Vulnerabilities > Apple > Iphone OS > 3.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-05-21 | CVE-2015-4000 | Cryptographic Issues vulnerability in multiple products The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | 3.7 |
2015-05-08 | CVE-2015-1156 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Safari The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site. | 4.3 |
2015-05-08 | CVE-2015-1155 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Safari The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. | 4.3 |
2015-05-08 | CVE-2015-1153 | Memory Corruption vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154. network apple | 6.8 |
2015-05-08 | CVE-2015-1152 | Memory Corruption vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154. network apple | 6.8 |
2015-04-10 | CVE-2015-1129 | Cryptographic Issues vulnerability in Apple Iphone OS and Safari Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site. | 4.3 |
2015-04-10 | CVE-2015-1126 | Improper Input Validation vulnerability in Apple Iphone OS and Safari WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors. | 4.3 |
2015-04-10 | CVE-2015-1125 | Code vulnerability in Apple Iphone OS The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site. | 4.3 |
2015-04-10 | CVE-2015-1124 | Memory Corruption vulnerability in WebKit WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. network apple | 6.8 |
2015-04-10 | CVE-2015-1123 | Memory Corruption vulnerability in Apple Iphone OS and Tvos WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4. network apple | 6.8 |