Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-284
Total 1059 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8001 1 Mediawiki 1 Mediawiki 2015-11-10 3.5 LOW N/A
The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file size.
CVE-2015-7395 1 Ibm 11 Change And Configuration Management Database, Maximo Asset Management, Maximo For Government and 8 more 2015-11-09 4.0 MEDIUM N/A
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors.
CVE-2015-7244 1 Mobatek 1 Mobaxterm 2015-11-04 7.5 HIGH N/A
The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets.
CVE-2015-7899 1 Joomla 1 Joomla\! 2015-10-30 5.0 MEDIUM N/A
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2015-3971 1 Janitza 5 Umg 508, Umg 509, Umg 511 and 2 more 2015-10-28 7.5 HIGH N/A
The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which allows remote attackers to read or write to files, or execute arbitrary JASIC code, via a session on TCP port 1239.
CVE-2015-7881 1 Colorbox Project 1 Colorbox 2015-10-28 3.5 LOW N/A
The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a comment.
CVE-2015-0660 1 Cisco 1 Telepresence Server Software 2015-10-27 7.2 HIGH N/A
Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123.
CVE-2015-1464 2 Bestpractical, Fedoraproject 2 Request Tracker, Fedora 2015-10-27 6.4 MEDIUM N/A
RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.
CVE-2015-6984 1 Apple 1 Mac Os X 2015-10-26 8.8 HIGH N/A
libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack.
CVE-2014-1949 3 Canonical, Gtk, Linuxmint 3 Ubuntu, Gtk\+, Linux Mint 2015-10-13 7.2 HIGH N/A
GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.
CVE-2015-0297 1 Redhat 1 Jboss Operations Network 2015-10-05 9.0 HIGH N/A
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.
CVE-2015-0141 1 Ibm 1 Openpages Grc Platform 2015-10-05 4.0 MEDIUM N/A
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request.
CVE-2015-3860 1 Google 1 Android 2015-10-01 7.2 HIGH N/A
packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended access restrictions via a long password that triggers a SystemUI crash, aka internal bug 22214934.
CVE-2015-1541 1 Google 1 Android 2015-10-01 4.3 MEDIUM N/A
The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745.
CVE-2015-3833 1 Google 1 Android 2015-10-01 4.3 MEDIUM N/A
The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictions and discover the name of the foreground application via a crafted application, aka internal bug 20034603.
CVE-2015-0694 1 Cisco 7 Asr 9001, Asr 9006, Asr 9010 and 4 more 2015-09-29 5.0 MEDIUM N/A
Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806.
CVE-2015-7306 1 Drupaldise 1 Cms Updater 2015-09-22 4.9 MEDIUM N/A
The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions, which allows remote authenticated users to access and change settings by leveraging the "access administration pages" permission.
CVE-2015-1173 1 Unit4 1 Teta Web 2015-09-17 7.5 HIGH N/A
Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges via crafted "received parameters."
CVE-2015-0667 1 Cisco 2 Content Services Switch 11500, Content Services Switch 11500 Firmware 2015-09-10 5.0 MEDIUM N/A
The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted SSH packets, aka Bug ID CSCut14855.
CVE-2015-5960 1 Mozilla 1 Firefox Os 2015-08-21 1.9 LOW N/A
Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and access USB Mass Storage (UMS) media volumes by using the USB interface for a mount operation.