Vulnerabilities (CVE)

Filtered by CWE-264
Total 5269 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-3003 1 Juniper 1 Junos 2026-06-17 7.2 HIGH N/A
Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 allows local users to gain privileges via crafted combinations of CLI commands and arguments.
CVE-2015-2993 1 Sysaid 1 Sysaid 2026-06-17 7.5 HIGH N/A
SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry.
CVE-2015-2984 1 Iodata 2 Wn-g54\/r2, Wn-g54\/r2 Firmware 2026-06-17 5.0 MEDIUM N/A
I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests.
CVE-2015-2958 1 Igreks 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem 2026-06-17 6.4 MEDIUM N/A
Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2953.
CVE-2015-2953 1 Igreks 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem 2026-06-17 5.0 MEDIUM N/A
Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and read files via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2958.
CVE-2015-2889 1 Summerinfant 2 Baby Zoom Wifi Monitor, Baby Zoom Wifi Monitor Firmware 2026-06-17 6.5 MEDIUM 8.8 HIGH
Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL.
CVE-2015-2871 1 Chiyu 1 Bf-660c 2026-06-17 7.5 HIGH N/A
Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618.
CVE-2015-2851 2 Apple, Synology 2 Mac Os X, Cloud Station 2026-06-17 6.8 MEDIUM N/A
client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.
CVE-2015-2830 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2026-06-17 1.9 LOW N/A
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.
CVE-2015-2828 1 Broadcom 1 Spectrum 2026-06-17 9.0 HIGH N/A
CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data.
CVE-2015-2821 1 Typo3 1 Neos 2026-06-17 6.5 MEDIUM N/A
TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors.
CVE-2015-2814 1 Sap 2 Clinical Task Tracker, Emr Unwired 2026-06-17 6.4 MEDIUM N/A
SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079.
CVE-2015-2794 1 Dnnsoftware 1 Dotnetnuke 2026-06-17 7.5 HIGH 9.8 CRITICAL
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
CVE-2015-2791 1 Wpml 1 Wpml 2026-06-17 6.4 MEDIUM N/A
The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.
CVE-2015-2758 1 Mcafee 1 Data Loss Prevention Endpoint 2026-06-17 6.5 MEDIUM N/A
The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted URL.
CVE-2015-2756 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2026-06-17 4.9 MEDIUM N/A
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
CVE-2015-2714 2 Google, Mozilla 2 Android, Firefox 2026-06-17 2.1 LOW N/A
Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that has a required permission for reading a log, as demonstrated by the READ_LOGS permission for the mixed-content violation log on Android 4.0 and earlier.
CVE-2015-2694 1 Mit 1 Kerberos 5 2026-06-17 5.8 MEDIUM N/A
The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
CVE-2015-2686 1 Linux 1 Linux Kernel 2026-06-17 7.2 HIGH 7.8 HIGH
net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem.
CVE-2015-2683 1 Citrix 1 Command Center 2026-06-17 7.5 HIGH N/A
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic.