|
274851
|
- |
|
apple
|
iphone_os
|
Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink.
|
CWE-264
CWE-59
Permissions, Privileges, and Access Controls
Link Following
|
CVE-2015-3759
|
2024-11-21 11:29 |
2015-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274852
|
- |
|
apple
|
iphone_os
|
UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL.
|
CWE-20
Improper Input Validation
|
CVE-2015-3758
|
2024-11-21 11:29 |
2015-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274853
|
- |
|
apple
|
mac_os_x
|
Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane.
|
CWE-284
Improper Access Control
|
CVE-2015-3757
|
2024-11-21 11:29 |
2015-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274854
|
- |
|
apple
|
iphone_os
|
The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust…
|
CWE-254
7PK - Security Features
|
CVE-2015-3756
|
2024-11-21 11:29 |
2015-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274855
|
- |
|
apple
|
safari
iphone_os
|
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL.
|
CWE-254
7PK - Security Features
|
CVE-2015-3755
|
2024-11-21 11:29 |
2015-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274856
|
- |
|
apple
|
safari
|
The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier f…
|
CWE-200
Information Exposure
|
CVE-2015-3754
|
2024-11-21 11:29 |
2015-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274857
|
- |
|
apple
|
safari
iphone_os
|
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows…
|
CWE-200
Information Exposure
|
CVE-2015-3753
|
2024-11-21 11:29 |
2015-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274858
|
- |
|
apple
canonical
|
safari
iphone_os
ubuntu_linux
|
The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict c…
|
CWE-200
Information Exposure
|
CVE-2015-3752
|
2024-11-21 11:29 |
2015-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274859
|
- |
|
apple
|
safari
iphone_os
|
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mec…
|
CWE-254
7PK - Security Features
|
CVE-2015-3751
|
2024-11-21 11:29 |
2015-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274860
|
- |
|
apple
|
iphone_os
safari
|
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mech…
|
CWE-254
7PK - Security Features
|
CVE-2015-3750
|
2024-11-21 11:29 |
2015-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
