Search

Search Results (366291 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-3270 1 Apache 1 Ambari 2025-04-12 N/A
Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords.
CVE-2015-3271 1 Apache 1 Tika 2025-04-12 N/A
Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header.
CVE-2015-3272 1 Moodle 1 Moodle 2025-04-12 N/A
Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL.
CVE-2015-3273 1 Moodle 1 Moodle 2025-04-12 N/A
mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated users to bypass intended access restrictions by leveraging per-group authorization.
CVE-2015-3274 1 Moodle 1 Moodle 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to inject arbitrary web script or HTML by leveraging absence of an external_format_text call in a web service.
CVE-2015-3289 1 Openstack 1 Glance 2025-04-12 N/A
OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them.
CVE-2015-3275 1 Moodle 1 Moodle 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to (1) mod/scorm/player.php or (2) mod/scorm/prereqs.php.
CVE-2015-3276 3 Openldap, Oracle, Redhat 10 Openldap, Linux, Enterprise Linux and 7 more 2025-04-12 7.5 High
The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
CVE-2015-3279 4 Canonical, Debian, Linuxfoundation and 1 more 4 Ubuntu Linux, Debian Linux, Cups-filters and 1 more 2025-04-12 N/A
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.
CVE-2015-3280 2 Openstack, Redhat 2 Nova, Openstack 2025-04-12 N/A
OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.
CVE-2015-3290 1 Linux 1 Linux Kernel 2025-04-12 N/A
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.
CVE-2015-3281 6 Canonical, Debian, Haproxy and 3 more 14 Ubuntu Linux, Debian Linux, Haproxy and 11 more 2025-04-12 N/A
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.
CVE-2015-3282 1 Openafs 1 Openafs 2025-04-12 N/A
vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network.
CVE-2015-3283 1 Openafs 1 Openafs 2025-04-12 N/A
OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors.
CVE-2015-3284 1 Openafs 1 Openafs 2025-04-12 N/A
pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands.
CVE-2015-3285 1 Openafs 1 Openafs 2025-04-12 N/A
The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.
CVE-2015-3286 1 Openafs 1 Openafs 2025-04-12 N/A
Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG.
CVE-2015-3288 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-12 7.8 High
mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero.
CVE-2015-3291 1 Linux 1 Linux Kernel 2025-04-12 N/A
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI.
CVE-2015-3293 1 Fortinet 1 Fortimail 2025-04-12 N/A
FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command.