Vulnerabilities (CVE)

Filtered by CWE-264
Total 5268 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8938 1 Google 1 Android 2026-06-17 9.3 HIGH 7.8 HIGH
The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm internal bug CR766022.
CVE-2015-8892 1 Google 1 Android 2026-06-17 9.3 HIGH 7.8 HIGH
platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998.
CVE-2015-8890 1 Google 1 Android 2026-06-17 9.3 HIGH 7.8 HIGH
platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard (MMC), aka Android internal bug 28822878 and Qualcomm internal bug CR823461.
CVE-2015-8889 1 Google 1 Android 2026-06-17 9.3 HIGH 7.8 HIGH
The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067.
CVE-2015-8888 1 Google 1 Android 2026-06-17 9.3 HIGH 7.8 HIGH
Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka Android internal bug 28822465 and Qualcomm internal bug CR813933.
CVE-2015-8842 1 Opensuse 1 Opensuse 2026-06-17 2.1 LOW 3.3 LOW
tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file.
CVE-2015-8768 2 Canonical, Click Project 2 Ubuntu Linux, Click 2026-06-17 7.5 HIGH 9.8 CRITICAL
click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone.
CVE-2015-8754 1 Acquia 1 Mollom 2026-06-17 5.0 MEDIUM 7.5 HIGH
The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote attackers to bypass intended access restrictions and modify the mollom blacklist via unspecified vectors.
CVE-2015-8753 1 Sap 1 Afaria 2026-06-17 9.4 HIGH 9.1 CRITICAL
SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905.
CVE-2015-8748 1 Radicale 1 Radicale 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".
CVE-2015-8709 1 Linux 1 Linux Kernel 2026-06-17 6.9 MEDIUM 7.0 HIGH
kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here.
CVE-2015-8671 1 Huawei 1 Logcenter 2026-06-17 6.5 MEDIUM 8.8 HIGH
Huawei LogCenter V100R001C10 could allow an authenticated attacker to tamper with requests using a tool and submit a request to the server for privilege escalation, affecting some system functions.
CVE-2015-8660 1 Linux 1 Linux Kernel 2026-06-17 7.2 HIGH 6.7 MEDIUM
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.
CVE-2015-8621 1 Tcoffee 1 T-coffee 2026-06-17 2.1 LOW 5.5 MEDIUM
t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally.
CVE-2015-8612 1 Blueman Project 1 Blueman 2026-06-17 7.2 HIGH 8.4 HIGH
The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument.
CVE-2015-8600 1 Sap 1 Mobile Platform 2026-06-17 7.5 HIGH N/A
The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vectors, aka SAP Security Note 2227855.
CVE-2015-8579 1 Kaspersky 1 Total Security 2015 2026-06-17 6.4 MEDIUM N/A
Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.
CVE-2015-8578 1 Avg 1 Internet Security 2026-06-17 6.4 MEDIUM N/A
AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.
CVE-2015-8577 1 Mcafee 1 Virusscan Enterprise 2026-06-17 2.6 LOW N/A
The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.
CVE-2015-8570 1 Lepide 1 Active Directory Self Service 2026-06-17 7.4 HIGH N/A
The password reset functionality in Lepide Active Directory Self Service allows remote authenticated users to change arbitrary domain user passwords via a crafted request.