CVE-2015-4000

Public exploit
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Max CVSS
4.3
EPSS Score
97.46%
Published
2015-05-21
Updated
2023-02-09

CVE-2015-1155

Public exploit
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.
Max CVSS
4.3
EPSS Score
1.15%
Published
2015-05-08
Updated
2017-01-03

CVE-2015-1126

Public exploit
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
Max CVSS
4.3
EPSS Score
94.23%
Published
2015-04-10
Updated
2015-09-11
This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.
Max CVSS
4.3
EPSS Score
0.05%
Published
2024-03-08
Updated
2024-03-14
The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets.
Max CVSS
4.8
EPSS Score
0.04%
Published
2024-01-10
Updated
2024-01-16
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information.
Max CVSS
4.2
EPSS Score
0.04%
Published
2024-01-10
Updated
2024-01-16
The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker with physical access may be able to use Siri to access sensitive user data.
Max CVSS
4.6
EPSS Score
0.05%
Published
2023-12-12
Updated
2023-12-13
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.
Max CVSS
4.6
EPSS Score
0.06%
Published
2023-10-25
Updated
2023-11-02
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.
Max CVSS
4.6
EPSS Score
0.06%
Published
2023-10-25
Updated
2023-11-02
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
Max CVSS
4.4
EPSS Score
0.05%
Published
2023-09-27
Updated
2023-10-05
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14.1, iOS 16.7.2 and iPadOS 16.7.2. Visiting a malicious website may reveal browsing history.
Max CVSS
4.3
EPSS Score
0.06%
Published
2023-10-25
Updated
2023-11-02
The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write.
Max CVSS
4.3
EPSS Score
0.05%
Published
2023-09-27
Updated
2023-10-05
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.5, iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.
Max CVSS
4.6
EPSS Score
0.05%
Published
2023-06-23
Updated
2023-09-06
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM.
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-09-06
Updated
2023-09-09
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.
Max CVSS
4.3
EPSS Score
0.05%
Published
2023-08-14
Updated
2023-12-27
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing.
Max CVSS
4.3
EPSS Score
0.32%
Published
2023-02-27
Updated
2023-12-28
An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods.
Max CVSS
4.3
EPSS Score
0.06%
Published
2022-12-15
Updated
2023-01-09
A lock screen issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. A user may be able to view restricted content from the lock screen.
Max CVSS
4.6
EPSS Score
0.06%
Published
2022-11-01
Updated
2023-01-09
The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing.
Max CVSS
4.7
EPSS Score
0.05%
Published
2024-01-10
Updated
2024-01-17
A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions.
Max CVSS
4.3
EPSS Score
0.21%
Published
2022-09-20
Updated
2022-12-08
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A user in a privileged network position can track a user’s activity.
Max CVSS
4.3
EPSS Score
0.08%
Published
2022-08-24
Updated
2022-11-02
This issue was addressed with improved checks. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. Visiting a malicious website may lead to address bar spoofing.
Max CVSS
4.3
EPSS Score
0.09%
Published
2022-09-20
Updated
2022-12-07
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information.
Max CVSS
4.4
EPSS Score
0.05%
Published
2022-09-23
Updated
2023-01-09
A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
Max CVSS
4.7
EPSS Score
0.05%
Published
2022-05-26
Updated
2022-06-08
A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
Max CVSS
4.7
EPSS Score
0.06%
Published
2022-05-26
Updated
2022-06-08
251 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!