Skip to main content
CVE-2015-1415 LOW POC Monitor

The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2015-1146 LOW POC Monitor

The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2015-1145 LOW POC Monitor

The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2015-1127 LOW Monitor

The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Safari
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1108 LOW Monitor

The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1109 LOW Monitor

NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1116 LOW Monitor

The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1106 LOW Monitor

The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1142 LOW Monitor

LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Mac Os X
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1087 LOW Monitor

Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Apple Iphone Os
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1114 LOW Monitor

The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Tvos Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2015-1097 LOW Monitor

IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Iphone Os Tvos
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2015-1096 LOW Monitor

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Mac Os X Tvos Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2015-1094 LOW Monitor

IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Tvos Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2015-1113 LOW Monitor

The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2015-1085 LOW Monitor

AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2015-1107 LOW Monitor

The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy