Total
5231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6980 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2015-6861 | 1 Eucalyptus | 1 Eucalyptus | 2024-11-21 | 4.6 MEDIUM | 7.5 HIGH |
| HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account. | |||||
| CVE-2015-6860 | 1 Hp | 54 J8692a, J8693a, J8697a and 51 more | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859. | |||||
| CVE-2015-6859 | 1 Hp | 54 J8692a, J8693a, J8697a and 51 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860. | |||||
| CVE-2015-6856 | 1 Dell | 1 Pre-boot Authentication Driver | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call. | |||||
| CVE-2015-6850 | 1 Emc | 1 Vplex Geosynchrony | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. | |||||
| CVE-2015-6786 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | N/A |
| The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a * pattern, which allows remote attackers to bypass intended scheme restrictions in opportunistic circumstances by leveraging a policy that relies on this pattern. | |||||
| CVE-2015-6785 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | N/A |
| The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a *.x.y pattern, which might allow remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a policy that was intended to be specific to subdomains. | |||||
| CVE-2015-6779 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | N/A |
| PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://settings URL. | |||||
| CVE-2015-6772 | 1 Google | 1 Chrome | 2024-11-21 | 7.5 HIGH | N/A |
| The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin. | |||||
| CVE-2015-6770 | 1 Google | 1 Chrome | 2024-11-21 | 7.5 HIGH | N/A |
| The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768. | |||||
| CVE-2015-6769 | 1 Google | 1 Chrome | 2024-11-21 | 7.5 HIGH | N/A |
| The provisional-load commit implementation in WebKit/Source/bindings/core/v8/WindowProxy.cpp in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy by leveraging a delay in window proxy clearing. | |||||
| CVE-2015-6768 | 1 Google | 1 Chrome | 2024-11-21 | 7.5 HIGH | N/A |
| The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6770. | |||||
| CVE-2015-6755 | 1 Google | 1 Chrome | 2024-11-21 | 7.5 HIGH | N/A |
| The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | |||||
| CVE-2015-6745 | 1 Basware | 1 Banking | 2024-11-21 | 4.6 MEDIUM | N/A |
| Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-6744. | |||||
| CVE-2015-6654 | 1 Xen | 1 Xen | 2024-11-21 | 2.1 LOW | N/A |
| The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map the memory of a foreign guest. | |||||
| CVE-2015-6647 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554. | |||||
| CVE-2015-6645 | 1 Google | 1 Android | 2024-11-21 | 7.1 HIGH | 5.0 MEDIUM |
| SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205. | |||||
| CVE-2015-6643 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 6.6 MEDIUM |
| Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269. | |||||
| CVE-2015-6642 | 1 Google | 1 Android | 2024-11-21 | 7.8 HIGH | 9.8 CRITICAL |
| The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24157888. | |||||