Export limit exceeded: 16515 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 365340 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 365340 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5493 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0257 | 1 Redhat | 2 Enterprise Virtualization Manager, Rhev Manager | 2025-04-12 | N/A |
| Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory. | ||||
| CVE-2015-0266 | 1 Apache | 1 Ranger | 2025-04-12 | N/A |
| The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs. | ||||
| CVE-2015-0818 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Seamonkey and 1 more | 2025-04-12 | N/A |
| Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. | ||||
| CVE-2015-0821 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | N/A |
| Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. | ||||
| CVE-2015-0856 | 2 Fedoraproject, Sddm Project | 2 Fedora, Sddm | 2025-04-12 | N/A |
| daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme. | ||||
| CVE-2015-0861 | 2 Debian, Tryton | 2 Debian Linux, Trytond | 2025-04-12 | N/A |
| model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records. | ||||
| CVE-2015-0932 | 1 Antlabs | 7 Inngate Ig 3.00 E, Inngate Ig 3.01 E, Inngate Ig 3.02 E and 4 more | 2025-04-12 | N/A |
| The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873. | ||||
| CVE-2015-0951 | 1 Qualiteam | 1 X-cart | 2025-04-12 | N/A |
| X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request. | ||||
| CVE-2015-0981 | 1 Scadaengine | 1 Bacnet Opc Server | 2025-04-12 | N/A |
| The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to bypass authentication and read or write to arbitrary database fields via unspecified vectors. | ||||
| CVE-2015-1448 | 1 Siemens | 5 Ruggedcom Firmware, Ruggedcom Win5100, Ruggedcom Win5200 and 2 more | 2025-04-12 | N/A |
| The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors. | ||||
| CVE-2015-1458 | 1 Fortinet | 1 Fortiauthenticator | 2025-04-12 | N/A |
| Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. | ||||
| CVE-2015-1460 | 1 Huawei | 10 Quidway Firmware, Quidway S2350, Quidway S2750 and 7 more | 2025-04-12 | N/A |
| Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet. | ||||
| CVE-2015-1469 | 1 Servision | 2 Hvg400, Hvg Video Gateway Firmware | 2025-04-12 | N/A |
| time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP response, a different vulnerability than CVE-2015-0929 and CVE-2015-0930. | ||||
| CVE-2015-1481 | 1 Ansible | 1 Tower | 2025-04-12 | N/A |
| Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account. | ||||
| CVE-2015-1489 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. | ||||
| CVE-2015-1496 | 1 Motorola | 1 Motorola Scanner Sdk | 2025-04-12 | N/A |
| Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2015-1498 | 1 Persistent Systems | 1 Radia Client Automation | 2025-04-12 | N/A |
| Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact. | ||||
| CVE-2015-1499 | 1 Samsung | 1 Samsung Security Manager | 2025-04-12 | N/A |
| The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request. | ||||
| CVE-2015-1515 | 1 Softsphere | 1 Defensewall Personal Firewall | 2025-04-12 | N/A |
| The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call. | ||||
| CVE-2015-1551 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors. | ||||