# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
35951 |
CVE-2015-3731 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-08-16 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. |
35952 |
CVE-2015-3730 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-08-16 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. |
35953 |
CVE-2015-3729 |
254 |
|
|
2015-08-16 |
2016-12-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site. |
35954 |
CVE-2015-3728 |
254 |
|
|
2015-07-02 |
2016-12-27 |
4.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
None |
The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area. |
35955 |
CVE-2015-3727 |
264 |
|
|
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site. |
35956 |
CVE-2015-3726 |
20 |
|
Exec Code |
2015-07-02 |
2016-12-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card. |
35957 |
CVE-2015-3725 |
399 |
|
DoS |
2015-07-02 |
2016-12-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted universal provisioning profile app. |
35958 |
CVE-2015-3724 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2016-12-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723. |
35959 |
CVE-2015-3723 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2016-12-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3724. |
35960 |
CVE-2015-3722 |
254 |
|
DoS |
2015-07-02 |
2016-12-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal provisioning profile app. |
35961 |
CVE-2015-3721 |
200 |
|
+Info |
2015-07-02 |
2017-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app. |
35962 |
CVE-2015-3720 |
200 |
|
+Info |
2015-07-02 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The kernel in Apple OS X before 10.10.4 does not properly manage memory in kernel-extension APIs, which allows attackers to obtain sensitive memory-layout information via a crafted app. |
35963 |
CVE-2015-3719 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694. |
35964 |
CVE-2015-3718 |
|
|
Exec Code |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a "type confusion" issue. |
35965 |
CVE-2015-3716 |
77 |
|
Exec Code |
2015-07-02 |
2017-09-21 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library. |
35966 |
CVE-2015-3715 |
254 |
|
Bypass |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrictions via a crafted library. |
35967 |
CVE-2015-3714 |
254 |
|
Bypass |
2015-07-02 |
2017-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Apple OS X before 10.10.4 does not properly consider custom resource rules during app signature verification, which allows attackers to bypass intended launch restrictions via a modified app. |
35968 |
CVE-2015-3713 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2016-12-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file. |
35969 |
CVE-2015-3711 |
200 |
|
+Info |
2015-07-02 |
2017-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The NTFS implementation in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. |
35970 |
CVE-2015-3710 |
254 |
|
|
2015-07-02 |
2017-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message. |
35971 |
CVE-2015-3709 |
362 |
|
Bypass |
2015-07-02 |
2017-09-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation. |
35972 |
CVE-2015-3703 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image. |
35973 |
CVE-2015-3694 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719. |
35974 |
CVE-2015-3692 |
284 |
|
|
2015-07-02 |
2016-12-05 |
6.8 |
None |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges. |
35975 |
CVE-2015-3690 |
200 |
|
+Info |
2015-07-02 |
2017-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. |
35976 |
CVE-2015-3689 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3688. |
35977 |
CVE-2015-3688 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689. |
35978 |
CVE-2015-3687 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3688, and CVE-2015-3689. |
35979 |
CVE-2015-3686 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689. |
35980 |
CVE-2015-3685 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689. |
35981 |
CVE-2015-3684 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL. |
35982 |
CVE-2015-3682 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3680, and CVE-2015-3681. |
35983 |
CVE-2015-3681 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3680, and CVE-2015-3682. |
35984 |
CVE-2015-3680 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3681, and CVE-2015-3682. |
35985 |
CVE-2015-3679 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3680, CVE-2015-3681, and CVE-2015-3682. |
35986 |
CVE-2015-3677 |
200 |
|
+Info |
2015-07-02 |
2017-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The LZVN compression feature in AppleFSCompression in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. |
35987 |
CVE-2015-3676 |
200 |
|
+Info |
2015-07-02 |
2017-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information via a crafted app. |
35988 |
CVE-2015-3675 |
284 |
|
Bypass |
2015-07-02 |
2017-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL. |
35989 |
CVE-2015-3669 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3665. |
35990 |
CVE-2015-3668 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3666, and CVE-2015-3667. |
35991 |
CVE-2015-3667 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3666, and CVE-2015-3668. |
35992 |
CVE-2015-3666 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3667, and CVE-2015-3668. |
35993 |
CVE-2015-3665 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3669. |
35994 |
CVE-2015-3664 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3665 and CVE-2015-3669. |
35995 |
CVE-2015-3663 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668. |
35996 |
CVE-2015-3662 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668. |
35997 |
CVE-2015-3661 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3662, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668. |
35998 |
CVE-2015-3660 |
79 |
|
XSS |
2015-07-02 |
2016-12-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content. |
35999 |
CVE-2015-3659 |
264 |
|
DoS Exec Code |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. |
36000 |
CVE-2015-3658 |
254 |
|
Bypass CSRF |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site. |