Total
5269 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1117 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2026-06-17 | 6.9 MEDIUM | N/A |
| The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app. | |||||
| CVE-2015-1085 | 1 Apple | 1 Iphone Os | 2026-06-17 | 1.9 LOW | N/A |
| AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app. | |||||
| CVE-2015-1029 | 1 Puppet | 2 Puppet Enterprise, Stdlib | 2026-06-17 | 6.5 MEDIUM | N/A |
| The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache. | |||||
| CVE-2015-0981 | 1 Scadaengine | 1 Bacnet Opc Server | 2026-06-17 | 7.5 HIGH | N/A |
| The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to bypass authentication and read or write to arbitrary database fields via unspecified vectors. | |||||
| CVE-2015-0951 | 1 Qualiteam | 1 X-cart | 2026-06-17 | 6.5 MEDIUM | N/A |
| X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request. | |||||
| CVE-2015-0932 | 1 Antlabs | 7 Inngate Ig 3.00 E, Inngate Ig 3.01 E, Inngate Ig 3.02 E and 4 more | 2026-06-17 | 10.0 HIGH | N/A |
| The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873. | |||||
| CVE-2015-0869 | 1 I-o Data Device | 1 Np-bbrm | 2026-06-17 | 7.8 HIGH | N/A |
| I-O DATA DEVICE NP-BBRM routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. | |||||
| CVE-2015-0864 | 1 Samsung | 2 Galaxy App, Samsung Account App | 2026-06-17 | 7.9 HIGH | 8.0 HIGH |
| Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. | |||||
| CVE-2015-0863 | 1 Samsung | 2 Galaxy App, Samsung Account App | 2026-06-17 | 7.9 HIGH | 8.0 HIGH |
| GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. | |||||
| CVE-2015-0861 | 2 Debian, Tryton | 2 Debian Linux, Trytond | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records. | |||||
| CVE-2015-0856 | 2 Fedoraproject, Sddm Project | 2 Fedora, Sddm | 2026-06-17 | 4.6 MEDIUM | N/A |
| daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme. | |||||
| CVE-2015-0821 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2026-06-17 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. | |||||
| CVE-2015-0818 | 1 Mozilla | 3 Firefox, Firefox Esr, Seamonkey | 2026-06-17 | 7.5 HIGH | N/A |
| Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. | |||||
| CVE-2015-0816 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js. | |||||
| CVE-2015-0804 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2026-06-17 | 7.5 HIGH | N/A |
| The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document containing a SOURCE element. | |||||
| CVE-2015-0803 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2026-06-17 | 7.5 HIGH | N/A |
| The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document. | |||||
| CVE-2015-0802 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2026-06-17 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods. | |||||
| CVE-2015-0801 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-06-17 | 7.5 HIGH | N/A |
| Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818. | |||||
| CVE-2015-0798 | 3 Google, Mozilla, Oracle | 3 Android, Firefox, Solaris | 2026-06-17 | 5.0 MEDIUM | N/A |
| The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy. | |||||
| CVE-2015-0773 | 1 Cisco | 1 Firesight System Software | 2026-06-17 | 5.5 MEDIUM | N/A |
| Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078. | |||||
