CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2015(Bypass)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-3457 287 Bypass 2015-04-29 2016-12-06
5.0
None Remote Low Not required None Partial None
Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote attackers to bypass authentication via the forwarded parameter.
2 CVE-2015-3404 200 Bypass +Info 2015-04-22 2016-12-06
4.0
None Remote Low ??? Partial None None
The Certify module before 6.x-2.3 for Drupal does not properly perform node access checks, which allows remote authenticated users to bypass intended access restrictions and obtain sensitive PDF certificate information via vectors related to "showing (and creating) the PDF certificates."
3 CVE-2015-3391 200 Bypass +Info 2015-04-21 2018-04-07
5.0
None Remote Low Not required Partial None None
The Path Breadcrumbs module before 7.x-3.2 for Drupal allows remote attackers to bypass intended access restrictions and obtain sensitive node titles by reading a 403 Not Found page.
4 CVE-2015-3044 200 Bypass +Info 2015-04-14 2018-10-30
5.0
None Remote Low Not required Partial None None
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.
5 CVE-2015-3040 200 Bypass +Info 2015-04-14 2018-10-30
5.0
None Remote Low Not required Partial None None
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-0357.
6 CVE-2015-3028 264 Bypass 2015-04-08 2015-04-09
5.5
None Remote Low ??? Partial Partial None
McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters.
7 CVE-2015-3027 264 Bypass 2015-04-10 2016-12-03
5.0
None Remote Low Not required None Partial None
Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program.
8 CVE-2015-2935 200 Bypass +Info 2015-04-13 2016-12-07
5.0
None Remote Low Not required Partial None None
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."
9 CVE-2015-2841 284 Bypass 2015-04-03 2016-12-03
5.0
None Remote Low Not required None Partial None
Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types.
10 CVE-2015-1889 89 Sql Bypass 2015-04-22 2017-01-03
6.5
None Remote Low ??? Partial Partial Partial
The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via (1) a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or (2) an import of a certain Hive table definition with the HCAT_SYNC_OBJECTS procedure.
11 CVE-2015-1661 264 Bypass 2015-04-14 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
12 CVE-2015-1646 264 Bypass +Info 2015-04-14 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."
13 CVE-2015-1638 264 Bypass 2015-04-14 2019-05-08
5.8
None Remote Medium Not required Partial Partial None
Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."
14 CVE-2015-1248 264 Bypass 2015-04-19 2017-01-03
4.3
None Remote Medium Not required None Partial None
The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL.
15 CVE-2015-1236 264 Bypass 2015-04-19 2017-01-03
4.3
None Remote Medium Not required Partial None None
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.
16 CVE-2015-1235 264 Bypass 2015-04-19 2017-01-03
5.0
None Remote Low Not required None Partial None
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element.
17 CVE-2015-1151 284 Bypass 2015-04-28 2016-04-01
5.0
None Remote Low Not required None Partial None
Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client.
18 CVE-2015-1150 17 Bypass 2015-04-28 2016-04-01
5.0
None Remote Low Not required None Partial None
The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended.
19 CVE-2015-1146 310 Bypass 2015-04-10 2019-01-31
1.9
None Local Medium Not required None Partial None
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145.
20 CVE-2015-1145 310 Bypass 2015-04-10 2019-01-31
1.9
None Local Medium Not required None Partial None
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146.
21 CVE-2015-1130 254 Bypass 2015-04-10 2015-09-17
7.2
None Local Low Not required Complete Complete Complete
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
22 CVE-2015-1115 284 Bypass 2015-04-10 2017-01-03
4.4
None Local Medium Not required Partial Partial Partial
The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.
23 CVE-2015-1104 20 Bypass 2015-04-10 2019-03-08
5.0
None Remote Low Not required None Partial None
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.
24 CVE-2015-1091 200 Bypass +Info 2015-04-10 2017-01-03
4.3
None Remote Medium Not required Partial None None
The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
25 CVE-2015-1089 200 Bypass +Info 2015-04-10 2017-01-03
5.0
None Remote Low Not required Partial None None
CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
26 CVE-2015-0994 254 Bypass 2015-04-03 2015-04-03
4.0
None Remote Low ??? None Partial None
Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests.
27 CVE-2015-0993 254 Bypass 2015-04-03 2015-04-03
6.4
None Remote Low Not required Partial Partial None
Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.
28 CVE-2015-0938 200 Bypass +Info 2015-04-17 2016-12-08
5.0
None Remote Low Not required Partial None None
search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to bypass intended access restrictions, and list or read arbitrary documents, by providing matching keywords in conjunction with a crafted parameter.
29 CVE-2015-0840 284 Bypass 2015-04-13 2017-01-03
4.3
None Remote Medium Not required None Partial None
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).
30 CVE-2015-0816 264 Exec Code Bypass 2015-04-01 2017-09-17
5.0
None Remote Low Not required None Partial None
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.
31 CVE-2015-0812 17 Bypass 2015-04-01 2018-10-30
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain.
32 CVE-2015-0807 352 Bypass CSRF 2015-04-01 2017-01-03
6.8
None Remote Medium Not required Partial Partial Partial
The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.
33 CVE-2015-0801 264 Exec Code Bypass 2015-04-01 2017-01-03
7.5
None Remote Low Not required Partial Partial Partial
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.
34 CVE-2015-0799 20 Bypass 2015-04-08 2018-10-30
4.3
None Remote Medium Not required None Partial None
The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header.
35 CVE-2015-0798 264 Exec Code Bypass 2015-04-08 2016-12-07
5.0
None Remote Low Not required None Partial None
The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy.
36 CVE-2015-0694 284 Bypass 2015-04-11 2015-09-29
5.0
None Remote Low Not required None Partial None
Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806.
37 CVE-2015-0357 200 Bypass +Info 2015-04-14 2017-01-03
5.0
None Remote Low Not required Partial None None
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3040.
38 CVE-2014-5405 200 Bypass +Info 2015-04-03 2015-07-24
9.0
None Remote Low ??? Complete Complete Complete
Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
Total number of vulnerabilities : 38   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.