Vulnerabilities (CVE)

Filtered by CWE-264
Total 5269 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-1608 1 Topline Systems 1 Opportunity Form 2026-06-17 4.0 MEDIUM N/A
Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors.
CVE-2015-1599 1 Siemens 1 Spcanywhere 2026-06-17 2.1 LOW N/A
The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error.
CVE-2015-1593 1 Linux 1 Linux Kernel 2026-06-17 5.0 MEDIUM N/A
The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.
CVE-2015-1591 1 Kamailio 1 Kamailio 2026-06-17 4.6 MEDIUM 7.8 HIGH
The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges.
CVE-2015-1590 1 Kamailio 1 Kamailio 2026-06-17 4.6 MEDIUM 7.8 HIGH
The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl.
CVE-2015-1551 1 Arubanetworks 1 Clearpass Policy Manager 2026-06-17 4.0 MEDIUM N/A
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors.
CVE-2015-1515 1 Softsphere 1 Defensewall Personal Firewall 2026-06-17 7.2 HIGH N/A
The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call.
CVE-2015-1499 1 Samsung 1 Samsung Security Manager 2026-06-17 8.5 HIGH N/A
The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request.
CVE-2015-1498 1 Persistent Systems 1 Radia Client Automation 2026-06-17 10.0 HIGH N/A
Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact.
CVE-2015-1496 1 Motorola 1 Motorola Scanner Sdk 2026-06-17 7.2 HIGH N/A
Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors.
CVE-2015-1489 1 Symantec 1 Endpoint Protection Manager 2026-06-17 8.5 HIGH N/A
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors.
CVE-2015-1481 1 Ansible 1 Tower 2026-06-17 6.5 MEDIUM N/A
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account.
CVE-2015-1469 1 Servision 2 Hvg400, Hvg Video Gateway Firmware 2026-06-17 9.0 HIGH N/A
time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP response, a different vulnerability than CVE-2015-0929 and CVE-2015-0930.
CVE-2015-1460 1 Huawei 10 Quidway Firmware, Quidway S2350, Quidway S2750 and 7 more 2026-06-17 7.5 HIGH N/A
Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet.
CVE-2015-1458 1 Fortinet 1 Fortiauthenticator 2026-06-17 6.9 MEDIUM N/A
Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command.
CVE-2015-1448 1 Siemens 5 Ruggedcom Firmware, Ruggedcom Win5100, Ruggedcom Win5200 and 2 more 2026-06-17 10.0 HIGH N/A
The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors.
CVE-2015-1416 1 Freebsd 1 Freebsd 2026-06-17 9.3 HIGH 7.8 HIGH
Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.
CVE-2015-1378 1 Grml 1 Grml-debootstrap 2026-06-17 5.0 MEDIUM 7.5 HIGH
cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users.
CVE-2015-1375 1 Pixabay Images Project 1 Pixabay Images 2026-06-17 7.5 HIGH N/A
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.
CVE-2015-1356 1 Siemens 1 Simatic Step 7 2026-06-17 4.4 MEDIUM N/A
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file.