Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Iphone_os
(Apple)| Repositories |
• https://github.com/madler/zlib
• https://github.com/file/file • https://github.com/WebKit/webkit • https://github.com/vadz/libtiff |
| #Vulnerabilities | 3370 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-10-09 | CVE-2015-5923 | Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors. | Iphone_os | N/A | ||
| 2015-09-18 | CVE-2015-5921 | WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | Iphone_os | N/A | ||
| 2015-09-18 | CVE-2015-5916 | The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature. | Iphone_os, Watchos | N/A | ||
| 2015-09-18 | CVE-2015-5912 | The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. | Iphone_os, Mac_os_x | N/A | ||
| 2015-09-18 | CVE-2015-5907 | WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate. | Iphone_os | N/A | ||
| 2015-09-18 | CVE-2015-5906 | The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character. | Iphone_os | N/A | ||
| 2015-09-18 | CVE-2015-5905 | Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site. | Iphone_os | N/A | ||
| 2015-09-18 | CVE-2015-5904 | Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site. | Iphone_os | N/A | ||
| 2015-09-18 | CVE-2015-5903 | The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896. | Iphone_os, Mac_os_x, Watchos | N/A | ||
| 2015-09-18 | CVE-2015-5899 | libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | Iphone_os, Mac_os_x, Watchos | N/A |