Skip to main content
CVE-2015-5858 MEDIUM This Month

The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os Watchos
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2015-5827 MEDIUM This Month

WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-6297 MEDIUM This Month

The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-5857 MEDIUM This Month

Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-5906 MEDIUM This Month

The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-5905 MEDIUM This Month

Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-5909 MEDIUM PATCH This Month

IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apple Information Disclosure Xcode
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-3962 MEDIUM This Month

Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Struxureware Building Expert Multi Purpose Management
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-7237 MEDIUM This Month

Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mcafee Agent
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-5862 MEDIUM This Month

The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow Iphone Os Mac Os X +1
NVD
CVSS 2.0
4.3
EPSS
1.8%
CVE-2015-5764 MEDIUM This Month

The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Safari Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2015-5856 MEDIUM This Month

The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Denial Of Service Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-5826 MEDIUM This Month

WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Authentication Bypass Safari Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-5767 MEDIUM This Month

The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Safari Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-5765 MEDIUM This Month

The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Iphone Os Safari
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-5788 MEDIUM This Month

The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Iphone Os Safari
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-5825 MEDIUM This Month

WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Safari Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-5820 MEDIUM This Month

WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Safari Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-5916 MEDIUM This Month

The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Watchos Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-5855 MEDIUM This Month

Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Watchos Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-5837 MEDIUM This Month

PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Authentication Bypass Watchos Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-5834 MEDIUM This Month

IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Iphone Os Watchos
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-5904 MEDIUM This Month

Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-5921 MEDIUM This Month

WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-5880 MEDIUM This Month

CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-5835 MEDIUM This Month

Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-5920 MEDIUM This Month

The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Itunes
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-5838 MEDIUM This Month

SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Apple Authentication Bypass Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-5824 MEDIUM This Month

The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle. Rated medium severity (CVSS 4.3). No vendor patch available.

Apple Information Disclosure Watchos Mac Os X Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy