Total
2806 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-2841 | 1 Citrix | 1 Netscaler | 2024-08-06 | N/A |
Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types. | ||||
CVE-2015-2692 | 1 Adblock | 1 Adblock | 2024-08-06 | N/A |
AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters. | ||||
CVE-2015-2687 | 1 Openstack | 1 Compute | 2024-08-06 | N/A |
OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for. | ||||
CVE-2015-2534 | 1 Microsoft | 3 Windows 10, Windows 8.1, Windows Server 2012 | 2024-08-06 | N/A |
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 improperly processes ACL settings, which allows local users to bypass intended network-traffic restrictions via a crafted application, aka "Hyper-V Security Feature Bypass Vulnerability." | ||||
CVE-2015-2559 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-08-06 | N/A |
Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL. | ||||
CVE-2015-2509 | 1 Microsoft | 4 Windows 7, Windows 8, Windows 8.1 and 1 more | 2024-08-06 | N/A |
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka "Windows Media Center RCE Vulnerability." | ||||
CVE-2015-2267 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value. | ||||
CVE-2015-2172 | 1 Dokuwiki | 1 Dokuwiki | 2024-08-06 | N/A |
DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API. | ||||
CVE-2015-2107 | 2 Hp, Sap | 2 Operations Manager I Management Pack, Netweaver | 2024-08-06 | N/A |
HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. | ||||
CVE-2015-1959 | 1 Ibm | 1 Tivoli Directory Server | 2024-08-06 | N/A |
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other impact via a (1) download or (2) upload action. | ||||
CVE-2015-2008 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-08-06 | N/A |
IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive information by reading a backup archive. | ||||
CVE-2015-1985 | 1 Ibm | 1 Mq Appliance M2000 | 2024-08-06 | N/A |
The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file. | ||||
CVE-2015-1976 | 1 Ibm | 2 Security Directory Server, Tivoli Directory Server | 2024-08-06 | N/A |
IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. | ||||
CVE-2015-1936 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter. | ||||
CVE-2015-1937 | 1 Ibm | 1 Powervc | 2024-08-06 | N/A |
IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017. | ||||
CVE-2015-1922 | 1 Ibm | 1 Db2 | 2024-08-06 | N/A |
The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors. | ||||
CVE-2015-1927 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which allows remote attackers to obtain privileged access via unspecified vectors. | ||||
CVE-2015-1961 | 1 Ibm | 1 Business Process Manager | 2024-08-06 | N/A |
The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call. | ||||
CVE-2015-1920 | 1 Ibm | 1 Websphere Application Server | 2024-08-06 | N/A |
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session. | ||||
CVE-2015-1836 | 2 Apache, Ibm | 2 Hbase, Infosphere Biginsights | 2024-08-06 | N/A |
Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic. |