Vulnerabilities (CVE)

Filtered by CWE-264
Total 5268 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7223 3 Fedoraproject, Mozilla, Opensuse 4 Fedora, Firefox, Leap and 1 more 2026-06-17 4.0 MEDIUM N/A
The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site.
CVE-2015-7197 1 Mozilla 1 Firefox 2026-06-17 5.0 MEDIUM N/A
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.
CVE-2015-7071 1 Apple 1 Mac Os X 2026-06-17 10.0 HIGH N/A
The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protection mechanism for app scoped bookmarks via a crafted pathname.
CVE-2015-7063 1 Apple 1 Mac Os X 2026-06-17 7.2 HIGH N/A
The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname.
CVE-2015-7062 1 Apple 2 Iphone Os, Mac Os X 2026-06-17 4.6 MEDIUM N/A
Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors.
CVE-2015-7052 1 Apple 1 Mac Os X 2026-06-17 7.2 HIGH N/A
kext tools in Apple OS X before 10.11.2 mishandles kernel-extension loading, which allows local users to gain privileges via unspecified vectors.
CVE-2015-7051 1 Apple 2 Iphone Os, Tvos 2026-06-17 9.3 HIGH N/A
MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2015-7031 1 Apple 1 Mac Os X Server 2026-06-17 5.0 MEDIUM N/A
The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors.
CVE-2015-7016 1 Apple 1 Mac Os X 2026-06-17 7.6 HIGH N/A
The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app.
CVE-2015-7003 1 Apple 1 Mac Os X 2026-06-17 6.8 MEDIUM N/A
coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app.
CVE-2015-7001 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2026-06-17 6.8 MEDIUM N/A
AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app.
CVE-2015-6980 1 Apple 1 Mac Os X 2026-06-17 7.2 HIGH 7.8 HIGH
Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors.
CVE-2015-6861 1 Eucalyptus 1 Eucalyptus 2026-06-17 4.6 MEDIUM 7.5 HIGH
HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account.
CVE-2015-6860 1 Hp 54 J8692a, J8693a, J8697a and 51 more 2026-06-17 7.2 HIGH 8.4 HIGH
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.
CVE-2015-6859 1 Hp 54 J8692a, J8693a, J8697a and 51 more 2026-06-17 4.6 MEDIUM 7.8 HIGH
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860.
CVE-2015-6856 1 Dell 1 Pre-boot Authentication Driver 2026-06-17 7.2 HIGH 7.8 HIGH
Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call.
CVE-2015-6850 1 Emc 1 Vplex Geosynchrony 2026-06-17 7.2 HIGH 8.4 HIGH
EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session.
CVE-2015-6786 1 Google 1 Chrome 2026-06-17 4.3 MEDIUM N/A
The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a * pattern, which allows remote attackers to bypass intended scheme restrictions in opportunistic circumstances by leveraging a policy that relies on this pattern.
CVE-2015-6785 1 Google 1 Chrome 2026-06-17 4.3 MEDIUM N/A
The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a *.x.y pattern, which might allow remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a policy that was intended to be specific to subdomains.
CVE-2015-6779 1 Google 1 Chrome 2026-06-17 4.3 MEDIUM N/A
PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://settings URL.