Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-6786 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a * pattern, which allows remote attackers to bypass intended scheme restrictions in opportunistic circumstances by leveraging a policy that relies on this pattern. | ||||
CVE-2015-6785 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a *.x.y pattern, which might allow remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a policy that was intended to be specific to subdomains. | ||||
CVE-2015-6779 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://settings URL. | ||||
CVE-2015-6768 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6770. | ||||
CVE-2015-6772 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin. | ||||
CVE-2015-6639 | 1 Google | 1 Android | 2024-08-06 | N/A |
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875. | ||||
CVE-2015-6755 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | ||||
CVE-2015-6638 | 1 Google | 1 Android | 2024-08-06 | N/A |
The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908. | ||||
CVE-2015-6606 | 1 Google | 1 Android | 2024-08-06 | N/A |
The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22301786. | ||||
CVE-2015-6769 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
The provisional-load commit implementation in WebKit/Source/bindings/core/v8/WindowProxy.cpp in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy by leveraging a delay in window proxy clearing. | ||||
CVE-2015-6637 | 1 Google | 1 Android | 2024-08-06 | N/A |
The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013. | ||||
CVE-2015-6647 | 1 Google | 1 Android | 2024-08-06 | N/A |
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554. | ||||
CVE-2015-6770 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768. | ||||
CVE-2015-6745 | 1 Basware | 1 Banking | 2024-08-06 | N/A |
Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-6744. | ||||
CVE-2015-6620 | 1 Google | 1 Android | 2024-08-06 | N/A |
libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and 24445127. | ||||
CVE-2015-6642 | 1 Google | 1 Android | 2024-08-06 | N/A |
The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24157888. | ||||
CVE-2015-6640 | 1 Google | 1 Android | 2024-08-06 | N/A |
The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123. | ||||
CVE-2015-6654 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map the memory of a foreign guest. | ||||
CVE-2015-6643 | 1 Google | 1 Android | 2024-08-06 | N/A |
Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269. | ||||
CVE-2015-6645 | 1 Google | 1 Android | 2024-08-06 | N/A |
SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205. |