Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9191 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-1702 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | N/A |
| The Service Control Manager (SCM) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Service Control Manager Elevation of Privilege Vulnerability." | ||||
| CVE-2015-1703 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1704. | ||||
| CVE-2015-1713 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | ||||
| CVE-2015-1704 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1703. | ||||
| CVE-2015-1715 | 1 Microsoft | 1 Silverlight | 2025-04-12 | N/A |
| Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to bypass intended integrity-level restrictions via a crafted Silverlight application, aka "Microsoft Silverlight Out of Browser Application Vulnerability." | ||||
| CVE-2015-1739 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | ||||
| CVE-2015-1748 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1743. | ||||
| CVE-2013-4502 | 2 Drupal, Nathan Haug | 2 Drupal, Filefield Sources | 2025-04-12 | N/A |
| The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file. | ||||
| CVE-2015-1810 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name. | ||||
| CVE-2015-1806 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors. | ||||
| CVE-2015-1814 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users. | ||||
| CVE-2015-2683 | 1 Citrix | 1 Command Center | 2025-04-12 | N/A |
| Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic. | ||||
| CVE-2015-2686 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem. | ||||
| CVE-2015-2694 | 2 Mit, Redhat | 2 Kerberos 5, Enterprise Linux | 2025-04-12 | N/A |
| The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. | ||||
| CVE-2015-2714 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-12 | N/A |
| Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that has a required permission for reading a log, as demonstrated by the READ_LOGS permission for the mixed-content violation log on Android 4.0 and earlier. | ||||
| CVE-2015-2756 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | N/A |
| QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. | ||||
| CVE-2015-2758 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2025-04-12 | N/A |
| The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted URL. | ||||
| CVE-2015-2791 | 1 Wpml | 1 Wpml | 2025-04-12 | N/A |
| The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php. | ||||
| CVE-2013-4320 | 1 Typo3 | 1 Typo3 | 2025-04-12 | N/A |
| The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL. | ||||
| CVE-2015-2814 | 1 Sap | 2 Clinical Task Tracker, Emr Unwired | 2025-04-12 | N/A |
| SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079. | ||||