Vulnerabilities > Apple > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-08-16 | CVE-2015-3784 | Information Exposure vulnerability in Apple products Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |
2015-08-16 | CVE-2015-3782 | Information Exposure vulnerability in Apple Iphone OS and mac OS X CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app. | 4.3 |
2015-08-16 | CVE-2015-3781 | Cross-site Scripting vulnerability in Apple mac OS X Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search. | 4.3 |
2015-08-16 | CVE-2015-3780 | Information Exposure vulnerability in Apple mac OS X The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | 4.3 |
2015-08-16 | CVE-2015-3779 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Quicktime 7.0.0 QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. | 6.8 |
2015-08-16 | CVE-2015-3774 | Improper Input Validation vulnerability in Apple mac OS X The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream. | 4.8 |
2015-08-16 | CVE-2015-3766 | Information Exposure vulnerability in Apple Iphone OS and mac OS X The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app. | 4.3 |
2015-08-16 | CVE-2015-3765 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Quicktime 7.0.0 QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. | 6.8 |
2015-08-16 | CVE-2015-3764 | Information Exposure vulnerability in Apple mac OS X Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, which allows attackers to read arbitrary notifications via a crafted app. | 4.3 |
2015-08-16 | CVE-2015-3763 | Data Processing Errors vulnerability in Apple Iphone OS Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site. | 4.3 |