CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2015

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
551 CVE-2015-2126 264 +Priv 2015-07-06 2016-12-27
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permissions.
552 CVE-2015-1984 264 Bypass 2015-07-19 2016-11-29
4.0
None Remote Low Single system Partial None None
IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks.
553 CVE-2015-1982 200 +Info 2015-07-19 2016-11-29
4.0
None Remote Low Single system Partial None None
IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which reveals the full path in an error message.
554 CVE-2015-1980 20 2015-07-19 2016-11-29
3.5
None Remote Medium Single system None Partial None
IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.
555 CVE-2015-1979 79 XSS 2015-07-19 2016-11-29
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Error dialog in IBM Case Manager 5.2.1 before 5.2.1.2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to the (1) addressability or (2) comments component.
556 CVE-2015-1968 79 XSS 2015-07-19 2016-11-29
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
557 CVE-2015-1967 200 +Info 2015-07-01 2016-12-30
4.3
None Remote Medium Not required Partial None None
MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the absence of the compatibility-mode option, which allows remote attackers to obtain sensitive information by sniffing the network for a session in which TLS is not used.
558 CVE-2015-1966 79 XSS 2015-07-04 2016-12-27
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager for Mobile and other products, allow remote attackers to inject arbitrary web script or HTML via a crafted URL, related to the (1) ERROR_DESCRIPTION and (2) TOKEN:RelayState macros.
559 CVE-2015-1961 284 Exec Code Bypass 2015-07-13 2017-09-21
9.0
None Remote Low Single system Complete Complete Complete
The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call.
560 CVE-2015-1951 200 +Info 2015-07-01 2016-11-29
2.1
None Local Low Not required Partial None None
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.0 IFIX005 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation.
561 CVE-2015-1950 255 Bypass 2015-07-01 2016-11-29
4.6
None Local Low Not required Partial Partial Partial
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.
562 CVE-2015-1946 264 +Priv 2015-07-14 2016-11-28
4.4
None Local Medium Not required Partial Partial Partial
IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors.
563 CVE-2015-1944 79 XSS 2015-07-14 2017-09-21
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
564 CVE-2015-1936 284 2015-07-14 2016-11-29
6.0
None Remote Medium Single system Partial Partial Partial
The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter.
565 CVE-2015-1935 17 DoS Exec Code 2015-07-19 2018-09-26
8.0
None Remote Low Single system Partial Partial Complete
The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors.
566 CVE-2015-1927 284 2015-07-14 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which allows remote attackers to obtain privileged access via unspecified vectors.
567 CVE-2015-1926 2015-07-16 2017-09-21
5.5
None Remote Low Single system Partial Partial None
Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 and 11.1.1.9.0, and the Oracle Applications Framework component in Oracle E-Business Suite 12.2.3 and 12.2.4, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Portal.
568 CVE-2015-1922 284 Bypass 2015-07-19 2018-09-26
3.5
None Remote Medium Single system None Partial None
The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors.
569 CVE-2015-1917 79 XSS 2015-07-14 2017-09-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
570 CVE-2015-1916 DoS 2015-07-02 2016-12-27
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider.
571 CVE-2015-1914 200 Bypass +Info 2015-07-02 2019-06-13
5.0
None Remote Low Not required Partial None None
IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine.
572 CVE-2015-1906 79 XSS 2015-07-21 2017-09-20
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
573 CVE-2015-1905 264 Bypass 2015-07-21 2017-09-20
4.0
None Remote Low Single system None Partial None
The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors.
574 CVE-2015-1904 264 Bypass 2015-07-31 2017-09-20
3.5
None Remote Medium Single system None Partial None
IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action.
575 CVE-2015-1887 200 +Info 2015-07-14 2017-09-21
5.0
None Remote Low Not required Partial None None
IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request.
576 CVE-2015-1883 200 +Info 2015-07-19 2017-09-21
4.0
None Remote Low Single system Partial None None
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure.
577 CVE-2015-1872 119 DoS Overflow 2015-07-26 2019-03-30
6.8
None Remote Medium Not required Partial Partial Partial
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data.
578 CVE-2015-1840 200 Bypass +Info CSRF 2015-07-26 2018-10-30
5.0
None Remote Low Not required Partial None None
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.
579 CVE-2015-1831 2015-07-16 2017-09-21
7.5
None Remote Low Not required Partial Partial Partial
The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors.
580 CVE-2015-1796 254 2015-07-08 2016-11-29
4.3
None Remote Medium Not required None Partial None
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor.
581 CVE-2015-1793 254 2015-07-09 2018-11-30
6.4
None Remote Low Not required Partial Partial None
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
582 CVE-2015-1767 119 DoS Exec Code Overflow Mem. Corr. 2015-07-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2401 and CVE-2015-2408.
583 CVE-2015-1763 284 Exec Code 2015-07-14 2018-10-12
8.5
None Remote Medium Single system Complete Complete Complete
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "SQL Server Remote Code Execution Vulnerability."
584 CVE-2015-1762 74 Exec Code 2015-07-14 2018-10-12
7.1
None Remote High Single system Complete Complete Complete
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain permissions and making a crafted query, as demonstrated by the VIEW SERVER STATE permission, aka "SQL Server Remote Code Execution Vulnerability."
585 CVE-2015-1761 284 +Priv 2015-07-14 2018-10-12
6.5
None Remote Low Single system Partial Partial Partial
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka "SQL Server Elevation of Privilege Vulnerability."
586 CVE-2015-1738 119 DoS Exec Code Overflow Mem. Corr. 2015-07-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2388.
587 CVE-2015-1733 119 DoS Exec Code Overflow Mem. Corr. 2015-07-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2389 and CVE-2015-2411.
588 CVE-2015-1729 200 +Info 2015-07-14 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
589 CVE-2015-1561 77 Exec Code 2015-07-14 2019-07-30
6.5
None Remote Low Single system Partial Partial Partial
The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter.
590 CVE-2015-1560 89 Exec Code Sql 2015-07-14 2019-07-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php.
591 CVE-2015-1492 20 +Priv 2015-07-31 2017-09-20
8.5
None Remote Medium Single system Complete Complete Complete
Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package.
592 CVE-2015-1491 89 Exec Code Sql 2015-07-31 2017-09-20
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
593 CVE-2015-1490 22 Dir. Trav. 2015-07-31 2017-09-20
5.5
None Remote Low Single system None Partial Partial
Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package.
594 CVE-2015-1489 264 +Priv 2015-07-31 2017-09-20
8.5
None Remote Medium Single system Complete Complete Complete
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors.
595 CVE-2015-1488 200 +Info 2015-07-31 2017-09-20
4.0
None Remote Low Single system Partial None None
An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors.
596 CVE-2015-1487 20 2015-07-31 2017-09-20
5.5
None Remote Low Single system None Partial Partial
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename.
597 CVE-2015-1486 287 Bypass 2015-07-31 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session.
598 CVE-2015-1330 287 2015-07-01 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors.
599 CVE-2015-1289 DoS 2015-07-22 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
600 CVE-2015-1288 17 2015-07-22 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.
Total number of vulnerabilities : 657   Page : 1 2 3 4 5 6 7 8 9 10 11 12 (This Page)13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.