Total
3244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2559 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-11-21 | N/A |
| Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL. | ||||
| CVE-2015-2534 | 1 Microsoft | 3 Windows 10, Windows 8.1, Windows Server 2012 | 2024-11-21 | N/A |
| Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 improperly processes ACL settings, which allows local users to bypass intended network-traffic restrictions via a crafted application, aka "Hyper-V Security Feature Bypass Vulnerability." | ||||
| CVE-2015-2509 | 1 Microsoft | 4 Windows 7, Windows 8, Windows 8.1 and 1 more | 2024-11-21 | N/A |
| Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka "Windows Media Center RCE Vulnerability." | ||||
| CVE-2015-2267 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
| mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value. | ||||
| CVE-2015-2172 | 1 Dokuwiki | 1 Dokuwiki | 2024-11-21 | N/A |
| DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API. | ||||
| CVE-2015-2107 | 2 Hp, Sap | 2 Operations Manager I Management Pack, Netweaver | 2024-11-21 | N/A |
| HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. | ||||
| CVE-2015-2008 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | N/A |
| IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive information by reading a backup archive. | ||||
| CVE-2015-1985 | 1 Ibm | 1 Mq Appliance M2000 | 2024-11-21 | N/A |
| The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file. | ||||
| CVE-2015-1976 | 1 Ibm | 2 Security Directory Server, Tivoli Directory Server | 2024-11-21 | N/A |
| IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. | ||||
| CVE-2015-1961 | 1 Ibm | 1 Business Process Manager | 2024-11-21 | N/A |
| The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call. | ||||
| CVE-2015-1959 | 1 Ibm | 1 Tivoli Directory Server | 2024-11-21 | N/A |
| IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other impact via a (1) download or (2) upload action. | ||||
| CVE-2015-1937 | 1 Ibm | 1 Powervc | 2024-11-21 | N/A |
| IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017. | ||||
| CVE-2015-1936 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter. | ||||
| CVE-2015-1927 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which allows remote attackers to obtain privileged access via unspecified vectors. | ||||
| CVE-2015-1922 | 1 Ibm | 1 Db2 | 2024-11-21 | N/A |
| The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors. | ||||
| CVE-2015-1920 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session. | ||||
| CVE-2015-1854 | 3 Debian, Fedoraproject, Redhat | 4 Debian Linux, 389 Directory Server, Fedora and 1 more | 2024-11-21 | N/A |
| 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. | ||||
| CVE-2015-1836 | 2 Apache, Ibm | 2 Hbase, Infosphere Biginsights | 2024-11-21 | N/A |
| Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic. | ||||
| CVE-2015-1814 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | N/A |
| The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users. | ||||
| CVE-2015-1763 | 1 Microsoft | 1 Sql Server | 2024-11-21 | N/A |
| Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "SQL Server Remote Code Execution Vulnerability." | ||||