WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to. Rated medium severity (CVSS 6.9). No vendor patch available.
rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.3.0 through 11.5.2 and 11.6.0 through 11.6.0 HF4, BIG-IP Edge Gateway, WebAccelerator, and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.