CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5862 | medium | — | 4.3 | 11y ago | The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file. | |||
| CVE-2015-5856 | medium | — | 4.3 | 11y ago | The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL. | |||
| CVE-2015-5855 | medium | — | 4.3 | 11y ago | Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app. | |||
| CVE-2015-5838 | medium | — | 4.3 | 11y ago | SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app. | |||
| CVE-2015-5837 | medium | — | 4.3 | 11y ago | PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app. | |||
| CVE-2015-5835 | medium | — | 4.3 | 11y ago | Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme. | |||
| CVE-2015-5834 | medium | — | 4.3 | 11y ago | IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||
| CVE-2015-5826 | medium | — | 4.3 | 11y ago | WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass… | |||
| CVE-2015-5825 | medium | — | 4.3 | 11y ago | WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movem… | |||
| CVE-2015-5824 | medium | — | 4.3 | 11y ago | The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle a… | |||
| CVE-2015-5820 | medium | — | 4.3 | 11y ago | WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL. | |||
| CVE-2015-5788 | medium | — | 4.3 | 11y ago | The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element. | |||
| CVE-2015-5767 | medium | — | 4.3 | 11y ago | The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765. | |||
| CVE-2015-5765 | medium | — | 4.3 | 11y ago | The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767. | |||
| CVE-2015-5764 | medium | — | 4.3 | 11y ago | The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767. | |||
| CVE-2015-6672 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build… | |||
| CVE-2015-6929 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary … | |||
| CVE-2015-6969 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, w… | |||
| CVE-2015-6290 | medium | — | 4.3 | 11y ago | Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426. | |||
| CVE-2015-5630 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to in… | |||
| CVE-2015-6920 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. | |||
| CVE-2015-6919 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) (com_googlesearch_cse) component 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the q paramete… | |||
| CVE-2015-6913 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2015-6909 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or H… | |||
| CVE-2015-6675 | medium | — | 4.3 | 11y ago | Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic. | |||
| CVE-2015-6466 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to i… | |||
| CVE-2015-6584 | medium | — | 4.3 | 11y ago | DataTable Vulnerable to Cross-Site Scripting | |||
| CVE-2015-2544 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to inject arbitrary web script or HTML… | |||
| CVE-2015-2543 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 allows remote attackers to inject arbitrary web script or HTML via a c… | |||
| CVE-2015-2536 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype … | |||
| CVE-2015-2532 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync Server XSS Information Disclosure Vu… | |||
| CVE-2015-2531 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a cra… | |||
| CVE-2015-2516 | medium | — | 4.3 | 11y ago | Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 all… | |||
| CVE-2015-2489 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Elevation of Privilege V… | |||
| CVE-2015-5625 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter. | |||
| CVE-2015-2989 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Twit BBS allows remote attackers to inject arbitrary web script or HTML via the imagetitle parameter. | |||
| CVE-2015-2986 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji (rktSNS2) 0.2.2b allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-2985 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in guide-park.com BBS X102 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-5612 | medium | — | 4.3 | 11y ago | October CMS XSS In Caption Tag of Profile | |||
| CVE-2015-6583 | medium | — | 4.3 | 11y ago | Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof … | |||
| CVE-2015-1298 | medium | — | 4.3 | 11y ago | The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corre… | |||
| CVE-2015-4552 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the co… | |||
| CVE-2015-6506 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key. | |||
| CVE-2015-6737 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content. | |||
| CVE-2015-6734 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.… | |||
| CVE-2015-6732 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) wpSummary parameter to Speci… | |||
| CVE-2015-6731 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via a (1) section_*, (2) template_*, (3)… | |||
| CVE-2015-6730 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via th… | |||
| CVE-2015-6729 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via th… | |||
| CVE-2015-2807 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase pa… | |||
| CVE-2015-6744 | medium | — | 4.3 | 11y ago | Basware Banking (Maksuliikenne) before 8.90.07.X relies on the client to enforce (1) login verification, (2) audit trail creation, and (3) account locking, which allows remote attackers to "disrupt s… | |||
| CVE-2015-6265 | medium | — | 4.3 | 11y ago | The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earlier allows local users to bypass intended access restrictions, and read or write to files, by entering an unspecified CLI command… | |||
| CVE-2015-6249 | medium | — | 4.3 | 11y ago | The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 … | |||
| CVE-2015-6248 | medium | — | 4.3 | 11y ago | The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attac… | |||
| CVE-2015-6247 | medium | — | 4.3 | 11y ago | The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows re… | |||
| CVE-2015-6246 | medium | — | 4.3 | 11y ago | The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause … | |||
| CVE-2015-6245 | medium | — | 4.3 | 11y ago | epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infin… | |||
| CVE-2015-6244 | medium | — | 4.3 | 11y ago | The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which… | |||
| CVE-2015-6243 | medium | — | 4.3 | 11y ago | The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (applicat… | |||
| CVE-2015-6242 | medium | — | 4.3 | 11y ago | The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain c… | |||
| CVE-2015-6241 | medium | — | 4.3 | 11y ago | The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a n… | |||
| CVE-2015-6665 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script … | |||
| CVE-2015-6663 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, a… | |||
| CVE-2015-6658 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, rel… | |||
| CVE-2015-0298 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message. | |||
| CVE-2015-2872 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x befor… | |||
| CVE-2015-2015 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a… | |||
| CVE-2015-2982 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to i… | |||
| CVE-2015-6530 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext para… | |||
| CVE-2015-6529 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip paramete… | |||
| CVE-2015-6528 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_use… | |||
| CVE-2015-3219 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbi… | |||
| CVE-2015-4310 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse 10.5(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request,… | |||
| CVE-2015-6255 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-Mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via a crafted chat message, aka Bug … | |||
| CVE-2015-5507 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitr… | |||
| CVE-2015-5492 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Video Consultation module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-5487 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Camtasia Relay module 6.x-2.x before 6.x-3.2 and 7.x-2.x before 7.x-1.3 for Drupal allows remote authenticated users with the "view meta information" p… | |||
| CVE-2015-5481 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab p… | |||
| CVE-2015-6515 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 all… | |||
| CVE-2015-6514 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Enterprise 6.2.x before 6.2.4 and Splunk Light 6.2.x before 6.2.4 allows remote authenticated users to inject arbitrary web script … | |||
| CVE-2015-6511 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php. | |||
| CVE-2015-6510 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_va… | |||
| CVE-2015-6509 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; … | |||
| CVE-2015-6508 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the descr parameter in a "new" action to system_authservers.php. | |||
| CVE-2015-5485 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to i… | |||
| CVE-2015-4029 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiv… | |||
| CVE-2015-5782 | medium | — | 4.3 | 11y ago | ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory… | |||
| CVE-2015-5781 | medium | — | 4.3 | 11y ago | ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory… | |||
| CVE-2015-5768 | medium | — | 4.3 | 11y ago | AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||
| CVE-2015-5749 | medium | — | 4.3 | 11y ago | The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | |||
| CVE-2015-3807 | medium | — | 4.3 | 11y ago | libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XM… | |||
| CVE-2015-3793 | medium | — | 4.3 | 11y ago | CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | |||
| CVE-2015-3786 | medium | — | 4.3 | 11y ago | The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired … | |||
| CVE-2015-3782 | medium | — | 4.3 | 11y ago | CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app. | |||
| CVE-2015-3781 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered d… | |||
| CVE-2015-3780 | medium | — | 4.3 | 11y ago | The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||
| CVE-2015-3766 | medium | — | 4.3 | 11y ago | The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a … | |||
| CVE-2015-3764 | medium | — | 4.3 | 11y ago | Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, which allows attackers to read arbitrary notifications via a crafted app. | |||
| CVE-2015-3763 | medium | — | 4.3 | 11y ago | Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site. | |||
| CVE-2015-3758 | medium | — | 4.3 | 11y ago | UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL. |