Export limit exceeded: 10370 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10370 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5827 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event. | ||||
| CVE-2015-5831 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | N/A |
| NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app. | ||||
| CVE-2015-5832 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-5836 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app. | ||||
| CVE-2015-5842 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-12 | N/A |
| XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors. | ||||
| CVE-2015-5860 | 1 Apple | 2 Iphone Os, Watchos | 2025-04-12 | N/A |
| The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site. | ||||
| CVE-2015-5863 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-12 | N/A |
| IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors. | ||||
| CVE-2015-5864 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | ||||
| CVE-2015-5865 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | ||||
| CVE-2015-5870 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors. | ||||
| CVE-2015-5880 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app. | ||||
| CVE-2015-5893 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | ||||
| CVE-2015-5906 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character. | ||||
| CVE-2015-5910 | 1 Apple | 1 Xcode | 2025-04-12 | N/A |
| IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2015-5916 | 1 Apple | 2 Iphone Os, Watchos | 2025-04-12 | N/A |
| The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature. | ||||
| CVE-2015-5921 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-5923 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors. | ||||
| CVE-2015-6096 | 1 Microsoft | 1 .net Framework | 2025-04-12 | N/A |
| The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability." | ||||
| CVE-2015-6115 | 1 Microsoft | 1 .net Framework | 2025-04-12 | N/A |
| Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ".NET ASLR Bypass." | ||||
| CVE-2015-6404 | 1 Cisco | 1 Hosted Collaboration Solution | 2025-04-12 | N/A |
| Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374. | ||||