Total
3292 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-20067 | 1 Wp Attachment Export Project | 1 Wp Attachment Export | 2024-08-06 | 7.5 High |
| The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress | ||||
| CVE-2015-8840 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-06 | 8.8 High |
| The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization, which allows remote authenticated users to obtain sensitive information, gain privileges, or possibly have unspecified other impact via requests to (1) webcontent/cas/cas_enter.jsp, (2) webcontent/cas/cas_validate.jsp, or (3) webcontent/aas/aas_store.jsp, aka SAP Security Note 1945215. | ||||
| CVE-2015-7561 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-08-06 | N/A |
| Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. | ||||
| CVE-2015-7315 | 1 Plone | 1 Plone | 2024-08-06 | N/A |
| Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator. | ||||
| CVE-2015-5301 | 1 Ipsilon Project | 1 Ipsilon | 2024-08-06 | N/A |
| providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider (SP). | ||||
| CVE-2015-5299 | 4 Canonical, Debian, Redhat and 1 more | 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more | 2024-08-06 | 5.3 Medium |
| The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory. | ||||
| CVE-2015-5304 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-08-06 | N/A |
| Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors. | ||||
| CVE-2015-5222 | 1 Redhat | 1 Openshift | 2024-08-06 | N/A |
| Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors. | ||||
| CVE-2015-3244 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2024-08-06 | N/A |
| The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resources, which allows remote attackers to obtain sensitive information via a URL with a modified resource ID. | ||||
| CVE-2015-1844 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-08-06 | N/A |
| Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API. | ||||
| CVE-2015-0571 | 1 Linux | 1 Linux Kernel | 2024-08-06 | 7.8 High |
| The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c. | ||||
| CVE-2016-11036 | 1 Google | 1 Android | 2024-08-06 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with M(6.0) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-6008 (August 2016). | ||||
| CVE-2016-2102 | 1 Haproxy | 1 Haproxy | 2024-08-05 | N/A |
| HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. | ||||
| CVE-2017-1002007 | 1 Dtracker Project | 1 Dtracker | 2024-08-05 | N/A |
| Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. | ||||
| CVE-2017-1002006 | 1 Dtracker Project | 1 Dtracker | 2024-08-05 | N/A |
| Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. | ||||
| CVE-2017-1000390 | 1 Jenkins | 1 Multijob | 2024-08-05 | N/A |
| Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build. | ||||
| CVE-2017-1000388 | 1 Jenkins | 1 Dependency Graph Viewer | 2024-08-05 | N/A |
| Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data. | ||||
| CVE-2017-1000400 | 1 Jenkins | 1 Jenkins | 2024-08-05 | N/A |
| The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API now only lists upstream and downstream projects that the current user has access to. | ||||
| CVE-2017-1000243 | 1 Jenkins | 1 Favorite Plugin | 2024-08-05 | N/A |
| Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites | ||||
| CVE-2017-1000086 | 1 Jenkins | 1 Periodic Backup | 2024-08-05 | N/A |
| The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. | ||||