Total
2806 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-5623 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-06 | N/A |
WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php. | ||||
CVE-2015-5512 | 1 Me Aliases Project | 1 Me Aliases | 2024-08-06 | N/A |
The me aliases module 6.x-2.x before 6.x-2.10 and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to access Views using the "me" user argument handler by substituting "me" for a user id in a URL. | ||||
CVE-2015-5502 | 1 Storage Api Project | 1 Storage Api | 2024-08-06 | N/A |
The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspecified impact via unknown vectors. | ||||
CVE-2015-5464 | 1 Gemalto | 3 Safenet Luna G5, Safenet Luna Pci-e, Safenet Luna Sa | 2024-08-06 | N/A |
The Gemalto SafeNet Luna HSM allows remote authenticated users to bypass intended key-export restrictions by leveraging (1) crypto-user or (2) crypto-officer access to an HSM partition. | ||||
CVE-2015-5325 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665. | ||||
CVE-2015-5293 | 1 Redhat | 1 Enterprise Virtualization Manager | 2024-08-06 | N/A |
Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable. | ||||
CVE-2015-5247 | 2 Canonical, Redhat | 2 Ubuntu Linux, Libvirt | 2024-08-06 | N/A |
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool. | ||||
CVE-2015-5207 | 1 Apache | 1 Cordova | 2024-08-06 | N/A |
Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods. | ||||
CVE-2015-5233 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-08-06 | N/A |
Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs. | ||||
CVE-2015-5176 | 1 Redhat | 2 Jboss Enterprise Portal Platform, Jboss Portal | 2024-08-06 | N/A |
The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource. | ||||
CVE-2015-5116 | 5 Adobe, Apple, Linux and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2024-08-06 | N/A |
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, and CVE-2015-3125. | ||||
CVE-2015-5017 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2024-08-06 | N/A |
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password. | ||||
CVE-2015-5053 | 1 Nvidia | 1 Gpu Driver | 2024-08-06 | N/A |
The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 before 352.41 for Linux and R352 before 352.46 for GRID vGPU and vSGA does not properly restrict access to third-party device IO memory, which allows attackers to gain privileges, cause a denial of service (resource consumption), or possibly have unspecified other impact via unknown vectors related to the follow_pfn kernel-mode API call. | ||||
CVE-2015-4649 | 1 Arubanetworks | 1 Clearpass | 2024-08-06 | N/A |
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654. | ||||
CVE-2015-4624 | 1 Hak5 | 2 Wi-fi Pineapple, Wi-fi Pineapple Firmware | 2024-08-06 | N/A |
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. | ||||
CVE-2015-4594 | 1 Eclinicalworks | 1 Population Health | 2024-08-06 | N/A |
eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID. | ||||
CVE-2015-4520 | 2 Mozilla, Redhat | 3 Firefox, Firefox Esr, Enterprise Linux | 2024-08-06 | N/A |
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header. | ||||
CVE-2015-4526 | 1 Emc | 1 Recoverpoint For Virtual Machines | 2024-08-06 | N/A |
EMC RecoverPoint for Virtual Machines (VMs) 4.2 allows local users to obtain root-shell access by bypassing the Installation Manager Boxmgmt CLI interface. | ||||
CVE-2015-4502 | 1 Mozilla | 1 Firefox | 2024-08-06 | N/A |
js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which allows remote attackers to bypass intended window access restrictions via a crafted web site. | ||||
CVE-2015-4418 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-08-06 | N/A |
Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. |