|
3001
|
-
4.4
|
MEDIUM
|
The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.
|
CWE-284
Improper Access Control
|
CVE-2015-1115
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.2
|
|
|
2024-11-21 11:24
2015-04-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3002
|
-
1.9
|
LOW
|
The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.
|
CWE-200
Information Exposure
|
CVE-2015-1114
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.2
|
|
|
2024-11-21 11:24
2015-04-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3003
|
-
1.9
|
LOW
|
The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.
|
CWE-200
Information Exposure
|
CVE-2015-1113
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.2
|
|
|
2024-11-21 11:24
2015-04-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3004
|
-
5.0
|
MEDIUM
|
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which all…
|
CWE-200
Information Exposure
|
CVE-2015-1112
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.2
|
|
|
2024-11-21 11:24
2015-04-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3005
|
-
5.0
|
MEDIUM
|
Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
|
CWE-200
Information Exposure
|
CVE-2015-1111
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.2
|
|
|
2024-11-21 11:24
2015-04-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3006
|
-
5.0
|
MEDIUM
|
The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.
|
CWE-200
Information Exposure
|
CVE-2015-1110
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.2
|
|
|
2024-11-21 11:24
2015-04-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3007
|
-
2.1
|
LOW
|
NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.
|
CWE-200
Information Exposure
|
CVE-2015-1109
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.2
|
|
|
2024-11-21 11:24
2015-04-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3008
|
-
2.1
|
LOW
|
The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain…
|
CWE-200
Information Exposure
|
CVE-2015-1108
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.2
|
|
|
2024-11-21 11:24
2015-04-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3009
|
-
1.9
|
LOW
|
The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attack…
|
NVD-CWE-noinfo
|
CVE-2015-1107
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.2
|
|
|
2024-11-21 11:24
2015-04-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3010
|
-
2.1
|
LOW
|
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.
|
CWE-200
Information Exposure
|
CVE-2015-1106
|
cpe:2.3:o:apple:iphone_os:*:*
|
|
8.2
|
|
|
2024-11-21 11:24
2015-04-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|