Total
414 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2529 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more | 2025-04-12 | N/A |
| The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Kernel ASLR Bypass Vulnerability." | ||||
| CVE-2015-2552 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | N/A |
| The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows physically proximate attackers to bypass the Trusted Boot protection mechanism, and consequently interfere with the integrity of code, BitLocker, Device Encryption, and Device Health Attestation, via a crafted Boot Configuration Data (BCD) setting, aka "Trusted Boot Security Feature Bypass Vulnerability." | ||||
| CVE-2016-3287 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more | 2025-04-12 | N/A |
| Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Secure Boot protection mechanism by leveraging administrative access to install a crafted policy, aka "Secure Boot Security Feature Bypass." | ||||
| CVE-2015-3449 | 1 Sap | 1 Afaria | 2025-04-12 | N/A |
| The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file. | ||||
| CVE-2015-3658 | 1 Apple | 3 Iphone Os, Mac Os X, Safari | 2025-04-12 | N/A |
| The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site. | ||||
| CVE-2015-3693 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations. | ||||
| CVE-2015-3710 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | N/A |
| Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message. | ||||
| CVE-2015-3715 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrictions via a crafted library. | ||||
| CVE-2015-3722 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal provisioning profile app. | ||||
| CVE-2015-3728 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area. | ||||
| CVE-2015-3750 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream. | ||||
| CVE-2015-3751 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element. | ||||
| CVE-2015-3755 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL. | ||||
| CVE-2015-4112 | 1 Blackberry | 1 Enterprise Server | 2025-04-12 | N/A |
| The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a "cross frame scripting" issue. | ||||
| CVE-2015-4498 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-12 | N/A |
| The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process. | ||||
| CVE-2015-5303 | 2 Openstack, Redhat | 2 Tripleo Heat Templates, Openstack-director | 2025-04-12 | N/A |
| The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter. | ||||
| CVE-2015-5759 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. | ||||
| CVE-2015-5839 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-12 | N/A |
| dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file. | ||||
| CVE-2015-5850 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup. | ||||
| CVE-2015-5857 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors. | ||||