U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:apple:iphone_os:1.1.0:-:ipodtouch:*:*:*:*:*
  • CPE Name Search: true
There are 3,287 matching records.
Displaying matches 2,681 through 2,700.
Vuln ID Summary CVSS Severity
CVE-2015-3688

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689.

Published: July 02, 2015; 9:59:43 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-3687

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3688, and CVE-2015-3689.

Published: July 02, 2015; 9:59:42 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-3686

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689.

Published: July 02, 2015; 9:59:41 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-3685

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689.

Published: July 02, 2015; 9:59:40 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-3684

The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL.

Published: July 02, 2015; 9:59:39 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-3659

The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

Published: July 02, 2015; 9:59:18 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-3658

The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site.

Published: July 02, 2015; 9:59:17 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-8146

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.

Published: May 25, 2015; 6:59:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Published: May 20, 2015; 8:59:00 PM -0400
V3.0: 3.7 LOW
V2.0: 4.3 MEDIUM
CVE-2015-1156

The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site.

Published: May 07, 2015; 8:59:04 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-1155

The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.

Published: May 07, 2015; 8:59:03 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-1153

WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154.

Published: May 07, 2015; 8:59:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-1152

WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154.

Published: May 07, 2015; 8:59:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-1129

Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.

Published: April 10, 2015; 10:59:42 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-1126

WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.

Published: April 10, 2015; 10:59:39 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-1125

The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.

Published: April 10, 2015; 10:59:38 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-1124

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.

Published: April 10, 2015; 10:59:38 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-1123

WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4.

Published: April 10, 2015; 10:59:37 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-1122

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.

Published: April 10, 2015; 10:59:36 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-1121

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.

Published: April 10, 2015; 10:59:35 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM