Total
2806 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-7899 | 1 Joomla | 1 Joomla\! | 2024-08-06 | N/A |
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
CVE-2015-7881 | 1 Colorbox Project | 1 Colorbox | 2024-08-06 | N/A |
The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a comment. | ||||
CVE-2015-7865 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-08-06 | N/A |
nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a number 2 command, which is stored in the HKEY_LOCAL_MACHINE explorer Run registry key, a different vulnerability than CVE-2011-4784. | ||||
CVE-2015-7577 | 2 Redhat, Rubyonrails | 3 Rhel Software Collections, Rails, Ruby On Rails | 2024-08-06 | N/A |
activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature. | ||||
CVE-2015-7560 | 4 Canonical, Debian, Redhat and 1 more | 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more | 2024-08-06 | 6.5 Medium |
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. | ||||
CVE-2015-7545 | 4 Canonical, Git Project, Opensuse and 1 more | 6 Ubuntu Linux, Git, Opensuse and 3 more | 2024-08-06 | N/A |
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule. | ||||
CVE-2015-7501 | 1 Redhat | 22 Data Grid, Enterprise Linux, Jboss A-mq and 19 more | 2024-08-06 | N/A |
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | ||||
CVE-2015-7494 | 1 Ibm | 2 Cloud Orchestrator, Smartcloud Orchestrator | 2024-08-06 | N/A |
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain. | ||||
CVE-2015-7473 | 1 Ibm | 1 Websphere Mq | 2024-08-06 | N/A |
runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp. | ||||
CVE-2015-7490 | 1 Ibm | 1 Infosphere Information Server | 2024-08-06 | N/A |
IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a modified cookie. | ||||
CVE-2015-7395 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo For Government and 8 more | 2024-08-06 | N/A |
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors. | ||||
CVE-2015-7369 | 1 Revive-adserver | 1 Revive Adserver | 2024-08-06 | N/A |
The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors. | ||||
CVE-2015-7367 | 1 Revive-adserver | 1 Revive Adserver | 2024-08-06 | N/A |
Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked. | ||||
CVE-2015-7315 | 1 Plone | 1 Plone | 2024-08-06 | N/A |
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator. | ||||
CVE-2015-7263 | 1 Proxygen Project | 1 Proxygen | 2024-08-06 | N/A |
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value. | ||||
CVE-2015-7265 | 1 Proxygen Project | 1 Proxygen | 2024-08-06 | N/A |
Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks. | ||||
CVE-2015-7244 | 1 Mobatek | 1 Mobaxterm | 2024-08-06 | N/A |
The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets. | ||||
CVE-2015-7184 | 1 Mozilla | 1 Firefox | 2024-08-06 | N/A |
The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
CVE-2015-7055 | 1 Apple | 2 Iphone Os, Tvos | 2024-08-06 | N/A |
AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | ||||
CVE-2015-6984 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack. |