Vulnerabilities (CVE)

Filtered by CWE-264
Total 5268 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5268 1 Moodle 1 Moodle 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to obtain sensitive information by reading a rating value.
CVE-2015-5266 1 Moodle 1 Moodle 2026-06-17 4.9 MEDIUM 6.8 MEDIUM
The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script.
CVE-2015-5265 1 Moodle 1 Moodle 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
The wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 does not consider the mod/wiki:managefiles capability before authorizing file management, which allows remote authenticated users to delete arbitrary files by using a manage-files button in a text editor.
CVE-2015-5264 1 Moodle 1 Moodle 2026-06-17 5.5 MEDIUM 5.4 MEDIUM
The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.
CVE-2015-5256 1 Apache 1 Cordova 2026-06-17 4.3 MEDIUM N/A
Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI.
CVE-2015-5253 1 Apache 1 Cxf 2026-06-17 4.0 MEDIUM N/A
The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."
CVE-2015-5252 3 Canonical, Debian, Samba 3 Ubuntu Linux, Debian Linux, Samba 2026-06-17 5.0 MEDIUM 7.2 HIGH
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
CVE-2015-5251 1 Openstack 1 Image Registry And Delivery Service \(glance\) 2026-06-17 5.5 MEDIUM N/A
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.
CVE-2015-5244 1 Mod Nss Project 1 Mod Nss 2026-06-17 7.5 HIGH 9.8 CRITICAL
The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions.
CVE-2015-5233 2 Redhat, Theforeman 2 Satellite, Foreman 2026-06-17 6.0 MEDIUM 4.2 MEDIUM
Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs.
CVE-2015-5228 2 Criu, Opensuse 2 Checkpoint\/restore In Userspace, Opensuse 2026-06-17 7.2 HIGH 7.8 HIGH
The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.
CVE-2015-5222 1 Redhat 1 Openshift 2026-06-17 8.5 HIGH N/A
Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.
CVE-2015-5217 1 Ipsilon Project 1 Ipsilon 2026-06-17 4.0 MEDIUM N/A
providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name.
CVE-2015-5198 2 Canonical, Libvdpau Project 2 Ubuntu Linux, Libvdpau 2026-06-17 7.2 HIGH N/A
libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable.
CVE-2015-5167 1 Apache 1 Ranger 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.
CVE-2015-5166 2 Fedoraproject, Xen 2 Fedora, Xen 2026-06-17 7.2 HIGH N/A
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
CVE-2015-5157 2 Linux, Redhat 6 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 3 more 2026-06-17 7.2 HIGH N/A
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.
CVE-2015-5051 1 Ibm 9 Maximo Asset Management, Maximo Asset Management Essentials, Maximo For Government and 6 more 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors.
CVE-2015-5043 1 Ibm 1 Security Guardium 2026-06-17 7.2 HIGH N/A
diag in IBM Security Guardium 8.2 before p6015, 9.0 before p6015, 9.1, 9.5, and 10.0 before p6015 allows local users to obtain root access via unspecified key sequences.
CVE-2015-5021 1 Ibm 1 Infosphere Information Server 2026-06-17 5.5 MEDIUM N/A
IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors.