|
2921
|
-
4.3
|
MEDIUM
|
CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-3793
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4
|
|
|
2024-11-21 11:29
2015-08-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2922
|
-
5.0
|
MEDIUM
|
Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an en…
|
CWE-200
Information Exposure
|
CVE-2015-3784
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4
|
|
|
2024-11-21 11:29
2015-08-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2923
|
-
4.3
|
MEDIUM
|
CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.
|
CWE-200
Information Exposure
|
CVE-2015-3782
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4
|
|
|
2024-11-21 11:29
2015-08-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2924
|
-
3.3
|
LOW
|
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 n…
|
CWE-200
Information Exposure
|
CVE-2015-3778
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4
|
|
|
2024-11-21 11:29
2015-08-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2925
|
-
9.3
|
HIGH
|
IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-3776
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4
|
|
|
2024-11-21 11:29
2015-08-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2926
|
-
9.3
|
HIGH
|
Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API …
|
CWE-189
Numeric Errors
|
CVE-2015-3768
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4
|
|
|
2024-11-21 11:29
2015-08-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2927
|
-
4.3
|
MEDIUM
|
The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a …
|
CWE-200
Information Exposure
|
CVE-2015-3766
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4
|
|
|
2024-11-21 11:29
2015-08-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2928
|
-
4.3
|
MEDIUM
|
Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site.
|
CWE-19
Data Processing Errors
|
CVE-2015-3763
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4
|
|
|
2024-11-21 11:29
2015-08-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2929
|
-
4.6
|
MEDIUM
|
Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink.
|
CWE-264 CWE-59
Permissions, Privileges, and Access Controls Link Following
|
CVE-2015-3759
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4
|
|
|
2024-11-21 11:29
2015-08-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2930
|
-
4.3
|
MEDIUM
|
UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL.
|
CWE-20
Improper Input Validation
|
CVE-2015-3758
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4
|
|
|
2024-11-21 11:29
2015-08-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|