Total
5449 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-5602 | 1 Sudo Project | 1 Sudo | 2024-11-21 | N/A |
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt." | ||||
CVE-2015-5600 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2024-11-21 | N/A |
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. | ||||
CVE-2015-5536 | 1 Belkin | 2 N300 Dual-band Wi-fi Range Extender, N300 Dual-band Wi-fi Range Extender Firmware | 2024-11-21 | N/A |
Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4) wps_enrolee_pin parameter in a formWlanSetupWPS request; or unspecified parameters in a (5) formWlanMP, (6) formBSSetSitesurvey, (7) formHwSet, or (8) formConnectionSetting request. | ||||
CVE-2015-5515 | 1 Views Bulk Operations Project | 1 Views Bulk Operations | 2024-11-21 | N/A |
The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging access to a user account listing view with VBO enabled. | ||||
CVE-2015-5511 | 1 Hybridauth Social Login Project | 1 Hybridauth Social Login | 2024-11-21 | N/A |
The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for Drupal allows remote attackers to bypass the user registration by administrator only configuration and create an account via a social login. | ||||
CVE-2015-5509 | 1 Administration Views Project | 1 Administration Views | 2024-11-21 | N/A |
The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, when used with other unspecified modules, does not properly grant access to administration pages, which allows remote administrators to bypass intended restrictions via unspecified vectors. | ||||
CVE-2015-5499 | 1 Navigate Project | 1 Navigate | 2024-11-21 | N/A |
The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission. | ||||
CVE-2015-5498 | 1 Shipwire Api Project | 1 Shipwire Api | 2024-11-21 | N/A |
The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive information via a request to the page. | ||||
CVE-2015-5496 | 1 Pass2pdf Project | 1 Pass2pdf | 2024-11-21 | N/A |
The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors. | ||||
CVE-2015-5493 | 1 Entityform Block Project | 1 Entityform Block | 2024-11-21 | N/A |
The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityforms via unspecified vectors. | ||||
CVE-2015-5434 | 1 Hp | 87 Jc072b Hp 12500 Main Processing Unit, Jc085a Hp A12518 Switch Chassis, Jc086a Hp A12508 Switch Chassis and 84 more | 2024-11-21 | N/A |
HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping." | ||||
CVE-2015-5413 | 1 Hp | 1 Version Control Repository Manager | 2024-11-21 | N/A |
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors. | ||||
CVE-2015-5402 | 1 Hp | 2 Matrix Operating Environment, Systems Insight Manager | 2024-11-21 | N/A |
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows local users to gain privileges, and consequently obtain sensitive information, modify data, or cause a denial of service, via unspecified vectors. | ||||
CVE-2015-5400 | 3 Debian, Fedoraproject, Squid-cache | 3 Debian Linux, Fedora, Squid | 2024-11-21 | N/A |
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. | ||||
CVE-2015-5367 | 1 Hp | 39 Elite X2 1010 G2, Elitebook 1040 G1, Elitebook 1040 G2 and 36 more | 2024-11-21 | N/A |
The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors. | ||||
CVE-2015-5352 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2024-11-21 | N/A |
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. | ||||
CVE-2015-5342 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state. | ||||
CVE-2015-5341 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors. | ||||
CVE-2015-5340 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) badges/overview.php or (2) badges/view.php. | ||||
CVE-2015-5339 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
The core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users to obtain sensitive course-participant information via a web-service request. |