|
2841
|
-
4.3
|
MEDIUM
|
PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app.
|
CWE-20
Improper Input Validation
|
CVE-2015-5837
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4.1
|
|
|
2024-11-21 11:33
2015-09-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2842
|
-
4.3
|
MEDIUM
|
Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme.
|
CWE-200
Information Exposure
|
CVE-2015-5835
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4.1
|
|
|
2024-11-21 11:33
2015-09-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2843
|
-
4.3
|
MEDIUM
|
IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
|
CWE-200
Information Exposure
|
CVE-2015-5834
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4.1
|
|
|
2024-11-21 11:33
2015-09-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2844
|
-
2.1
|
LOW
|
The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensi…
|
CWE-200
Information Exposure
|
CVE-2015-5832
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4.1
|
|
|
2024-11-21 11:33
2015-09-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2845
|
-
5.0
|
MEDIUM
|
NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app.
|
CWE-200
Information Exposure
|
CVE-2015-5831
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4.1
|
|
|
2024-11-21 11:33
2015-09-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2846
|
-
6.8
|
MEDIUM
|
Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-5829
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4.1
|
|
|
2024-11-21 11:33
2015-09-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2847
|
-
5.0
|
MEDIUM
|
WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state even…
|
CWE-200
Information Exposure
|
CVE-2015-5827
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4.1
|
|
|
2024-11-21 11:33
2015-09-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2848
|
-
4.3
|
MEDIUM
|
WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass…
|
CWE-284
Improper Access Control
|
CVE-2015-5826
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4.1
|
|
|
2024-11-21 11:33
2015-09-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2849
|
-
4.3
|
MEDIUM
|
WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movem…
|
CWE-200
Information Exposure
|
CVE-2015-5825
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4.1
|
|
|
2024-11-21 11:33
2015-09-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2850
|
-
4.3
|
MEDIUM
|
The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle a…
|
CWE-310
Cryptographic Issues
|
CVE-2015-5824
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4.1
|
|
|
2024-11-21 11:33
2015-09-18
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|