|
2981
|
-
6.8
|
MEDIUM
|
The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects…
|
CWE-254
7PK - Security Features
|
CVE-2015-3658
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.3
|
|
|
2024-11-21 11:29
2015-07-3
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2982
|
-
7.8
|
HIGH
|
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display trunc…
|
CWE-17
Code
|
CVE-2015-1157
|
cpe:2.3:o:apple:iphone_os:8.3:* cpe:2.3:o:apple:iphone_os:8.2:* cpe:2.3:o:apple:iphone_os:8.1:* cpe:2.3:o:appl…
|
|
|
|
|
2024-11-21 11:24
2015-05-28
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2983
|
-
7.5
|
HIGH
|
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track d…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-8146
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.2
|
|
|
2024-11-21 11:18
2015-05-26
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2984
|
3.7
4.3
|
LOW
Network
|
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to c…
|
CWE-310
Cryptographic Issues
|
CVE-2015-4000
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.3
|
|
|
2024-11-21 11:30
2015-05-21
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2985
|
-
4.3
|
MEDIUM
|
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remot…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1156
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.3
|
|
|
2024-11-21 11:24
2015-05-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2986
|
-
4.3
|
MEDIUM
|
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files v…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1155
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.3
|
|
|
2024-11-21 11:24
2015-05-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2987
|
-
6.8
|
MEDIUM
|
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application…
|
NVD-CWE-noinfo
|
CVE-2015-1153
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.3
|
|
|
2024-11-21 11:24
2015-05-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2988
|
-
6.8
|
MEDIUM
|
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application…
|
NVD-CWE-noinfo
|
CVE-2015-1152
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.3
|
|
|
2024-11-21 11:24
2015-05-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2989
|
-
4.3
|
MEDIUM
|
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.
|
CWE-310
Cryptographic Issues
|
CVE-2015-1129
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.4.1
|
|
|
2024-11-21 11:24
2015-04-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2990
|
-
4.3
|
MEDIUM
|
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers t…
|
CWE-20
Improper Input Validation
|
CVE-2015-1126
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.2
|
|
|
2024-11-21 11:24
2015-04-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|