Export limit exceeded: 336906 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8952 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2814 | 1 Sap | 2 Clinical Task Tracker, Emr Unwired | 2025-04-12 | N/A |
| SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079. | ||||
| CVE-2015-2821 | 1 Typo3 | 1 Neos | 2025-04-12 | N/A |
| TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors. | ||||
| CVE-2015-2828 | 1 Broadcom | 1 Spectrum | 2025-04-12 | N/A |
| CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data. | ||||
| CVE-2015-2830 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2025-04-12 | N/A |
| arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. | ||||
| CVE-2015-2851 | 2 Apple, Synology | 2 Mac Os X, Cloud Station | 2025-04-12 | N/A |
| client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename. | ||||
| CVE-2015-3158 | 2 Picketlink, Redhat | 2 Picketlink, Jboss Enterprise Application Platform | 2025-04-12 | N/A |
| The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow. | ||||
| CVE-2015-3179 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account. | ||||
| CVE-2015-3181 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restrictions by using web services to perform uploads after this capability has been revoked. | ||||
| CVE-2015-3202 | 2 Debian, Fuse Project | 2 Debian Linux, Fuse | 2025-04-12 | N/A |
| fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature. | ||||
| CVE-2015-3235 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2025-04-12 | N/A |
| Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors. | ||||
| CVE-2015-3244 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2025-04-12 | N/A |
| The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resources, which allows remote attackers to obtain sensitive information via a URL with a modified resource ID. | ||||
| CVE-2015-3255 | 1 Polkit Project | 1 Polkit | 2025-04-12 | N/A |
| The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions. | ||||
| CVE-2015-3256 | 3 Opensuse, Polkit Project, Redhat | 3 Opensuse, Polkit, Enterprise Linux | 2025-04-12 | N/A |
| PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation." | ||||
| CVE-2015-3259 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument. | ||||
| CVE-2015-3270 | 1 Apache | 1 Ambari | 2025-04-12 | N/A |
| Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords. | ||||
| CVE-2015-3273 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated users to bypass intended access restrictions by leveraging per-group authorization. | ||||
| CVE-2015-3290 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window. | ||||
| CVE-2015-3283 | 1 Openafs | 1 Openafs | 2025-04-12 | N/A |
| OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors. | ||||
| CVE-2015-3335 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-12 | N/A |
| The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits for Native Client (aka NaCl) processes, which might make it easier for remote attackers to conduct row-hammer attacks or have unspecified other impact by leveraging the ability to run a crafted program in the NaCl sandbox. | ||||
| CVE-2015-3336 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2025-04-12 | N/A |
| Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls, and arranging for the user to access this document with a file: URL. | ||||