Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-05-08 | CVE-2015-1155 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Safari The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. | 4.3 |
| 2015-05-08 | CVE-2015-1154 | Memory Corruption vulnerability in WebKit WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153. network apple | 6.8 |
| 2015-05-08 | CVE-2015-1153 | Memory Corruption vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154. network apple | 6.8 |
| 2015-05-08 | CVE-2015-1152 | Memory Corruption vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154. network apple | 6.8 |
| 2015-05-01 | CVE-2015-3153 | Information Exposure vulnerability in multiple products The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. | 5.0 |
| 2015-04-28 | CVE-2015-1151 | Improper Access Control vulnerability in Apple OS X Server Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client. | 5.0 |
| 2015-04-28 | CVE-2015-1150 | Code vulnerability in Apple OS X Server The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended. | 5.0 |
| 2015-04-24 | CVE-2015-3148 | Improper Access Control vulnerability in multiple products cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. | 5.0 |
| 2015-04-24 | CVE-2015-3143 | Permissions, Privileges, and Access Controls vulnerability in multiple products cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. | 5.0 |
| 2015-04-14 | CVE-2015-3044 | Information Exposure vulnerability in multiple products Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | 5.0 |