Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-10-23 | CVE-2015-7005 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1. | 6.8 |
| 2015-10-23 | CVE-2015-6999 | 7PK - Security Features vulnerability in Apple Iphone OS The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate. | 5.0 |
| 2015-10-23 | CVE-2015-6997 | 7PK - Security Features vulnerability in Apple Iphone OS and Watchos The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. | 4.3 |
| 2015-10-23 | CVE-2015-6982 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1. | 6.8 |
| 2015-10-23 | CVE-2015-6981 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1. | 6.8 |
| 2015-10-18 | CVE-2015-7034 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iwork and Pages The Apple iWork application before 2.6 for iOS and Apple Pages before 5.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Pages document. | 6.8 |
| 2015-10-18 | CVE-2015-7033 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted document. | 6.8 |
| 2015-10-18 | CVE-2015-7032 | Information Exposure vulnerability in Apple products The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted document. | 4.3 |
| 2015-10-15 | CVE-2015-7628 | Information Exposure vulnerability in Adobe products Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. | 5.0 |
| 2015-10-09 | CVE-2015-7761 | Information Exposure vulnerability in Apple mac OS X Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760. | 5.0 |