Jboss Data Grid and 3 more | 2024-08-06 | N/A |
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks." | ||||
CVE-2015-0160 | 1 Ibm | 1 Security Siteprotector System | 2024-08-06 | N/A |
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors. | ||||
CVE-2015-0197 | 1 Ibm | 1 General Parallel File System | 2024-08-06 | N/A |
IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to obtain root privileges for program execution via unspecified vectors. | ||||
CVE-2015-0162 | 1 Ibm | 1 Security Siteprotector System | 2024-08-06 | N/A |
IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges. | ||||
CVE-2015-0146 | 1 Ibm | 1 Content Collector | 2024-08-06 | N/A |
IBM Content Collector for Email 3.0 before 3.0.0.6-IBM-ICC-Server-IF001 and 4.0 before 4.0.0.3-IBM-ICC-Server-IF001 does not properly handle an unspecified query operator during searches of IBM FileNet P8 systems with IBM Content Search Services, which allows local users to bypass intended document-access restrictions and obtain sensitive information via a crafted search query. | ||||
CVE-2015-0179 | 1 Ibm | 1 Domino | 2024-08-06 | N/A |
Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V. | ||||
CVE-2015-0142 | 1 Ibm | 1 Openpages Grc Platform | 2024-08-06 | N/A |
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function. | ||||
CVE-2015-0098 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-08-06 | N/A |
Task Scheduler in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges by triggering application execution by an invalid task, aka "Task Scheduler Elevation of Privilege Vulnerability." | ||||
CVE-2015-0075 | 1 Microsoft | 4 Windows 2003 Server, Windows 7, Windows Server 2008 and 1 more | 2024-08-06 | N/A |
The kernel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Impersonation Level Check Elevation of Privilege Vulnerability." | ||||
CVE-2015-0055 | 1 Microsoft | 1 Internet Explorer | 2024-08-06 | N/A |
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | ||||
CVE-2015-0062 | 1 Microsoft | 7 Windows 7, Windows 8, Windows 8.1 and 4 more | 2024-08-06 | N/A |
Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges via a crafted application that leverages incorrect impersonation handling in a process that uses the SeAssignPrimaryTokenPrivilege privilege, aka "Windows Create Process Elevation of Privilege Vulnerability." | ||||
CVE-2015-0073 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2024-08-06 | N/A |
The Windows Registry Virtualization feature in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict changes to virtual stores, which allows local users to gain privileges via a crafted application, aka "Registry Virtualization Elevation of Privilege Vulnerability." | ||||
CVE-2015-0078 | 1 Microsoft | 5 Windows 8, Windows 8.1, Windows Rt and 2 more | 2024-08-06 | N/A |
win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate the token of a calling thread, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | ||||
CVE-2015-0069 | 1 Microsoft | 1 Internet Explorer | 2024-08-06 | N/A |
Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." |