Total
2806 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-3675 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL. | ||||
CVE-2015-3657 | 1 Arubanetworks | 1 Clearpass | 2024-08-06 | N/A |
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors. | ||||
CVE-2015-3654 | 1 Arubanetworks | 1 Clearpass | 2024-08-06 | N/A |
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649. | ||||
CVE-2015-3671 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
Admin Framework in Apple OS X before 10.10.4 does not properly verify XPC entitlements, which allows local users to bypass authentication and obtain admin privileges via unspecified vectors. | ||||
CVE-2015-3653 | 1 Arubanetworks | 1 Clearpass | 2024-08-06 | N/A |
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking. | ||||
CVE-2015-3644 | 1 Stunnel | 1 Stunnel | 2024-08-06 | N/A |
Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication. | ||||
CVE-2015-3407 | 2 Canonical, Module-signature Project | 2 Ubuntu Linux, Module-signature | 2024-08-06 | N/A |
Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files. | ||||
CVE-2015-3306 | 1 Proftpd | 1 Proftpd | 2024-08-06 | N/A |
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. | ||||
CVE-2015-3253 | 3 Apache, Oracle, Redhat | 14 Groovy, Health Sciences Clinical Development Center, Retail Order Broker Cloud Service and 11 more | 2024-08-06 | N/A |
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. | ||||
CVE-2015-3295 | 1 Markdown-it Project | 1 Markdown-it | 2024-08-06 | N/A |
markdown-it before 4.1.0 does not block data: URLs. | ||||
CVE-2015-3302 | 1 Thecartpress | 1 Thecartpress Ecommerce Shopping Cart | 2024-08-06 | N/A |
The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism." | ||||
CVE-2015-3224 | 1 Rubyonrails | 1 Web Console | 2024-08-06 | N/A |
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request. | ||||
CVE-2015-3114 | 5 Adobe, Apple, Linux and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2024-08-06 | N/A |
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | ||||
CVE-2015-3213 | 2 Clutter Project, Redhat | 2 Clutter, Enterprise Linux | 2024-08-06 | N/A |
The gesture handling code in Clutter before 1.16.2 allows physically proximate attackers to bypass the lock screen via certain (1) mouse or (2) touch gestures. | ||||
CVE-2015-3148 | 8 Apple, Canonical, Debian and 5 more | 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more | 2024-08-06 | N/A |
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. | ||||
CVE-2015-3170 | 1 Selinux Project | 1 Selinux | 2024-08-06 | N/A |
selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy. | ||||
CVE-2015-3155 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-08-06 | N/A |
Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
CVE-2015-3116 | 5 Adobe, Apple, Linux and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2024-08-06 | N/A |
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3125, and CVE-2015-5116. | ||||
CVE-2015-3163 | 1 Redhat | 1 Beaker | 2024-08-06 | 4.3 Medium |
The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively. | ||||
CVE-2015-3125 | 5 Adobe, Apple, Linux and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2024-08-06 | N/A |
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, and CVE-2015-5116. |