Total
8075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5863 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-22 | 2.1 LOW | N/A |
| IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors. | |||||
| CVE-2015-5860 | 1 Apple | 2 Iphone Os, Watchos | 2016-12-22 | 5.0 MEDIUM | N/A |
| The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site. | |||||
| CVE-2015-5858 | 1 Apple | 2 Iphone Os, Watchos | 2016-12-22 | 5.0 MEDIUM | N/A |
| The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL. | |||||
| CVE-2015-5855 | 1 Apple | 2 Iphone Os, Watchos | 2016-12-22 | 4.3 MEDIUM | N/A |
| Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app. | |||||
| CVE-2015-5851 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-22 | 2.1 LOW | N/A |
| The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack. | |||||
| CVE-2015-5842 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-22 | 2.1 LOW | N/A |
| XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors. | |||||
| CVE-2015-5835 | 1 Apple | 1 Iphone Os | 2016-12-22 | 4.3 MEDIUM | N/A |
| Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme. | |||||
| CVE-2015-5834 | 1 Apple | 2 Iphone Os, Watchos | 2016-12-22 | 4.3 MEDIUM | N/A |
| IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||||
| CVE-2015-5832 | 1 Apple | 1 Iphone Os | 2016-12-22 | 2.1 LOW | N/A |
| The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-5831 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-22 | 5.0 MEDIUM | N/A |
| NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app. | |||||
| CVE-2015-5827 | 1 Apple | 2 Iphone Os, Safari | 2016-12-22 | 5.0 MEDIUM | N/A |
| WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event. | |||||
| CVE-2015-5825 | 1 Apple | 2 Iphone Os, Safari | 2016-12-22 | 4.3 MEDIUM | N/A |
| WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code. | |||||
| CVE-2015-5788 | 1 Apple | 2 Iphone Os, Safari | 2016-12-22 | 4.3 MEDIUM | N/A |
| The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element. | |||||
| CVE-2015-5440 | 1 Hp | 1 Universal Configuration Management Database | 2016-12-22 | 4.9 MEDIUM | N/A |
| HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-5411 | 1 Hp | 1 Version Control Repository Manager | 2016-12-22 | 6.8 MEDIUM | N/A |
| HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-4980 | 1 Ibm | 1 Websphere Commerce | 2016-12-22 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors. | |||||
| CVE-2015-4961 | 1 Ibm | 1 Tealeaf Customer Experience | 2016-12-22 | 2.9 LOW | 2.6 LOW |
| IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 does not encrypt connections between internal servers, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. | |||||
| CVE-2015-4519 | 1 Mozilla | 2 Firefox, Firefox Esr | 2016-12-22 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element. | |||||
| CVE-2015-4503 | 1 Mozilla | 1 Firefox | 2016-12-22 | 5.0 MEDIUM | N/A |
| The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application. | |||||
| CVE-2014-1580 | 1 Mozilla | 1 Firefox | 2016-12-22 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element. | |||||