Vulnerabilities (CVE)

Filtered by CWE-264
Total 5268 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-9011 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882.
CVE-2015-9010 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101.
CVE-2015-9009 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600.
CVE-2015-9008 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689.
CVE-2015-9004 2 Google, Linux 2 Android, Linux Kernel 2026-06-17 9.3 HIGH 7.8 HIGH
kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.
CVE-2015-8994 1 Php 1 Php 2026-06-17 6.8 MEDIUM 7.5 HIGH
An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM descriptor, using it to cache and retrieve compiled script bytecode ("opcode" in PHP jargon). Cache keys vary depending on configuration, but filename is a central key component, and compiled opcode can generally be run if a script's filename is known or can be guessed. Many common shared-hosting configurations change EUID in child processes to enforce privilege separation among hosted users (for example using mod_ruid2 for the Apache HTTP Server, or php-fpm user settings). In these scenarios, the default Zend OpCache behavior defeats script file permissions by sharing a single SHM cache among all child PHP processes. PHP scripts often contain sensitive information: Think of CMS configurations where reading or running another user's script usually means gaining privileges to the CMS database.
CVE-2015-8993 1 Mcafee 3 Cloud Av, Security Scan Plus, Security Webadvisor 2026-06-17 6.9 MEDIUM 7.0 HIGH
Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
CVE-2015-8992 1 Mcafee 3 Cloud Av, Security Scan Plus, Security Webadvisor 2026-06-17 6.9 MEDIUM 7.0 HIGH
Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
CVE-2015-8991 1 Mcafee 3 Cloud Av, Security Scan Plus, Security Webadvisor 2026-06-17 6.9 MEDIUM 7.0 HIGH
Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
CVE-2015-8967 2 Google, Linux 2 Android, Linux Kernel 2026-06-17 9.3 HIGH 7.8 HIGH
arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.
CVE-2015-8966 1 Linux 1 Linux Kernel 2026-06-17 7.2 HIGH 7.8 HIGH
arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call.
CVE-2015-8965 2 Oracle, Perforce 2 Data Integrator, Jviews 2026-06-17 7.5 HIGH 9.8 CRITICAL
Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called.
CVE-2015-8955 2 Google, Linux 2 Android, Linux Kernel 2026-06-17 6.9 MEDIUM 7.3 HIGH
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs.
CVE-2015-8954 1 Openinfosecfoundation 1 Suricata 2026-06-17 7.5 HIGH 9.8 CRITICAL
The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request.
CVE-2015-8951 1 Google 1 Android 2026-06-17 9.3 HIGH 7.8 HIGH
Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 30142668 and Qualcomm internal bug CR 948902.
CVE-2015-8943 1 Google 1 Android 2026-06-17 6.8 MEDIUM 7.8 HIGH
drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815158 and Qualcomm internal bugs CR794217 and CR836226.
CVE-2015-8942 1 Google 1 Android 2026-06-17 9.3 HIGH 7.8 HIGH
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and Qualcomm internal bug CR803246.
CVE-2015-8941 1 Google 1 Android 2026-06-17 9.3 HIGH 7.8 HIGH
drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qualcomm internal bug CR792473.
CVE-2015-8940 1 Google 1 Android 2026-06-17 9.3 HIGH 7.8 HIGH
Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367.
CVE-2015-8939 1 Google 1 Android 2026-06-17 9.3 HIGH 7.8 HIGH
drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28398884 and Qualcomm internal bug CR779021.