Total
5449 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-7861 | 1 Accelerite | 1 Radia Client Automation | 2024-11-21 | N/A |
Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending unspecified commands in an environment that lacks relationship-based firewalling. | ||||
CVE-2015-7840 | 1 Solarwinds | 1 Log And Event Manager | 2024-11-21 | N/A |
The command line management console (CMC) in SolarWinds Log and Event Manager (LEM) before 6.2.0 allows remote attackers to execute arbitrary code via unspecified vectors involving the ping feature. | ||||
CVE-2015-7835 | 1 Xen | 1 Xen | 2024-11-21 | N/A |
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. | ||||
CVE-2015-7818 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2024-11-21 | N/A |
The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file. | ||||
CVE-2015-7809 | 1 Symfony | 1 Twig | 2024-11-21 | N/A |
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template. | ||||
CVE-2015-7792 | 1 Corega | 1 Cg-wlbargs Firmware | 2024-11-21 | N/A |
Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors. | ||||
CVE-2015-7788 | 1 Asus | 2 Wl-330nul, Wl-330nul Firmware | 2024-11-21 | N/A |
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors. | ||||
CVE-2015-7766 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO." | ||||
CVE-2015-7751 | 1 Juniper | 1 Junos | 2024-11-21 | N/A |
Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D105, 14.1X51 before 14.1X51-D70, 14.1X53 before 14.1X53-D25, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R1, 15.1 before 15.1F2 or 15.1R1, and 15.1X49 before 15.1X49-D10 does not require a password for the root user when pam.conf is "corrupted," which allows local users to gain root privileges by modifying the file. | ||||
CVE-2015-7717 | 1 Google | 1 Android | 2024-11-21 | N/A |
mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596. | ||||
CVE-2015-7709 | 1 Arkeia | 1 Western Digital Arkeia | 2024-11-21 | N/A |
The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted requests involving the ARKFS_EXEC_CMD operation. | ||||
CVE-2015-7707 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | N/A |
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp. | ||||
CVE-2015-7685 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A |
GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php. | ||||
CVE-2015-7662 | 6 Adobe, Apple, Google and 3 more | 10 Air, Air Sdk, Air Sdk \& Compiler and 7 more | 2024-11-21 | N/A |
Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and write to files via unspecified vectors. | ||||
CVE-2015-7600 | 1 Cisco | 1 Vpn Client | 2024-11-21 | N/A |
Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section. | ||||
CVE-2015-7598 | 1 Gemalto | 1 Safenet Authentication Service Tokenvalidator Proxy Agent | 2024-11-21 | N/A |
SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | ||||
CVE-2015-7597 | 1 Gemalto | 1 Safenet Authentication Service Iis Agent | 2024-11-21 | N/A |
SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | ||||
CVE-2015-7596 | 1 Gemalto | 1 Safenet Authentication Service End User Software Tools For Windows | 2024-11-21 | N/A |
SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | ||||
CVE-2015-7561 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | N/A |
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. | ||||
CVE-2015-7496 | 3 Fedoraproject, Gnome, Redhat | 3 Fedora, Gnome Display Manager, Enterprise Linux | 2024-11-21 | N/A |
GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key. |