CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6551 CVE-2015-3737 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
6552 CVE-2015-3736 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
6553 CVE-2015-3735 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
6554 CVE-2015-3734 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
6555 CVE-2015-3733 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
6556 CVE-2015-3732 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
6557 CVE-2015-3731 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
6558 CVE-2015-3730 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
6559 CVE-2015-3727 264 2015-07-02 2016-12-27
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site.
6560 CVE-2015-3724 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2016-12-30
6.8
None Remote Medium Not required Partial Partial Partial
CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723.
6561 CVE-2015-3723 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2016-12-30
6.8
None Remote Medium Not required Partial Partial Partial
CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3724.
6562 CVE-2015-3719 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694.
6563 CVE-2015-3718 Exec Code 2015-07-02 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a "type confusion" issue.
6564 CVE-2015-3715 254 Bypass 2015-07-02 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrictions via a crafted library.
6565 CVE-2015-3713 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2016-12-30
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file.
6566 CVE-2015-3709 362 Bypass 2015-07-02 2017-09-21
6.9
None Local Medium Not required Complete Complete Complete
Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation.
6567 CVE-2015-3703 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image.
6568 CVE-2015-3694 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719.
6569 CVE-2015-3692 284 2015-07-02 2016-12-05
6.8
None Local Low Single system Complete Complete Complete
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges.
6570 CVE-2015-3689 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3688.
6571 CVE-2015-3688 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689.
6572 CVE-2015-3687 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3688, and CVE-2015-3689.
6573 CVE-2015-3686 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689.
6574 CVE-2015-3685 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689.
6575 CVE-2015-3684 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL.
6576 CVE-2015-3682 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3680, and CVE-2015-3681.
6577 CVE-2015-3681 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3680, and CVE-2015-3682.
6578 CVE-2015-3680 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3681, and CVE-2015-3682.
6579 CVE-2015-3679 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3680, CVE-2015-3681, and CVE-2015-3682.
6580 CVE-2015-3669 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2016-12-27
6.8
None Remote Medium Not required Partial Partial Partial
QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3665.
6581 CVE-2015-3668 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2016-12-27
6.8
None Remote Medium Not required Partial Partial Partial
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3666, and CVE-2015-3667.
6582 CVE-2015-3667 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2016-12-27
6.8
None Remote Medium Not required Partial Partial Partial
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3666, and CVE-2015-3668.
6583 CVE-2015-3666 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2016-12-27
6.8
None Remote Medium Not required Partial Partial Partial
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3667, and CVE-2015-3668.
6584 CVE-2015-3665 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2016-12-27
6.8
None Remote Medium Not required Partial Partial Partial
QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3669.
6585 CVE-2015-3664 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2016-12-27
6.8
None Remote Medium Not required Partial Partial Partial
QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3665 and CVE-2015-3669.
6586 CVE-2015-3663 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2016-12-27
6.8
None Remote Medium Not required Partial Partial Partial
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668.
6587 CVE-2015-3662 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2016-12-27
6.8
None Remote Medium Not required Partial Partial Partial
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668.
6588 CVE-2015-3661 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2016-12-27
6.8
None Remote Medium Not required Partial Partial Partial
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3662, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668.
6589 CVE-2015-3659 264 DoS Exec Code 2015-07-02 2016-12-27
6.8
None Remote Medium Not required Partial Partial Partial
The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
6590 CVE-2015-3658 254 Bypass CSRF 2015-07-02 2016-12-27
6.8
None Remote Medium Not required Partial Partial Partial
The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site.
6591 CVE-2015-3657 284 +Priv 2017-08-29 2017-09-06
6.5
None Remote Low Single system Partial Partial Partial
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors.
6592 CVE-2015-3656 285 +Priv 2017-08-29 2017-09-06
6.5
None Remote Low Single system Partial Partial Partial
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks.
6593 CVE-2015-3655 352 CSRF 2017-08-29 2017-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token.
6594 CVE-2015-3640 94 2017-07-21 2017-07-25
6.0
None Remote Medium Single system Partial Partial Partial
phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the path, filename, and dirs parameters to scheduled.php, and making requests to injected scripts.
6595 CVE-2015-3639 20 Exec Code 2017-07-21 2017-07-25
6.5
None Remote Low Single system Partial Partial Partial
phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file.
6596 CVE-2015-3638 94 Exec Code 2017-07-21 2017-07-25
6.5
None Remote Low Single system Partial Partial Partial
phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable.
6597 CVE-2015-3637 89 Exec Code Sql 2017-12-27 2018-01-11
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters.
6598 CVE-2015-3623 2015-09-16 2018-10-09
6.4
None Remote Low Not required Partial Partial None
XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx.
6599 CVE-2015-3458 264 2015-04-29 2016-12-05
6.5
None Remote Low Single system Partial Partial Partial
The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stream wrapper, related to the setScriptPath function. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have privileges to include arbitrary files.
6600 CVE-2015-3450 119 DoS Exec Code Overflow Mem. Corr. 2017-09-06 2017-09-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted XML document.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.