Vulnerabilities (CVE)

Filtered by CWE-264
Total 5269 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-1117 1 Apple 3 Iphone Os, Mac Os X, Tvos 2026-06-17 6.9 MEDIUM N/A
The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app.
CVE-2015-1085 1 Apple 1 Iphone Os 2026-06-17 1.9 LOW N/A
AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.
CVE-2015-1029 1 Puppet 2 Puppet Enterprise, Stdlib 2026-06-17 6.5 MEDIUM N/A
The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.
CVE-2015-0981 1 Scadaengine 1 Bacnet Opc Server 2026-06-17 7.5 HIGH N/A
The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to bypass authentication and read or write to arbitrary database fields via unspecified vectors.
CVE-2015-0951 1 Qualiteam 1 X-cart 2026-06-17 6.5 MEDIUM N/A
X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request.
CVE-2015-0932 1 Antlabs 7 Inngate Ig 3.00 E, Inngate Ig 3.01 E, Inngate Ig 3.02 E and 4 more 2026-06-17 10.0 HIGH N/A
The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873.
CVE-2015-0869 1 I-o Data Device 1 Np-bbrm 2026-06-17 7.8 HIGH N/A
I-O DATA DEVICE NP-BBRM routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests.
CVE-2015-0864 1 Samsung 2 Galaxy App, Samsung Account App 2026-06-17 7.9 HIGH 8.0 HIGH
Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code.
CVE-2015-0863 1 Samsung 2 Galaxy App, Samsung Account App 2026-06-17 7.9 HIGH 8.0 HIGH
GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code.
CVE-2015-0861 2 Debian, Tryton 2 Debian Linux, Trytond 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.
CVE-2015-0856 2 Fedoraproject, Sddm Project 2 Fedora, Sddm 2026-06-17 4.6 MEDIUM N/A
daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.
CVE-2015-0821 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2026-06-17 6.8 MEDIUM N/A
Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions.
CVE-2015-0818 1 Mozilla 3 Firefox, Firefox Esr, Seamonkey 2026-06-17 7.5 HIGH N/A
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.
CVE-2015-0816 1 Mozilla 2 Firefox, Thunderbird 2026-06-17 5.0 MEDIUM N/A
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.
CVE-2015-0804 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2026-06-17 7.5 HIGH N/A
The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document containing a SOURCE element.
CVE-2015-0803 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2026-06-17 7.5 HIGH N/A
The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document.
CVE-2015-0802 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2026-06-17 5.0 MEDIUM N/A
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.
CVE-2015-0801 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2026-06-17 7.5 HIGH N/A
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.
CVE-2015-0798 3 Google, Mozilla, Oracle 3 Android, Firefox, Solaris 2026-06-17 5.0 MEDIUM N/A
The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy.
CVE-2015-0773 1 Cisco 1 Firesight System Software 2026-06-17 5.5 MEDIUM N/A
Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078.