Vulnerabilities (CVE)

Filtered by CWE-264
Total 5268 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5995 2 Mediabridge, Tenda 3 Medialink Mwn-wapr300n, Medialink Mwn-wapr300n Firmware, N3 Wireless N150 2026-06-17 10.0 HIGH 9.8 CRITICAL
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header.
CVE-2015-5989 1 Zyxel 1 Gs1900-10hp Firmware 2026-06-17 10.0 HIGH 9.8 CRITICAL
Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values.
CVE-2015-5961 1 Mozilla 1 Firefox Os 2026-06-17 3.3 LOW N/A
The COPPA error page in the Accounts setup dialog in Mozilla Firefox OS before 2.2 embeds content from an external web server URL into the System process, which allows man-in-the-middle attackers to bypass intended access restrictions by spoofing that server.
CVE-2015-5945 1 Apple 1 Mac Os X 2026-06-17 7.2 HIGH N/A
The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters.
CVE-2015-5897 1 Apple 1 Mac Os X 2026-06-17 4.6 MEDIUM N/A
The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework.
CVE-2015-5889 1 Apple 1 Mac Os X 2026-06-17 7.2 HIGH N/A
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.
CVE-2015-5888 1 Apple 1 Mac Os X 2026-06-17 7.2 HIGH N/A
The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file.
CVE-2015-5849 1 Apple 1 Mac Os X 2026-06-17 6.8 MEDIUM N/A
The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection.
CVE-2015-5787 1 Apple 1 Iphone Os 2026-06-17 4.3 MEDIUM N/A
The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app.
CVE-2015-5784 1 Apple 1 Mac Os X 2026-06-17 9.3 HIGH N/A
runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2015-5770 1 Apple 1 Iphone Os 2026-06-17 5.8 MEDIUM N/A
MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app.
CVE-2015-5737 1 Fortinet 1 Forticlient 2026-06-17 7.2 HIGH N/A
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call.
CVE-2015-5736 1 Fortinet 1 Forticlient 2026-06-17 7.2 HIGH N/A
The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.
CVE-2015-5735 1 Fortinet 1 Forticlient 2026-06-17 7.2 HIGH N/A
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call.
CVE-2015-5723 3 Debian, Doctrine-project, Zend 10 Debian Linux, Annotations, Cache and 7 more 2026-06-17 7.2 HIGH 7.8 HIGH
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.
CVE-2015-5715 1 Wordpress 1 Wordpress 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.
CVE-2015-5699 1 Cumulusnetworks 1 Cumulus Linux 2026-06-17 7.2 HIGH 7.8 HIGH
The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux 2.5.3 and earlier allows local users to execute arbitrary commands via shell metacharacters in a cl-rctl command label.
CVE-2015-5692 1 Symantec 1 Web Gateway 2026-06-17 7.9 HIGH N/A
admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file.
CVE-2015-5682 1 Powerplay Gallery Project 1 Powerplay Gallery 2026-06-17 5.0 MEDIUM 7.5 HIGH
upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable.
CVE-2015-5675 1 Freebsd 1 Freebsd 2026-06-17 7.2 HIGH 7.8 HIGH
The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic).