Skip to main content
CVE-2015-3659 MEDIUM This Month

The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Privilege Escalation RCE Iphone Os +2
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2015-3727 MEDIUM This Month

WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Safari Iphone Os Mac Os X
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2015-3709 MEDIUM PATCH This Month

Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation. Rated medium severity (CVSS 6.9).

Race Condition Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2015-3658 MEDIUM This Month

The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple CSRF Safari Iphone Os Mac Os X
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-3715 MEDIUM PATCH This Month

The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-3692 MEDIUM PATCH This Month

Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
6.8
EPSS
0.0%
CVE-2015-4239 MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13(0.21) allows remote attackers to cause a denial of service (device reload) by sending crafted OSPFv2 packets on the local. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
CVSS 2.0
6.1
EPSS
0.5%
CVE-2015-3675 MEDIUM PATCH This Month

The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Apache Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-3714 MEDIUM PATCH This Month

Apple OS X before 10.10.4 does not properly consider custom resource rules during app signature verification, which allows attackers to bypass intended launch restrictions via a modified app. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-3728 MEDIUM This Month

The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
4.8
EPSS
0.2%
CVE-2015-3726 MEDIUM This Month

The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Apple RCE Iphone Os
NVD
CVSS 2.0
4.6
EPSS
0.3%
CVE-2015-4232 MEDIUM This Month

Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Nx Os
NVD
CVSS 2.0
4.6
EPSS
0.3%
CVE-2015-4237 MEDIUM This Month

The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco Nx Os
NVD
CVSS 2.0
4.6
EPSS
0.2%
CVE-2015-3716 MEDIUM PATCH This Month

Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library. Rated medium severity (CVSS 4.4). This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Apple Mac Os X
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2015-3725 MEDIUM This Month

MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Denial Of Service Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-3722 MEDIUM This Month

Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Denial Of Service Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-3721 MEDIUM PATCH This Month

The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apple Information Disclosure Mac Os X Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-3690 MEDIUM PATCH This Month

The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apple Information Disclosure Mac Os X Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-3710 MEDIUM PATCH This Month

Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Apple Information Disclosure Iphone Os Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-3720 MEDIUM PATCH This Month

The kernel in Apple OS X before 10.10.4 does not properly manage memory in kernel-extension APIs, which allows attackers to obtain sensitive memory-layout information via a crafted app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-3660 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Apple Safari
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-3711 MEDIUM PATCH This Month

The NTFS implementation in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-3677 MEDIUM PATCH This Month

The LZVN compression feature in AppleFSCompression in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-3676 MEDIUM PATCH This Month

AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information via a crafted app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-4231 LOW Monitor

The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Python Privilege Escalation Nx Os
NVD
CVSS 2.0
3.6
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy