Vulnerabilities (CVE)

Filtered by CWE-264
Total 5269 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-0518 1 Emc 1 Documentum D2 2026-06-17 9.0 HIGH N/A
The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions.
CVE-2015-0337 4 Adobe, Apple, Linux and 1 more 4 Flash Player, Mac Os X, Linux Kernel and 1 more 2026-06-17 5.0 MEDIUM N/A
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
CVE-2015-0296 2 Fedoraproject, Tug 2 Fedora, Texlive 2026-06-17 1.2 LOW 4.7 MEDIUM
The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.
CVE-2015-0266 1 Apache 1 Ranger 2026-06-17 6.5 MEDIUM 7.1 HIGH
The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs.
CVE-2015-0257 1 Redhat 1 Enterprise Virtualization Manager 2026-06-17 2.1 LOW N/A
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.
CVE-2015-0237 1 Redhat 1 Enterprise Virtualization Manager 2026-06-17 6.8 MEDIUM N/A
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.
CVE-2015-0227 1 Apache 1 Wss4j 2026-06-17 5.0 MEDIUM N/A
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."
CVE-2015-0223 1 Apache 1 Qpid 2026-06-17 5.0 MEDIUM N/A
Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling.
CVE-2015-0214 1 Moodle 1 Moodle 2026-06-17 4.0 MEDIUM N/A
message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request.
CVE-2015-0197 1 Ibm 1 General Parallel File System 2026-06-17 7.2 HIGH N/A
IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to obtain root privileges for program execution via unspecified vectors.
CVE-2015-0179 1 Ibm 1 Domino 2026-06-17 7.2 HIGH N/A
Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V.
CVE-2015-0175 1 Ibm 1 Websphere Application Server 2026-06-17 5.5 MEDIUM N/A
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.
CVE-2015-0162 1 Ibm 1 Security Siteprotector System 2026-06-17 6.9 MEDIUM 7.0 HIGH
IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.
CVE-2015-0160 1 Ibm 1 Security Siteprotector System 2026-06-17 9.0 HIGH N/A
IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors.
CVE-2015-0149 1 Ibm 1 Api Management 2026-06-17 5.5 MEDIUM N/A
The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls.
CVE-2015-0146 1 Ibm 1 Content Collector 2026-06-17 2.1 LOW N/A
IBM Content Collector for Email 3.0 before 3.0.0.6-IBM-ICC-Server-IF001 and 4.0 before 4.0.0.3-IBM-ICC-Server-IF001 does not properly handle an unspecified query operator during searches of IBM FileNet P8 systems with IBM Content Search Services, which allows local users to bypass intended document-access restrictions and obtain sensitive information via a crafted search query.
CVE-2015-0142 1 Ibm 1 Openpages Grc Platform 2026-06-17 4.0 MEDIUM N/A
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function.
CVE-2015-0098 1 Microsoft 2 Windows 7, Windows Server 2008 2026-06-17 7.2 HIGH N/A
Task Scheduler in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges by triggering application execution by an invalid task, aka "Task Scheduler Elevation of Privilege Vulnerability."
CVE-2015-0078 1 Microsoft 5 Windows 8, Windows 8.1, Windows Rt and 2 more 2026-06-17 7.2 HIGH N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate the token of a calling thread, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
CVE-2015-0075 1 Microsoft 4 Windows 2003 Server, Windows 7, Windows Server 2008 and 1 more 2026-06-17 7.2 HIGH N/A
The kernel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Impersonation Level Check Elevation of Privilege Vulnerability."