Total
5449 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-8660 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2024-11-21 | 6.7 Medium |
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. | ||||
CVE-2015-8621 | 1 Tcoffee | 1 T-coffee | 2024-11-21 | N/A |
t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally. | ||||
CVE-2015-8612 | 1 Blueman Project | 1 Blueman | 2024-11-21 | N/A |
The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument. | ||||
CVE-2015-8600 | 1 Sap | 1 Mobile Platform | 2024-11-21 | N/A |
The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vectors, aka SAP Security Note 2227855. | ||||
CVE-2015-8579 | 1 Kaspersky | 1 Total Security 2015 | 2024-11-21 | N/A |
Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. | ||||
CVE-2015-8578 | 1 Avg | 1 Internet Security | 2024-11-21 | N/A |
AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. | ||||
CVE-2015-8577 | 1 Mcafee | 1 Virusscan Enterprise | 2024-11-21 | N/A |
The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. | ||||
CVE-2015-8570 | 1 Lepide | 1 Active Directory Self Service | 2024-11-21 | N/A |
The password reset functionality in Lepide Active Directory Self Service allows remote authenticated users to change arbitrary domain user passwords via a crafted request. | ||||
CVE-2015-8486 | 1 Cybozu | 1 Office | 2024-11-21 | N/A |
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152. | ||||
CVE-2015-8485 | 1 Cybozu | 1 Office | 2024-11-21 | N/A |
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152. | ||||
CVE-2015-8484 | 1 Cybozu | 1 Office | 2024-11-21 | N/A |
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152. | ||||
CVE-2015-8482 | 1 Bluecoat | 1 Unified Agent | 2024-11-21 | N/A |
Blue Coat Unified Agent before 4.6.2 does not prevent modification of its configuration files when running in local enforcement mode, which allows local administrators to unblock categories or disable the agent via unspecified vectors. | ||||
CVE-2015-8440 | 6 Adobe, Apple, Google and 3 more | 10 Air, Air Sdk, Air Sdk \& Compiler and 7 more | 2024-11-21 | N/A |
Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-8409 and CVE-2015-8453. | ||||
CVE-2015-8370 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Grub2, Enterprise Linux | 2024-11-21 | 7.4 High |
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error. | ||||
CVE-2015-8336 | 1 Huawei | 2 Fusioncompute, Fusioncompute Firmware | 2024-11-21 | N/A |
Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors. | ||||
CVE-2015-8333 | 1 Huawei | 1 Vcn500 | 2024-11-21 | N/A |
The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets. | ||||
CVE-2015-8325 | 4 Canonical, Debian, Openbsd and 1 more | 6 Ubuntu Core, Ubuntu Linux, Ubuntu Touch and 3 more | 2024-11-21 | N/A |
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. | ||||
CVE-2015-8279 | 1 Samsung | 1 Web Viewer | 2024-11-21 | N/A |
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script. | ||||
CVE-2015-8267 | 1 Dovestones | 1 Ad Self Password Reset | 2024-11-21 | N/A |
The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username. | ||||
CVE-2015-8236 | 1 Arista | 1 Eos | 2024-11-21 | N/A |
Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716. |