Search

Search Results (366485 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4160 1 Sap 1 Ase Database Platform 2025-04-12 N/A
SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278.
CVE-2015-4161 1 Sap 1 Afaria 2025-04-12 N/A
SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690.
CVE-2015-4162 1 Paloaltonetworks 1 Pan-os 2025-04-12 N/A
XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data.
CVE-2015-4163 1 Xen 1 Xen 2025-04-12 N/A
GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.
CVE-2015-4164 1 Xen 1 Xen 2025-04-12 N/A
The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.
CVE-2015-4167 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2025-04-12 N/A
The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem.
CVE-2015-4170 2 Linux, Redhat 9 Linux Kernel, Enterprise Linux, Enterprise Linux Compute Node Eus and 6 more 2025-04-12 N/A
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.
CVE-2015-4171 3 Canonical, Debian, Strongswan 4 Ubuntu Linux, Debian Linux, Strongswan and 1 more 2025-04-12 N/A
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.
CVE-2015-4173 1 Sonicwall 1 Netextender 2025-04-12 N/A
Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.
CVE-2015-4174 1 Siemens 1 Climatix Bacnet\/ip 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the integrated web server on the Siemens Climatix BACnet/IP communication module with firmware before 10.34 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-4176 1 Linux 1 Linux Kernel 2025-04-12 N/A
fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory.
CVE-2015-4177 1 Linux 1 Linux Kernel 2025-04-12 N/A
The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call.
CVE-2015-4178 1 Linux 1 Linux Kernel 2025-04-12 N/A
The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call, related to fs/fs_pin.c and include/linux/fs_pin.h.
CVE-2015-4182 1 Cisco 1 Identity Services Engine Software 2025-04-12 N/A
The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087.
CVE-2015-4183 1 Cisco 1 Unified Computing System 2025-04-12 N/A
Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795.
CVE-2015-4184 1 Cisco 1 Email Security Appliance 2025-04-12 N/A
The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733.
CVE-2015-4185 1 Cisco 1 Ios 2025-04-12 N/A
The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202.
CVE-2015-4186 1 Cisco 1 Virtualization Experience Client 6000 Series Firmware 2025-04-12 N/A
The diagnostics subsystem in the administrative web interface on Cisco Virtualization Experience (aka VXC) Client 6215 devices with firmware 11.2(27.4) allows local users to gain privileges for OS command execution via a crafted option value, aka Bug ID CSCug54412.
CVE-2015-4188 1 Cisco 1 Prime Collaboration 2025-04-12 N/A
SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104.
CVE-2015-4189 1 Cisco 1 Data Center Analytics Framework 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework (DCAF) 1.4 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun26807.