Skip to main content
CVE-2015-3027 MEDIUM This Month

Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Xcode
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-1112 MEDIUM This Month

Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os Safari
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-1148 MEDIUM This Month

Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-1111 MEDIUM This Month

Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-1090 MEDIUM This Month

CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-1128 MEDIUM This Month

The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-1141 MEDIUM This Month

The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Mac Os X
NVD
CVSS 2.0
4.9
EPSS
0.0%
CVE-2013-7436 MEDIUM This Month

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Novnc
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-1115 MEDIUM This Month

The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app. Rated medium severity (CVSS 4.4). No vendor patch available.

Apple Authentication Bypass Iphone Os
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2015-1091 MEDIUM This Month

The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Mac Os X Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-3005 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper XSS Junos
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1125 MEDIUM This Month

The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-3004 MEDIUM This Month

J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1129 MEDIUM This Month

Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Iphone Os Safari
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-1099 MEDIUM This Month

Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a. Rated medium severity (CVSS 4.0). No vendor patch available.

Race Condition Apple Denial Of Service Mac Os X Tvos +1
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2015-1127 LOW Monitor

The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Safari
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1108 LOW Monitor

The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1109 LOW Monitor

NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1116 LOW Monitor

The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1106 LOW Monitor

The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1142 LOW Monitor

LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Mac Os X
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1087 LOW Monitor

Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Apple Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1114 LOW Monitor

The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Tvos Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2015-1097 LOW Monitor

IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Iphone Os Tvos
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2015-1096 LOW Monitor

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Mac Os X Tvos Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2015-1094 LOW Monitor

IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Tvos Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2015-1113 LOW Monitor

The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2015-1085 LOW Monitor

AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2015-1107 LOW Monitor

The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy