CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2015

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2015-3796 119 DoS Exec Code Overflow Mem. Corr. 2015-08-17 2017-09-16
7.5
None Remote Low Not required Partial Partial Partial
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3797 and CVE-2015-3798.
352 CVE-2015-3795 119 DoS Exec Code Overflow Mem. Corr. 2015-08-17 2016-12-24
9.3
None Remote Medium Not required Complete Complete Complete
libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.
353 CVE-2015-3794 119 DoS Exec Code Overflow Mem. Corr. 2015-08-17 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
The Speech UI in Apple OS X before 10.10.5, when speech alerts are enabled, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Unicode string.
354 CVE-2015-3793 264 Bypass 2015-08-17 2016-12-24
4.3
None Remote Medium Not required Partial None None
CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
355 CVE-2015-3792 119 DoS Exec Code Overflow Mem. Corr. 2015-08-17 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779.
356 CVE-2015-3791 119 DoS Exec Code Overflow Mem. Corr. 2015-08-17 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779.
357 CVE-2015-3790 119 DoS Exec Code Overflow Mem. Corr. 2015-08-17 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779.
358 CVE-2015-3789 119 DoS Exec Code Overflow Mem. Corr. 2015-08-17 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779.
359 CVE-2015-3788 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779.
360 CVE-2015-3787 20 DoS 2015-08-16 2017-09-21
3.3
None Local Network Low Not required None None Partial
The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets.
361 CVE-2015-3786 200 +Info 2015-08-16 2017-09-21
4.3
None Remote Medium Not required Partial None None
The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired devices via a crafted app.
362 CVE-2015-3784 200 +Info 2015-08-16 2016-12-24
5.0
None Remote Low Not required Partial None None
Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
363 CVE-2015-3783 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2017-09-21
7.5
None Remote Low Not required Partial Partial Partial
SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
364 CVE-2015-3782 200 +Info 2015-08-16 2016-12-24
4.3
None Remote Medium Not required Partial None None
CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.
365 CVE-2015-3781 79 XSS 2015-08-16 2017-09-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search.
366 CVE-2015-3780 200 +Info 2015-08-16 2017-09-21
4.3
None Remote Medium Not required Partial None None
The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
367 CVE-2015-3779 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779.
368 CVE-2015-3778 200 +Info 2015-08-16 2016-12-24
3.3
None Local Network Low Not required Partial None None
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
369 CVE-2015-3777 119 Overflow +Priv 2015-08-16 2017-09-21
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow local users to gain privileges via XPC messages.
370 CVE-2015-3776 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-24
9.3
None Remote Medium Not required Complete Complete Complete
IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
371 CVE-2015-3775 287 2015-08-16 2017-09-21
7.2
None Local Low Not required Complete Complete Complete
Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors.
372 CVE-2015-3774 20 +Info 2015-08-16 2017-09-21
4.8
None Local Network Low Not required Partial Partial None
The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream.
373 CVE-2015-3773 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2017-09-21
7.5
None Remote Low Not required Partial Partial Partial
The SMB client in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
374 CVE-2015-3772 264 DoS +Priv Mem. Corr. 2015-08-16 2017-09-21
7.2
None Local Low Not required Complete Complete Complete
IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3771.
375 CVE-2015-3771 119 DoS Overflow +Priv Mem. Corr. 2015-08-16 2017-09-21
7.2
None Local Low Not required Complete Complete Complete
IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3772.
376 CVE-2015-3770 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2017-09-21
9.3
None Remote Medium Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5783.
377 CVE-2015-3769 119 DoS Overflow +Priv Mem. Corr. 2015-08-16 2017-09-21
7.2
None Local Low Not required Complete Complete Complete
IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3771 and CVE-2015-3772.
378 CVE-2015-3768 189 Exec Code Overflow 2015-08-16 2016-12-24
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.
379 CVE-2015-3767 264 DoS +Priv Mem. Corr. 2015-08-16 2017-09-21
7.2
None Local Low Not required Complete Complete Complete
udf in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.
380 CVE-2015-3766 200 +Info 2015-08-16 2016-12-24
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app.
381 CVE-2015-3765 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779.
382 CVE-2015-3764 200 +Info 2015-08-16 2017-09-21
4.3
None Remote Medium Not required Partial None None
Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, which allows attackers to read arbitrary notifications via a crafted app.
383 CVE-2015-3763 19 DoS 2015-08-16 2016-12-24
4.3
None Remote Medium Not required None None Partial
Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site.
384 CVE-2015-3762 200 +Info 2015-08-16 2017-09-21
5.0
None Remote Low Not required Partial None None
The Text Formats component in Apple OS X before 10.10.5, as used in TextEdit, allows remote attackers to read arbitrary files via a text file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
385 CVE-2015-3761 264 +Priv 2015-08-16 2017-09-21
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.
386 CVE-2015-3760 20 +Priv 2015-08-16 2017-09-21
7.2
None Local Low Not required Complete Complete Complete
dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.
387 CVE-2015-3759 264 Bypass 2015-08-16 2016-12-24
4.6
None Local Low Not required Partial Partial Partial
Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink.
388 CVE-2015-3758 20 Bypass 2015-08-16 2016-12-24
4.3
None Remote Medium Not required None Partial None
UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL.
389 CVE-2015-3757 284 2015-08-16 2017-09-21
2.1
None Local Low Not required None Partial None
Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane.
390 CVE-2015-3756 254 2015-08-16 2016-12-24
2.1
None Local Low Not required None Partial None
The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.
391 CVE-2015-3755 254 2015-08-16 2019-02-07
4.3
None Remote Medium Not required None Partial None
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL.
392 CVE-2015-3754 200 +Info 2015-08-16 2019-02-07
4.3
None Remote Medium Not required Partial None None
The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site.
393 CVE-2015-3753 200 Bypass +Info 2015-08-16 2019-02-07
5.0
None Remote Low Not required Partial None None
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource.
394 CVE-2015-3752 200 +Info 2015-08-16 2019-02-07
5.0
None Remote Low Not required Partial None None
The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request.
395 CVE-2015-3751 254 Bypass 2015-08-16 2019-02-07
5.0
None Remote Low Not required None Partial None
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element.
396 CVE-2015-3750 254 +Info 2015-08-16 2019-02-07
6.4
None Remote Low Not required Partial Partial None
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream.
397 CVE-2015-3749 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-07
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
398 CVE-2015-3748 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-07
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
399 CVE-2015-3747 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-07
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
400 CVE-2015-3746 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
Total number of vulnerabilities : 620   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.