Search Results (5495 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4038 1 Wpmembership 1 Wpmembership 2025-04-12 N/A
The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php.
CVE-2015-4032 1 Visual Mining 1 Netcharts Server 2025-04-12 N/A
projectContents.jsp in the Developer tools in Visual Mining NetCharts Server allows remote attackers to rename arbitrary files, and consequently execute them, via unspecified vectors.
CVE-2015-4103 1 Xen 1 Xen 2025-04-12 N/A
Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.
CVE-2015-4104 1 Xen 1 Xen 2025-04-12 N/A
Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.
CVE-2015-4161 1 Sap 1 Afaria 2025-04-12 N/A
SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690.
CVE-2015-4182 1 Cisco 1 Identity Services Engine Software 2025-04-12 N/A
The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087.
CVE-2015-4185 1 Cisco 1 Ios 2025-04-12 N/A
The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202.
CVE-2015-4211 2 Cisco, Microsoft 2 Anyconnect Secure Mobility Client, Windows 2025-04-12 N/A
Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862.
CVE-2015-4219 1 Cisco 2 Identity Services Engine Software, Secure Access Control System 2025-04-12 N/A
Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331.
CVE-2015-4221 1 Cisco 1 Unified Communications Manager Im And Presence Service 2025-04-12 N/A
Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194.
CVE-2015-4225 1 Cisco 12 Nexus 93120tx, Nexus 93128tx, Nexus 9332pq and 9 more 2025-04-12 N/A
Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) and 1.0(1e) on Nexus 9000 devices does not properly implement RBAC health scoring, which allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuq77485.
CVE-2015-4231 1 Cisco 3 Nexus 7000, Nexus 7700, Nx-os 2025-04-12 N/A
The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.
CVE-2015-4232 1 Cisco 16 Mds 9100, Mds 9200, Mds 9500 and 13 more 2025-04-12 N/A
Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.
CVE-2015-4234 1 Cisco 1 Nx-os 2025-04-12 N/A
Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127.
CVE-2015-4235 1 Cisco 2 Application Policy Infrastructure Controller \(apic\), Nx-os 2025-04-12 N/A
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991.
CVE-2015-4237 1 Cisco 38 Mds 9100, Mds 9140, Mds 9500 and 35 more 2025-04-12 N/A
The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436.
CVE-2015-4282 1 Cisco 1 Mobility Services Engine 2025-04-12 N/A
Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504.
CVE-2015-4287 1 Cisco 1 Firepower Extensible Operating System 2025-04-12 N/A
Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230.
CVE-2015-4927 1 Ibm 1 Tivoli Storage Manager 2025-04-12 N/A
The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file.
CVE-2015-4946 1 Ibm 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more 2025-04-12 N/A
Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1 allows local users to bypass intended access restrictions via unspecified vectors.