| ID: CVE-2015-6431 |
Title: Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405. |
Type: Hardware |
Bulletins:
CVE-2015-6431 SFBID79654 |
Severity: Medium |
| Description: Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405. | ||||
| Applies to: |
Created: 2015-12-22 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6429 |
Title: The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a tunnel endpoint, aka Bug ID CSCuw08236. |
Type: Hardware |
Bulletins:
CVE-2015-6429 |
Severity: Medium |
| Description: The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a tunnel endpoint, aka Bug ID CSCuw08236. | ||||
| Applies to: |
Created: 2015-12-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7756 |
Title: The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18... |
Type: Hardware |
Bulletins:
CVE-2015-7756 |
Severity: Medium |
| Description: The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack. | ||||
| Applies to: |
Created: 2015-12-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7755 |
Title: Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before... |
Type: Hardware |
Bulletins:
CVE-2015-7755 SFBID79626 |
Severity: High |
| Description: Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session. | ||||
| Applies to: |
Created: 2015-12-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6425 |
Title: The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786. |
Type: Hardware |
Bulletins:
CVE-2015-6425 SFBID79275 |
Severity: Medium |
| Description: The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786. | ||||
| Applies to: Unified Communications Manager |
Created: 2015-12-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6359 |
Title: The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of... |
Type: Hardware |
Bulletins:
CVE-2015-6359 SFBID79200 |
Severity: Medium |
| Description: The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of crafted ND messages, aka Bug ID CSCup28217. | ||||
| Applies to: |
Created: 2015-12-15 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4206 |
Title: Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. |
Type: Hardware |
Bulletins:
CVE-2015-4206 SFBID79196 |
Severity: Medium |
| Description: Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. | ||||
| Applies to: Unified Communications Manager |
Created: 2015-12-15 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7050 |
Title: WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site. |
Type: Mobile Devices |
Bulletins:
CVE-2015-7050 SFBID78722 |
Severity: Medium |
| Description: WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site. | ||||
| Applies to: |
Created: 2015-12-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7110 |
Title: The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image. |
Type: Mobile Devices |
Bulletins:
CVE-2015-7110 |
Severity: Medium |
| Description: The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image. | ||||
| Applies to: |
Created: 2015-12-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7080 |
Title: Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state. |
Type: Mobile Devices |
Bulletins:
CVE-2015-7080 |
Severity: Low |
| Description: Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state. | ||||
| Applies to: |
Created: 2015-12-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7107 |
Title: QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. |
Type: Mobile Devices |
Bulletins:
CVE-2015-7107 |
Severity: Medium |
| Description: QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. | ||||
| Applies to: |
Created: 2015-12-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7069 |
Title: Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070. |
Type: Mobile Devices |
Bulletins:
CVE-2015-7069 |
Severity: High |
| Description: Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070. | ||||
| Applies to: |
Created: 2015-12-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7070 |
Title: Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7069. |
Type: Mobile Devices |
Bulletins:
CVE-2015-7070 |
Severity: High |
| Description: Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7069. | ||||
| Applies to: |
Created: 2015-12-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7109 |
Title: IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-7109 |
Severity: High |
| Description: IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||||
| Applies to: |
Created: 2015-12-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7081 |
Title: iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML... |
Type: Mobile Devices |
Bulletins:
CVE-2015-7081 |
Severity: Medium |
| Description: iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| Applies to: |
Created: 2015-12-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7037 |
Title: Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname. |
Type: Mobile Devices |
Bulletins:
CVE-2015-7037 |
Severity: Medium |
| Description: Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname. | ||||
| Applies to: |
Created: 2015-12-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7094 |
Title: CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL. |
Type: Mobile Devices |
Bulletins:
CVE-2015-7094 |
Severity: Low |
| Description: CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL. | ||||
| Applies to: |
Created: 2015-12-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7062 |
Title: Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2015-7062 |
Severity: Medium |
| Description: Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors. | ||||
| Applies to: |
Created: 2015-12-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6623 |
Title: Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24872703. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6623 |
Severity: High |
| Description: Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24872703. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6629 |
Title: Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22667667. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6629 |
Severity: Medium |
| Description: Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22667667. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6622 |
Title: The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6622 |
Severity: Medium |
| Description: The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23905002. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6619 |
Title: The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6619 |
Severity: High |
| Description: The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6633 |
Title: The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6633 |
Severity: High |
| Description: The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6634 |
Title: The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6634 |
Severity: High |
| Description: The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6627 |
Title: The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature or SignatureOrSystem access, aka... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6627 |
Severity: Low |
| Description: The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24211743. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6630 |
Title: SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application, aka internal bug 19121797. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6630 |
Severity: Medium |
| Description: SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application, aka internal bug 19121797. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6621 |
Title: SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23909438. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6621 |
Severity: High |
| Description: SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23909438. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6624 |
Title: System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23999740. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6624 |
Severity: Medium |
| Description: System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23999740. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6625 |
Title: System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information and consequently gain privileges via a crafted application, aka internal bug 23936840. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6625 |
Severity: Medium |
| Description: System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information and consequently gain privileges via a crafted application, aka internal bug 23936840. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6617 |
Title: Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23648740. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6617 |
Severity: High |
| Description: Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23648740. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6616 |
Title: mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 24630158 and... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6616 |
Severity: High |
| Description: mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 24630158 and 23882800, a different vulnerability than CVE-2015-8505, CVE-2015-8506, and CVE-2015-8507. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8506 |
Title: mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24441553, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8506 |
Severity: High |
| Description: mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24441553, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8507. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8505 |
Title: mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a different vulnerability than... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8505 |
Severity: High |
| Description: mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a different vulnerability than CVE-2015-6616, CVE-2015-8506, and CVE-2015-8507. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8507 |
Title: mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8507 |
Severity: High |
| Description: mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8506. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6628 |
Title: Media Framework in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6628 |
Severity: Medium |
| Description: Media Framework in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24074485. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6626 |
Title: libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6626 |
Severity: Medium |
| Description: libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24310423. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6631 |
Title: libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6631 |
Severity: Medium |
| Description: libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24623447. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6632 |
Title: libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6632 |
Severity: Medium |
| Description: libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24346430. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6620 |
Title: libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6620 |
Severity: High |
| Description: libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and 24445127. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6618 |
Title: Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows user-assisted remote attackers to execute arbitrary code by leveraging access to the local physical environment, aka internal bug 24595992. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6618 |
Severity: Medium |
| Description: Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows user-assisted remote attackers to execute arbitrary code by leveraging access to the local physical environment, aka internal bug 24595992. | ||||
| Applies to: |
Created: 2015-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6783 |
Title: The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6783 SFBID78416 |
Severity: Medium |
| Description: The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows attackers to bypass a signature-validation requirement via a crafted ZIP archive. | ||||
| Applies to: |
Created: 2015-12-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6394 |
Title: The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows local users to cause a denial of service (device crash) via crafted USB parameters, aka Bug ID CSCus89408. |
Type: Hardware |
Bulletins:
CVE-2015-6394 |
Severity: Medium |
| Description: The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows local users to cause a denial of service (device crash) via crafted USB parameters, aka Bug ID CSCus89408. | ||||
| Applies to: |
Created: 2015-12-04 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6383 |
Title: Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter crafted filenames, aka Bug ID CSCuv93130. |
Type: Hardware |
Bulletins:
CVE-2015-6383 SFBID78521 |
Severity: High |
| Description: Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter crafted filenames, aka Bug ID CSCuv93130. | ||||
| Applies to: |
Created: 2015-12-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6385 |
Title: The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment... |
Type: Hardware |
Bulletins:
CVE-2015-6385 |
Severity: High |
| Description: The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment variables, aka Bug ID CSCux14943. | ||||
| Applies to: |
Created: 2015-12-01 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5787 |
Title: The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5787 |
Severity: Medium |
| Description: The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app. | ||||
| Applies to: |
Created: 2015-11-21 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7036 |
Title: The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API... |
Type: Mobile Devices |
Bulletins:
CVE-2015-7036 |
Severity: High |
| Description: The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument. | ||||
| Applies to: |
Created: 2015-11-21 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6375 |
Title: The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010. |
Type: Hardware |
Bulletins:
CVE-2015-6375 SFBID77676 |
Severity: Low |
| Description: The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010. | ||||
| Applies to: |
Created: 2015-11-21 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5859 |
Title: The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5859 |
Severity: Medium |
| Description: The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | ||||
| Applies to: |
Created: 2015-11-21 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6365 |
Title: Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2015-6365 |
Severity: Medium |
| Description: Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID CSCur61303. | ||||
| Applies to: |
Created: 2015-11-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6366 |
Title: Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID CSCur01042. |
Type: Hardware |
Bulletins:
CVE-2015-6366 |
Severity: Medium |
| Description: Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID CSCur01042. | ||||
| Applies to: |
Created: 2015-11-12 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6614 |
Title: Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6614 |
Severity: Medium |
| Description: Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage or mute manipulation), via a crafted application, aka internal bug 21900139. | ||||
| Applies to: |
Created: 2015-11-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6611 |
Title: mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6611 |
Severity: Medium |
| Description: mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23905951, 23912202, 23953967, 23696300, 23600291, 23756261, 23541506, 23284974, 23542351, and 23542352, a different vulnerability than CVE-2015-8074. | ||||
| Applies to: |
Created: 2015-11-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8074 |
Title: mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8074 |
Severity: Medium |
| Description: mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a different vulnerability than CVE-2015-6611. | ||||
| Applies to: |
Created: 2015-11-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6608 |
Title: mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6608 |
Severity: High |
| Description: mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658148, a different vulnerability than CVE-2015-8072 and CVE-2015-8073. | ||||
| Applies to: |
Created: 2015-11-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8072 |
Title: mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8072 |
Severity: High |
| Description: mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23881715, a different vulnerability than CVE-2015-6608 and CVE-2015-8073. | ||||
| Applies to: |
Created: 2015-11-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8073 |
Title: mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8073 |
Severity: High |
| Description: mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability than CVE-2015-6608 and CVE-2015-8072. | ||||
| Applies to: |
Created: 2015-11-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6609 |
Title: libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6609 |
Severity: High |
| Description: libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624. | ||||
| Applies to: |
Created: 2015-11-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6610 |
Title: libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6610 |
Severity: High |
| Description: libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088. | ||||
| Applies to: |
Created: 2015-11-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6612 |
Title: libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6612 |
Severity: High |
| Description: libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426. | ||||
| Applies to: |
Created: 2015-11-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6613 |
Title: Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6613 |
Severity: Medium |
| Description: Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24371736. | ||||
| Applies to: |
Created: 2015-11-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6343 |
Title: The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202. |
Type: Hardware |
Bulletins:
CVE-2015-6343 |
Severity: Medium |
| Description: The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202. | ||||
| Applies to: |
Created: 2015-10-31 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6341 |
Title: The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610. |
Type: Hardware |
Bulletins:
CVE-2015-6341 |
Severity: Medium |
| Description: The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610. | ||||
| Applies to: |
Created: 2015-10-24 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7013 |
Title: WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2015-7013 SFBID77264 |
Severity: Medium |
| Description: WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5928 |
Title: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5928 SFBID77267 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5929 |
Title: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5929 SFBID77267 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5930 |
Title: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5930 SFBID77267 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7002 |
Title: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-7002 SFBID77267 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7012 |
Title: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-7012 SFBID77267 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7014 |
Title: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-7014 SFBID77267 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6981 |
Title: WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6981 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6982 |
Title: WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6982 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7005 |
Title: WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit... |
Type: Mobile Devices |
Bulletins:
CVE-2015-7005 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7022 |
Title: The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-7022 SFBID77268 |
Severity: Medium |
| Description: The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5924 |
Title: The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5924 SFBID77263 |
Severity: Medium |
| Description: The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6999 |
Title: The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6999 SFBID77268 |
Severity: Medium |
| Description: The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6994 |
Title: The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6994 SFBID77263 |
Severity: High |
| Description: The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6988 |
Title: The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6988 SFBID77263 |
Severity: High |
| Description: The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7004 |
Title: The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-7004 SFBID77268 |
Severity: High |
| Description: The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6995 |
Title: The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6995 SFBID77263 |
Severity: Medium |
| Description: The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5940 |
Title: The Accelerate Framework component in Apple iOS before 9.1 and OS X before 10.11.1, when multi-threading is enabled, omits certain validation and locking steps, which allows remote attackers to execute arbitrary code or cause a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5940 SFBID77263 |
Severity: Medium |
| Description: The Accelerate Framework component in Apple iOS before 9.1 and OS X before 10.11.1, when multi-threading is enabled, omits certain validation and locking steps, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7000 |
Title: Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on... |
Type: Mobile Devices |
Bulletins:
CVE-2015-7000 SFBID77268 |
Severity: Low |
| Description: Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on the lock screen soon after a setting was disabled. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6976 |
Title: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6976 SFBID77263 |
Severity: Medium |
| Description: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6977 |
Title: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6977 SFBID77263 |
Severity: Medium |
| Description: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6990 |
Title: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6990 SFBID77263 |
Severity: Medium |
| Description: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6991 |
Title: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6991 SFBID77263 |
Severity: Medium |
| Description: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6993 |
Title: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6993 SFBID77263 |
Severity: Medium |
| Description: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7008 |
Title: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-7008 SFBID77263 |
Severity: Medium |
| Description: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7009 |
Title: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-7009 SFBID77263 |
Severity: Medium |
| Description: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7010, and CVE-2015-7018. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7010 |
Title: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-7010 SFBID77263 |
Severity: Medium |
| Description: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7018. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7018 |
Title: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-7018 SFBID77263 |
Severity: Medium |
| Description: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7010. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6983 |
Title: Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6983 SFBID77263 |
Severity: High |
| Description: Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6975 |
Title: CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6975 |
Severity: High |
| Description: CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6992 |
Title: CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6992 |
Severity: High |
| Description: CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7017 |
Title: CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-7017 |
Severity: High |
| Description: CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6986 |
Title: com.apple.driver.AppleVXD393 in the Graphics Driver subsystem in Apple iOS before 9.1 allows attackers to execute arbitrary code via a crafted app that leverages an unspecified "type confusion." |
Type: Mobile Devices |
Bulletins:
CVE-2015-6986 SFBID77268 |
Severity: High |
| Description: com.apple.driver.AppleVXD393 in the Graphics Driver subsystem in Apple iOS before 9.1 allows attackers to execute arbitrary code via a crafted app that leverages an unspecified "type confusion." | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7023 |
Title: CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2015-7023 SFBID77263 |
Severity: Medium |
| Description: CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. | ||||
| Applies to: |
Created: 2015-10-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7752 |
Title: The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5,... |
Type: Hardware |
Bulletins:
CVE-2015-7752 |
Severity: High |
| Description: The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D25, 14.2 before 14.2R3, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D20 allows remote attackers to cause a denial of service (CPU consumption) via unspecified SSH traffic. | ||||
| Applies to: |
Created: 2015-10-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7749 |
Title: The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the "host-OS." |
Type: Hardware |
Bulletins:
CVE-2015-7749 |
Severity: High |
| Description: The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the "host-OS." | ||||
| Applies to: |
Created: 2015-10-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7750 |
Title: The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a... |
Type: Hardware |
Bulletins:
CVE-2015-7750 |
Severity: Medium |
| Description: The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a crafted L2TP packet. | ||||
| Applies to: |
Created: 2015-10-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7751 |
Title: Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before... |
Type: Hardware |
Bulletins:
CVE-2015-7751 |
Severity: Medium |
| Description: Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D105, 14.1X51 before 14.1X51-D70, 14.1X53 before 14.1X53-D25, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R1, 15.1 before 15.1F2 or 15.1R1, and 15.1X49 before 15.1X49-D10 does not require a password for the root user when pam.conf is "corrupted," which allows local users to gain root privileges by modifying the file. | ||||
| Applies to: |
Created: 2015-10-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7748 |
Title: Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet. |
Type: Hardware |
Bulletins:
CVE-2015-7748 SFBID101103 |
Severity: Medium |
| Description: Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet. | ||||
| Applies to: |
Created: 2015-10-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-6449 |
Title: Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R5, and 14.2 before 14.2R1 do not properly handle... |
Type: Hardware |
Bulletins:
CVE-2014-6449 |
Severity: Medium |
| Description: Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R5, and 14.2 before 14.2R1 do not properly handle TCP packet reassembly, which allows remote attackers to cause a denial of service (buffer consumption) via a crafted sequence of packets "destined to the device." | ||||
| Applies to: |
Created: 2015-10-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-6450 |
Title: Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 12.3X50 before 12.3X50-D42,... |
Type: Hardware |
Bulletins:
CVE-2014-6450 |
Severity: High |
| Description: Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 12.3X50 before 12.3X50-D42, 13.1 before 13.1R4-S3, 13.1X49 before 13.1X49-D42, 13.1X50 before 13.1X50-D30, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D26, 13.2X52 before 13.2X52-D15, 13.3 before 13.3R3-S3, 14.1 before 14.1R3, 14.2 before 14.2R1, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10, when configured for IPv6, allow remote attackers to cause a denial of service (mbuf chain corruption and kernel panic) via crafted IPv6 packets. | ||||
| Applies to: |
Created: 2015-10-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-6451 |
Title: J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service (system reboot) via unspecified vectors. |
Type: Hardware |
Bulletins:
CVE-2014-6451 |
Severity: High |
| Description: J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service (system reboot) via unspecified vectors. | ||||
| Applies to: |
Created: 2015-10-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6263 |
Title: The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers, aka Bug ID CSCuu59324. |
Type: Hardware |
Bulletins:
CVE-2015-6263 |
Severity: Medium |
| Description: The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers, aka Bug ID CSCuu59324. | ||||
| Applies to: |
Created: 2015-10-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5923 |
Title: Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5923 |
Severity: Low |
| Description: Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors. | ||||
| Applies to: |
Created: 2015-10-09 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6311 |
Title: Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2015-6311 |
Severity: Medium |
| Description: Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236. | ||||
| Applies to: |
Created: 2015-10-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3874 |
Title: The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3874 |
Severity: High |
| Description: The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6606 |
Title: The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6606 |
Severity: High |
| Description: The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22301786. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3865 |
Title: The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3865 |
Severity: High |
| Description: The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3877 |
Title: Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3877 |
Severity: High |
| Description: Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6596 |
Title: mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6596 |
Severity: High |
| Description: mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6605 |
Title: mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability than CVE-2015-7718. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6605 |
Severity: Medium |
| Description: mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability than CVE-2015-7718. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3862 |
Title: mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3862 |
Severity: Medium |
| Description: mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7717 |
Title: mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596. |
Type: Mobile Devices |
Bulletins:
CVE-2015-7717 |
Severity: High |
| Description: mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7718 |
Title: mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different vulnerability than CVE-2015-6605. |
Type: Mobile Devices |
Bulletins:
CVE-2015-7718 |
Severity: Medium |
| Description: mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different vulnerability than CVE-2015-6605. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3878 |
Title: Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information via a crafted application that... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3878 |
Severity: Medium |
| Description: Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information via a crafted application that references a long application name, aka internal bug 23345192. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3879 |
Title: Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3879 |
Severity: High |
| Description: Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3875 |
Title: libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3875 |
Severity: High |
| Description: libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3873 |
Title: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3873 |
Severity: High |
| Description: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824, 22008959, 21814993, 21048776, 20718524, 20674674, 22388975, 20674086, 21443020, and 22077698, a different vulnerability than CVE-2015-7716. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6599 |
Title: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6599 |
Severity: High |
| Description: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3872 |
Title: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3872 |
Severity: High |
| Description: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6598 |
Title: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6598 |
Severity: High |
| Description: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3868 |
Title: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3868 |
Severity: High |
| Description: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6603 |
Title: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6603 |
Severity: High |
| Description: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3867 |
Title: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3867 |
Severity: High |
| Description: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6604 |
Title: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6604 |
Severity: High |
| Description: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3869 |
Title: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3869 |
Severity: High |
| Description: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3871 |
Title: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3871 |
Severity: High |
| Description: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6601 |
Title: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6601 |
Severity: High |
| Description: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6600 |
Title: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6600 |
Severity: High |
| Description: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3870 |
Title: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3870 |
Severity: High |
| Description: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3823 |
Title: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3823 |
Severity: High |
| Description: libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7716 |
Title: libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than... |
Type: Mobile Devices |
Bulletins:
CVE-2015-7716 |
Severity: High |
| Description: libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than CVE-2015-3873. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3847 |
Title: Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3847 |
Severity: Medium |
| Description: Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270. | ||||
| Applies to: |
Created: 2015-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6308 |
Title: Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36684. |
Type: Hardware |
Bulletins:
CVE-2015-6308 |
Severity: Medium |
| Description: Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36684. | ||||
| Applies to: |
Created: 2015-10-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6602 |
Title: libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6602 |
Severity: High |
| Description: libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. | ||||
| Applies to: |
Created: 2015-10-01 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3876 |
Title: libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3876 |
Severity: High |
| Description: libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file. | ||||
| Applies to: |
Created: 2015-10-01 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3843 |
Title: The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3843 |
Severity: High |
| Description: The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to com/android/internal/telephony/cat/AppInterface.java, aka internal bug 21697171. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3849 |
Title: The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attackers to execute arbitrary code via... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3849 |
Severity: High |
| Description: The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attackers to execute arbitrary code via an application that sends a crafted message to a service, aka internal bug 21585255. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3836 |
Title: The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3836 |
Severity: High |
| Description: The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted XMF data, aka internal bug 21132860. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3845 |
Title: The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of binder objects in an append operation, which allows attackers to obtain a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3845 |
Severity: Medium |
| Description: The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of binder objects in an append operation, which allows attackers to obtain a different application's privileges via a crafted application, aka internal bug 17312693. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3837 |
Title: The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3837 |
Severity: High |
| Description: The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka internal bug 21437603. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3827 |
Title: The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3827 SFBID76052 |
Severity: High |
| Description: The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted MPEG-4 covr atoms, aka internal bug 20923261. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3824 |
Title: The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3824 SFBID76052 |
Severity: High |
| Description: The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3826 |
Title: The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3826 SFBID76052 |
Severity: Medium |
| Description: The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to cause a denial of service (integer underflow, buffer over-read, and mediaserver process crash) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3828. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3828 |
Title: The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3828 SFBID76052 |
Severity: High |
| Description: The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3833 |
Title: The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictions and discover the name of the... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3833 |
Severity: Medium |
| Description: The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictions and discover the name of the foreground application via a crafted application, aka internal bug 20034603. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3844 |
Title: The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3844 |
Severity: Medium |
| Description: The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted application, as demonstrated by interfering with use of the Settings application, aka internal bug 21669445. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3858 |
Title: The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3858 |
Severity: High |
| Description: The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation requirement for SMS short-code messaging via a crafted application, aka internal bug 22314646. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1541 |
Title: The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an... |
Type: Mobile Devices |
Bulletins:
CVE-2015-1541 |
Severity: Medium |
| Description: The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6575 |
Title: SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6575 |
Severity: High |
| Description: SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted atoms in MP4 data, aka internal bug 20139950, a different vulnerability than CVE-2015-1538. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7915, CVE-2014-7916, and/or CVE-2014-7917. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3860 |
Title: packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3860 |
Severity: High |
| Description: packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended access restrictions via a long password that triggers a SystemUI crash, aka internal bug 22214934. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3829 |
Title: Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3829 SFBID76052 |
Severity: High |
| Description: Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1539 |
Title: Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-1539 SFBID76052 |
Severity: High |
| Description: Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3834 |
Title: Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application that uses HDCP encryption,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3834 |
Severity: High |
| Description: Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application that uses HDCP encryption, leading to a heap-based buffer overflow, aka internal bug 20222489. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3863 |
Title: Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3863 |
Severity: High |
| Description: Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation, aka internal bug 22802399. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3861 |
Title: Multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allow remote attackers to cause a denial of service (device... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3861 |
Severity: Medium |
| Description: Multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allow remote attackers to cause a denial of service (device inoperability) via crafted Matroska data, aka internal bug 21296336. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3842 |
Title: Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application, aka internal bug 21953516. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3842 |
Severity: High |
| Description: Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application, aka internal bug 21953516. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3832 |
Title: Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3832 |
Severity: High |
| Description: Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3864 |
Title: Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3864 SFBID76682 |
Severity: High |
| Description: Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1538 |
Title: Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an... |
Type: Mobile Devices |
Bulletins:
CVE-2015-1538 SFBID76052 |
Severity: High |
| Description: Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1528 |
Title: Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory... |
Type: Mobile Devices |
Bulletins:
CVE-2015-1528 |
Severity: High |
| Description: Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory corruption) via a crafted application, aka internal bug 19334482. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1536 |
Title: Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server... |
Type: Mobile Devices |
Bulletins:
CVE-2015-1536 |
Severity: High |
| Description: Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server memory-content information via a crafted application that leverages improper unmarshalling of bitmaps, aka internal bug 19666945. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-7916 |
Title: Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751. |
Type: Mobile Devices |
Bulletins:
CVE-2014-7916 |
Severity: High |
| Description: Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-7917 |
Title: Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615. |
Type: Mobile Devices |
Bulletins:
CVE-2014-7917 |
Severity: High |
| Description: Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-7915 |
Title: Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708. |
Type: Mobile Devices |
Bulletins:
CVE-2014-7915 |
Severity: High |
| Description: Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3831 |
Title: Buffer overflow in the readAt function in BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnection.cpp in the mediaserver service in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3831 |
Severity: High |
| Description: Buffer overflow in the readAt function in BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnection.cpp in the mediaserver service in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 19400722. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3835 |
Title: Buffer overflow in the OMXNodeInstance::emptyBuffer function in omx/OMXNodeInstance.cpp in libstagefright in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 20634516. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3835 |
Severity: High |
| Description: Buffer overflow in the OMXNodeInstance::emptyBuffer function in omx/OMXNodeInstance.cpp in libstagefright in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 20634516. | ||||
| Applies to: |
Created: 2015-09-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6280 |
Title: The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly... |
Type: Hardware |
Bulletins:
CVE-2015-6280 |
Severity: High |
| Description: The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication, which allows remote attackers to obtain login access by leveraging knowledge of a username and the associated public key, aka Bug ID CSCus73013. | ||||
| Applies to: |
Created: 2015-09-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6278 |
Title: The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S;... |
Type: Hardware |
Bulletins:
CVE-2015-6278 |
Severity: High |
| Description: The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3S; and 3.14S before 3.14.2S does not properly implement the Control Plane Protection (aka CPPr) feature, which allows remote attackers to cause a denial of service (device reload) via a flood of ND packets, aka Bug ID CSCus19794. | ||||
| Applies to: |
Created: 2015-09-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6279 |
Title: The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S;... |
Type: Hardware |
Bulletins:
CVE-2015-6279 |
Severity: High |
| Description: The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3S; and 3.14S before 3.14.2S allows remote attackers to cause a denial of service (device reload) via a malformed ND packet with the Cryptographically Generated Address (CGA) option, aka Bug ID CSCuo04400. | ||||
| Applies to: |
Created: 2015-09-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6302 |
Title: The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request UDP packets, aka Bug ID CSCuw29419. |
Type: Hardware |
Bulletins:
CVE-2015-6302 |
Severity: Medium |
| Description: The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request UDP packets, aka Bug ID CSCuw29419. | ||||
| Applies to: |
Created: 2015-09-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6282 |
Title: Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka... |
Type: Hardware |
Bulletins:
CVE-2015-6282 |
Severity: High |
| Description: Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IPv4 packets that require NAT and MPLS actions, aka Bug ID CSCut96933. | ||||
| Applies to: |
Created: 2015-09-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6295 |
Title: Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved... |
Type: Hardware |
Bulletins:
CVE-2015-6295 |
Severity: Medium |
| Description: Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved VLAN number, aka Bug ID CSCuw13560. | ||||
| Applies to: |
Created: 2015-09-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5879 |
Title: XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption)... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5879 SFBID76764 |
Severity: Medium |
| Description: XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5791 |
Title: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5791 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5793 |
Title: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5793 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5814 |
Title: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5814 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5816 |
Title: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5816 SFBID76764 |
Severity: Medium |
| Description: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5822 |
Title: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5822 SFBID76764 |
Severity: Medium |
| Description: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5823 |
Title: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5823 SFBID76764 |
Severity: Medium |
| Description: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5789 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5789 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5790 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5790 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5792 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5792 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5794 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5794 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5795 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5795 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5796 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5796 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5797 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5797 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5799 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5799 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5800 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5800 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5801 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5801 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5802 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5802 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5803 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5803 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5804 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5804 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5805 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5805 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5806 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5806 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5807 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5807 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5809 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5809 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5810 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5810 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5811 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5811 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5812 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5812 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5813 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5813 SFBID76763 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5817 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5817 SFBID76766 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5818 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5818 SFBID76766 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5819 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5819 SFBID76766 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5821 |
Title: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5821 SFBID76766 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5921 |
Title: WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5921 SFBID76766 |
Severity: Medium |
| Description: WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5826 |
Title: WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5826 SFBID76766 |
Severity: Medium |
| Description: WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5825 |
Title: WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5825 SFBID76766 |
Severity: Medium |
| Description: WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5820 |
Title: WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5820 SFBID76766 |
Severity: Medium |
| Description: WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5827 |
Title: WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5827 SFBID76766 |
Severity: Medium |
| Description: WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5907 |
Title: WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5907 SFBID76766 |
Severity: Low |
| Description: WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5788 |
Title: The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5788 SFBID76766 |
Severity: Medium |
| Description: The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5764 |
Title: The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5764 SFBID76764 |
Severity: Medium |
| Description: The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5765 |
Title: The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5765 SFBID76764 |
Severity: Medium |
| Description: The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5767 |
Title: The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5767 SFBID76764 |
Severity: Medium |
| Description: The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5832 |
Title: The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5832 SFBID76764 |
Severity: Low |
| Description: The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified vectors. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5906 |
Title: The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5906 SFBID76766 |
Severity: Medium |
| Description: The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3801 |
Title: The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3801 SFBID76764 |
Severity: Medium |
| Description: The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6297 |
Title: The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525. |
Type: Hardware |
Bulletins:
CVE-2015-6297 |
Severity: Medium |
| Description: The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5851 |
Title: The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5851 SFBID76764 |
Severity: Low |
| Description: The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5912 |
Title: The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5912 SFBID76764 |
Severity: Medium |
| Description: The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5856 |
Title: The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5856 SFBID76764 |
Severity: Medium |
| Description: The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-8611 |
Title: The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a... |
Type: Mobile Devices |
Bulletins:
CVE-2014-8611 |
Severity: Medium |
| Description: The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5838 |
Title: SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5838 SFBID76764 |
Severity: Medium |
| Description: SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5861 |
Title: SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5861 SFBID76764 |
Severity: Low |
| Description: SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5892 |
Title: Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5892 SFBID76764 |
Severity: Low |
| Description: Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5905 |
Title: Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5905 SFBID76764 |
Severity: Medium |
| Description: Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5904 |
Title: Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5904 SFBID76764 |
Severity: Medium |
| Description: Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5831 |
Title: NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5831 SFBID76764 |
Severity: Medium |
| Description: NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5857 |
Title: Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5857 SFBID76764 |
Severity: Medium |
| Description: Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5880 |
Title: CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5880 SFBID76764 |
Severity: Medium |
| Description: CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6294 |
Title: Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuu25770. |
Type: Hardware |
Bulletins:
CVE-2015-6294 |
Severity: Medium |
| Description: Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuu25770. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5850 |
Title: AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5850 SFBID76764 |
Severity: Low |
| Description: AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5835 |
Title: Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5835 SFBID76764 |
Severity: Medium |
| Description: Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme. | ||||
| Applies to: |
Created: 2015-09-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6270 |
Title: Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555. |
Type: Hardware |
Bulletins:
CVE-2015-6270 |
Severity: High |
| Description: Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555. | ||||
| Applies to: |
Created: 2015-08-31 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6269 |
Title: Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990. |
Type: Hardware |
Bulletins:
CVE-2015-6269 |
Severity: High |
| Description: Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990. | ||||
| Applies to: |
Created: 2015-08-31 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6271 |
Title: Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted SIP packet, aka Bug IDs CSCta74749 and... |
Type: Hardware |
Bulletins:
CVE-2015-6271 |
Severity: High |
| Description: Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted SIP packet, aka Bug IDs CSCta74749 and CSCta77008. | ||||
| Applies to: |
Created: 2015-08-31 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6272 |
Title: Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted H.323 packet, aka Bug ID CSCsx35393,... |
Type: Hardware |
Bulletins:
CVE-2015-6272 |
Severity: High |
| Description: Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted H.323 packet, aka Bug ID CSCsx35393, CSCsx07094, and CSCsw93064. | ||||
| Applies to: |
Created: 2015-08-31 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6273 |
Title: Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash)... |
Type: Hardware |
Bulletins:
CVE-2015-6273 |
Severity: High |
| Description: Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash) via crafted IP packets, aka Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623. | ||||
| Applies to: |
Created: 2015-08-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6267 |
Title: Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496. |
Type: Hardware |
Bulletins:
CVE-2015-6267 |
Severity: High |
| Description: Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496. | ||||
| Applies to: |
Created: 2015-08-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6268 |
Title: Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482. |
Type: Hardware |
Bulletins:
CVE-2015-6268 |
Severity: High |
| Description: Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482. | ||||
| Applies to: |
Created: 2015-08-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6258 |
Title: The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033. |
Type: Hardware |
Bulletins:
CVE-2015-6258 |
Severity: Medium |
| Description: The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033. | ||||
| Applies to: |
Created: 2015-08-22 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4277 |
Title: The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory... |
Type: Hardware |
Bulletins:
CVE-2015-4277 |
Severity: Medium |
| Description: The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory consumption, and device hang) via unspecified vectors, aka Bug ID CSCut93842. | ||||
| Applies to: |
Created: 2015-08-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4296 |
Title: Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0(2)A6(1) allows remote attackers to cause a denial of service (Java process restart) via crafted connections to the Java application, aka Bug ID CSCut87006. |
Type: Hardware |
Bulletins:
CVE-2015-4296 |
Severity: Medium |
| Description: Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0(2)A6(1) allows remote attackers to cause a denial of service (Java process restart) via crafted connections to the Java application, aka Bug ID CSCut87006. | ||||
| Applies to: |
Created: 2015-08-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4301 |
Title: Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows remote authenticated users to cause a denial of service (device hang) via large files that are copied to a device's filesystem, aka Bug ID CSCuu77225. |
Type: Hardware |
Bulletins:
CVE-2015-4301 |
Severity: Medium |
| Description: Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows remote authenticated users to cause a denial of service (device hang) via large files that are copied to a device's filesystem, aka Bug ID CSCuu77225. | ||||
| Applies to: |
Created: 2015-08-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4323 |
Title: Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus 7000 devices 6.2(14)S1; Nexus 9000 devices... |
Type: Hardware |
Bulletins:
CVE-2015-4323 SFBID76367 |
Severity: Medium |
| Description: Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus 7000 devices 6.2(14)S1; Nexus 9000 devices 7.3(0)ZN(0.9); and MDS 9000 devices 6.2 (13) and 7.1(0)ZN(91.99) and MDS SAN-OS 7.1(0)ZN(91.99) allows remote attackers to cause a denial of service (device outage) via a crafted ARP packet, related to incorrect MTU validation, aka Bug IDs CSCuv71933, CSCuv61341, CSCuv61321, CSCuu78074, CSCut37060, CSCuv61266, CSCuv61351, CSCuv61358, and CSCuv61366. | ||||
| Applies to: |
Created: 2015-08-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4324 |
Title: Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexus 9000 devices 7.3(0)ZN(0.81) allows remote... |
Type: Hardware |
Bulletins:
CVE-2015-4324 SFBID76372 |
Severity: Medium |
| Description: Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexus 9000 devices 7.3(0)ZN(0.81) allows remote attackers to cause a denial of service (IGMP process restart) via a malformed IGMPv3 packet that is mishandled during memory allocation, aka Bug IDs CSCuv69713, CSCuv69717, CSCuv69723, CSCuv69732, and CSCuv48908. | ||||
| Applies to: |
Created: 2015-08-19 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3730 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3730 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3734 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3734 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3735 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3735 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3736 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3736 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3737 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3737 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3738 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3738 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3739 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3739 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3731 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3731 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3732 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3732 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3733 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3733 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3740 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3740 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3741 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3741 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3742 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3742 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3743 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3743 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3744 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3744 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3745 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3745 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3746 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3746 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3747 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3747 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3748 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3748 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3749 |
Title: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3749 SFBID76338 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3753 |
Title: WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3753 SFBID76341 |
Severity: Medium |
| Description: WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3750 |
Title: WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3750 SFBID76341 |
Severity: Medium |
| Description: WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3755 |
Title: WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3755 SFBID76344 |
Severity: Medium |
| Description: WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3751 |
Title: WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3751 SFBID76341 |
Severity: Medium |
| Description: WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5759 |
Title: WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5759 SFBID76337 |
Severity: Medium |
| Description: WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3758 |
Title: UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3758 SFBID76337 |
Severity: Medium |
| Description: UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3796 |
Title: The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3796 SFBID76343 |
Severity: High |
| Description: The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3797 and CVE-2015-3798. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3797 |
Title: The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3797 SFBID76343 |
Severity: High |
| Description: The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3798. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3798 |
Title: The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3798 SFBID76343 |
Severity: High |
| Description: The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3797. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5749 |
Title: The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5749 SFBID76337 |
Severity: Medium |
| Description: The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5769 |
Title: The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5769 SFBID76337 |
Severity: High |
| Description: The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5748 |
Title: The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5748 SFBID76340 |
Severity: Low |
| Description: The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3766 |
Title: The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3766 SFBID76343 |
Severity: Medium |
| Description: The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3800 |
Title: The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3800 SFBID76343 |
Severity: High |
| Description: The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3752 |
Title: The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3752 SFBID76341 |
Severity: Medium |
| Description: The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3756 |
Title: The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3756 SFBID76337 |
Severity: Low |
| Description: The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3763 |
Title: Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3763 SFBID76337 |
Severity: Medium |
| Description: Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5773 |
Title: QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5773 SFBID76343 |
Severity: Medium |
| Description: QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5770 |
Title: MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5770 SFBID76337 |
Severity: Medium |
| Description: MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3759 |
Title: Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3759 SFBID76337 |
Severity: Medium |
| Description: Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3795 |
Title: libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3795 SFBID76343 |
Severity: High |
| Description: libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5757 |
Title: libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5757 SFBID76343 |
Severity: High |
| Description: libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5776 |
Title: Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5776 SFBID76343 |
Severity: High |
| Description: Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3776 |
Title: IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3776 SFBID76343 |
Severity: High |
| Description: IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3768 |
Title: Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3768 SFBID76343 |
Severity: High |
| Description: Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5782 |
Title: ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5782 SFBID76343 |
Severity: Medium |
| Description: ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5781 |
Title: ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5781 SFBID76343 |
Severity: Medium |
| Description: ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5758 |
Title: ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5758 SFBID76343 |
Severity: Medium |
| Description: ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3804 |
Title: FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3804 SFBID76343 |
Severity: High |
| Description: FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5756 |
Title: FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5756 SFBID76343 |
Severity: Medium |
| Description: FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5775 |
Title: FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5775 SFBID76343 |
Severity: High |
| Description: FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5766 |
Title: Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5766 SFBID76337 |
Severity: Medium |
| Description: Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5755 |
Title: CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5755 SFBID76343 |
Severity: Medium |
| Description: CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5761 |
Title: CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5761 SFBID76343 |
Severity: Medium |
| Description: CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5777 |
Title: CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5777 SFBID76343 |
Severity: Medium |
| Description: CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5778 |
Title: CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5778 SFBID76343 |
Severity: Medium |
| Description: CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3782 |
Title: CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3782 SFBID76343 |
Severity: Medium |
| Description: CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3793 |
Title: CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3793 SFBID76337 |
Severity: Medium |
| Description: CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5774 |
Title: Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5774 SFBID76343 |
Severity: High |
| Description: Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3778 |
Title: bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3778 SFBID76337 |
Severity: Low |
| Description: bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5752 |
Title: Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5752 SFBID76337 |
Severity: Medium |
| Description: Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5746 |
Title: AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling. |
Type: Mobile Devices |
Bulletins:
CVE-2015-5746 SFBID76337 |
Severity: Medium |
| Description: AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3803 |
Title: Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3803 SFBID76343 |
Severity: High |
| Description: Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3802 |
Title: Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3802 SFBID76343 |
Severity: High |
| Description: Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3805 |
Title: Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3805 SFBID76343 |
Severity: High |
| Description: Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3806 |
Title: Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3806 SFBID76343 |
Severity: High |
| Description: Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file. | ||||
| Applies to: |
Created: 2015-08-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1805 |
Title: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local... |
Type: Mobile Devices |
Bulletins:
CVE-2015-1805 SFBID74951 |
Severity: High |
| Description: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." | ||||
| Applies to: |
Created: 2015-08-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4295 |
Title: The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819. |
Type: Hardware |
Bulletins:
CVE-2015-4295 |
Severity: Medium |
| Description: The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819. | ||||
| Applies to: Unified Communications Manager |
Created: 2015-07-31 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4291 |
Title: Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617. |
Type: Hardware |
Bulletins:
CVE-2015-4291 |
Severity: High |
| Description: Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617. | ||||
| Applies to: |
Created: 2015-07-31 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4293 |
Title: The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after... |
Type: Hardware |
Bulletins:
CVE-2015-4293 |
Severity: Medium |
| Description: The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957. | ||||
| Applies to: |
Created: 2015-07-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0681 |
Title: The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS before 3.6.0S; 3.1.xSG,... |
Type: Hardware |
Bulletins:
CVE-2015-0681 |
Severity: High |
| Description: The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS before 3.6.0S; 3.1.xSG, 3.2.xSG, and 3.3.xSG before 3.4.0SG; 3.2.xSE before 3.3.0SE; 3.2.xXO before 3.3.0XO; 3.2.xSQ; 3.3.xSQ; and 3.4.xSQ allows remote attackers to cause a denial of service (device hang or reload) via multiple requests that trigger improper memory management, aka Bug ID CSCts66733. | ||||
| Applies to: |
Created: 2015-07-24 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4285 |
Title: The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows... |
Type: Hardware |
Bulletins:
CVE-2015-4285 |
Severity: Medium |
| Description: The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273. | ||||
| Applies to: |
Created: 2015-07-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4284 |
Title: The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670. |
Type: Hardware |
Bulletins:
CVE-2015-4284 SFBID75980 |
Severity: Medium |
| Description: The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670. | ||||
| Applies to: |
Created: 2015-07-22 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5363 |
Title: The SRX Network Security Daemon (nsd) in Juniper SRX Series services gateways with Junos 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 allows remote DNS servers to cause a denial... |
Type: Hardware |
Bulletins:
CVE-2015-5363 |
Severity: Medium |
| Description: The SRX Network Security Daemon (nsd) in Juniper SRX Series services gateways with Junos 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 allows remote DNS servers to cause a denial of service (crash) via a crafted DNS response. | ||||
| Applies to: |
Created: 2015-07-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5357 |
Title: The Juniper EX4600, QFX3500, QFX3600, and QFX5100 switches with Junos 13.2X51-D15 through 13.2X51-D25, 13.2X51 before 13.2X51-D30, and 14.1X53 before 14.1X53-D10 allows remote attackers to cause a denial of service (CPU consumption) via unspecified... |
Type: Hardware |
Bulletins:
CVE-2015-5357 |
Severity: Medium |
| Description: The Juniper EX4600, QFX3500, QFX3600, and QFX5100 switches with Junos 13.2X51-D15 through 13.2X51-D25, 13.2X51 before 13.2X51-D30, and 14.1X53 before 14.1X53-D10 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | ||||
| Applies to: |
Created: 2015-07-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5360 |
Title: IPv6 sendd in Juniper Junos 12.1X44 before 12.1X44-D51, 12.1X46 before 12.1X46-D36, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5,... |
Type: Hardware |
Bulletins:
CVE-2015-5360 |
Severity: Medium |
| Description: IPv6 sendd in Juniper Junos 12.1X44 before 12.1X44-D51, 12.1X46 before 12.1X46-D36, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.2 before 14.2R3, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D20, when the "set protocols neighbor-discovery secure security-level default" option is configured, allows remote attackers to cause a denial of service (CPU consumption) via a crafted Secure Neighbor Discovery (SEND) Protocol packet. | ||||
| Applies to: |
Created: 2015-07-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4269 |
Title: The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709. |
Type: Hardware |
Bulletins:
CVE-2015-4269 |
Severity: Medium |
| Description: The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709. | ||||
| Applies to: Unified Communications Manager |
Created: 2015-07-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3007 |
Title: The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically... |
Type: Hardware |
Bulletins:
CVE-2015-3007 |
Severity: High |
| Description: The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port. | ||||
| Applies to: |
Created: 2015-07-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5362 |
Title: The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before... |
Type: Hardware |
Bulletins:
CVE-2015-5362 |
Severity: High |
| Description: The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D85, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R3, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10 allows remote attackers to cause a denial of service (bfdd crash and restart) or execute arbitrary code via a crafted BFD packet. | ||||
| Applies to: |
Created: 2015-07-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4272 |
Title: Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2015-4272 |
Severity: Medium |
| Description: Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580. | ||||
| Applies to: Unified Communications Manager |
Created: 2015-07-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5358 |
Title: Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.2X52 before 13.2X52-D25, 13.3 before 13.3R6,... |
Type: Hardware |
Bulletins:
CVE-2015-5358 |
Severity: High |
| Description: Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.2X52 before 13.2X52-D25, 13.3 before 13.3R6, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.1X53 before 14.1X53-D12, 14.1X53 before 14.1X53-D16, 14.1X55 before 14.1X55-D25, 14.2 before 14.2R2, and 15.1 before 15.1R1 allows remote attackers to cause a denial of service (mbuf and connection consumption and restart) via a large number of requests that trigger a TCP connection to move to the LAST_ACK state when there is more data to send. | ||||
| Applies to: |
Created: 2015-07-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5359 |
Title: Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R7, 13.3 before 13.3R5, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.2 before... |
Type: Hardware |
Bulletins:
CVE-2015-5359 |
Severity: High |
| Description: Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R7, 13.3 before 13.3R5, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.2 before 14.2R2, and 15.1 before 15.1R1 allows remote attackers to cause a denial of service (NULL pointer dereference and RDP crash) via a large number of BGP-VPLS advertisements with updated BGP local preference values. | ||||
| Applies to: |
Created: 2015-07-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4243 |
Title: The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug... |
Type: Hardware |
Bulletins:
CVE-2015-4243 |
Severity: Medium |
| Description: The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR 1000 devices allows remote attackers to cause a denial of service (device reload) by sending malformed PPPoE Active Discovery Request (PADR) packets on the local network, aka Bug ID CSCty94202. | ||||
| Applies to: |
Created: 2015-07-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4231 |
Title: The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416. |
Type: Hardware |
Bulletins:
CVE-2015-4231 |
Severity: Low |
| Description: The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416. | ||||
| Applies to: |
Created: 2015-07-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4237 |
Title: The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491,... |
Type: Hardware |
Bulletins:
CVE-2015-4237 |
Severity: Medium |
| Description: The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436. | ||||
| Applies to: |
Created: 2015-07-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4232 |
Title: Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856. |
Type: Hardware |
Bulletins:
CVE-2015-4232 SFBID75503 |
Severity: Medium |
| Description: Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856. | ||||
| Applies to: |
Created: 2015-07-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4234 |
Title: Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127. |
Type: Hardware |
Bulletins:
CVE-2015-4234 SFBID75502 |
Severity: High |
| Description: Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127. | ||||
| Applies to: |
Created: 2015-07-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3727 |
Title: WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3727 SFBID75492 |
Severity: Medium |
| Description: WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3719 |
Title: TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3719 SFBID75491 |
Severity: Medium |
| Description: TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3728 |
Title: The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3728 SFBID75490 |
Severity: Medium |
| Description: The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3726 |
Title: The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3726 SFBID75490 |
Severity: Medium |
| Description: The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3659 |
Title: The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3659 SFBID75492 |
Severity: Medium |
| Description: The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3658 |
Title: The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3658 SFBID75492 |
Severity: Medium |
| Description: The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3721 |
Title: The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3721 SFBID75491 |
Severity: Medium |
| Description: The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3684 |
Title: The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3684 SFBID75491 |
Severity: Medium |
| Description: The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3690 |
Title: The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3690 SFBID75491 |
Severity: Medium |
| Description: The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3725 |
Title: MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted universal provisioning profile app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3725 SFBID75490 |
Severity: Medium |
| Description: MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted universal provisioning profile app. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3710 |
Title: Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3710 SFBID75491 |
Severity: Medium |
| Description: Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3703 |
Title: ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3703 SFBID75491 |
Severity: Medium |
| Description: ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3694 |
Title: FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3694 SFBID75491 |
Severity: Medium |
| Description: FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3685 |
Title: CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3685 SFBID75491 |
Severity: Medium |
| Description: CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3686 |
Title: CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3686 SFBID75491 |
Severity: Medium |
| Description: CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3687 |
Title: CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3687 SFBID75491 |
Severity: Medium |
| Description: CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3688, and CVE-2015-3689. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3688 |
Title: CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3688 SFBID75491 |
Severity: Medium |
| Description: CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3689 |
Title: CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685,... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3689 SFBID75491 |
Severity: Medium |
| Description: CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3688. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3723 |
Title: CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3724. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3723 SFBID75490 |
Severity: Medium |
| Description: CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3724. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3724 |
Title: CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3724 SFBID75490 |
Severity: Medium |
| Description: CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3722 |
Title: Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal provisioning profile app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3722 SFBID75490 |
Severity: Medium |
| Description: Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal provisioning profile app. | ||||
| Applies to: |
Created: 2015-07-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4199 |
Title: Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer free and module crash) by triggering intermittent... |
Type: Hardware |
Bulletins:
CVE-2015-4199 SFBID75335 |
Severity: High |
| Description: Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer free and module crash) by triggering intermittent connectivity with many IPv6 CPE devices, aka Bug ID CSCug47366. | ||||
| Applies to: |
Created: 2015-06-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4225 |
Title: Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) and 1.0(1e) on Nexus 9000 devices does not properly implement RBAC health scoring, which allows remote authenticated users to obtain sensitive information via unspecified vectors,... |
Type: Hardware |
Bulletins:
CVE-2015-4225 SFBID75433 |
Severity: Medium |
| Description: Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) and 1.0(1e) on Nexus 9000 devices does not properly implement RBAC health scoring, which allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuq77485. | ||||
| Applies to: |
Created: 2015-06-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4224 |
Title: Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474. |
Type: Hardware |
Bulletins:
CVE-2015-4224 SFBID75415 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474. | ||||
| Applies to: |
Created: 2015-06-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4223 |
Title: Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478. |
Type: Hardware |
Bulletins:
CVE-2015-4223 SFBID75399 |
Severity: Medium |
| Description: Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478. | ||||
| Applies to: |
Created: 2015-06-25 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4215 |
Title: Cisco Wireless LAN Controller (WLC) devices with software 7.5(102.0) and 7.6(1.62) allow remote attackers to cause a denial of service (device crash) by triggering an exception during attempted forwarding of unspecified IPv6 packets to a non-IPv6... |
Type: Hardware |
Bulletins:
CVE-2015-4215 SFBID75369 |
Severity: Medium |
| Description: Cisco Wireless LAN Controller (WLC) devices with software 7.5(102.0) and 7.6(1.62) allow remote attackers to cause a denial of service (device crash) by triggering an exception during attempted forwarding of unspecified IPv6 packets to a non-IPv6 device, aka Bug ID CSCuj01046. | ||||
| Applies to: |
Created: 2015-06-24 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4213 |
Title: Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391. |
Type: Hardware |
Bulletins:
CVE-2015-4213 SFBID75378 |
Severity: Medium |
| Description: Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391. | ||||
| Applies to: |
Created: 2015-06-24 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4203 |
Title: Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed... |
Type: Hardware |
Bulletins:
CVE-2015-4203 SFBID75339 |
Severity: Medium |
| Description: Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6VPE packets quickly, aka Bug ID CSCud83396. | ||||
| Applies to: |
Created: 2015-06-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4200 |
Title: Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory consumption) by triggering an error during CPE negotiation,... |
Type: Hardware |
Bulletins:
CVE-2015-4200 SFBID75254 |
Severity: High |
| Description: Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory consumption) by triggering an error during CPE negotiation, aka Bug ID CSCug00885. | ||||
| Applies to: |
Created: 2015-06-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4204 |
Title: Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests... |
Type: Hardware |
Bulletins:
CVE-2015-4204 SFBID75337 |
Severity: Medium |
| Description: Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests quickly, aka Bug ID CSCue65051. | ||||
| Applies to: |
Created: 2015-06-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4205 |
Title: Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959. |
Type: Hardware |
Bulletins:
CVE-2015-4205 SFBID75352 |
Severity: Medium |
| Description: Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959. | ||||
| Applies to: |
Created: 2015-06-23 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4197 |
Title: Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415. |
Type: Hardware |
Bulletins:
CVE-2015-4197 SFBID75324 |
Severity: Medium |
| Description: Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415. | ||||
| Applies to: |
Created: 2015-06-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4202 |
Title: Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization... |
Type: Hardware |
Bulletins:
CVE-2015-4202 SFBID75321 |
Severity: Medium |
| Description: Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203. | ||||
| Applies to: |
Created: 2015-06-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4191 |
Title: Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565. |
Type: Hardware |
Bulletins:
CVE-2015-4191 SFBID75260 |
Severity: Medium |
| Description: Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565. | ||||
| Applies to: |
Created: 2015-06-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4195 |
Title: Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127. |
Type: Hardware |
Bulletins:
CVE-2015-4195 SFBID75295 |
Severity: Medium |
| Description: Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127. | ||||
| Applies to: |
Created: 2015-06-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-4185 |
Title: The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202. |
Type: Hardware |
Bulletins:
CVE-2015-4185 SFBID72310 |
Severity: Medium |
| Description: The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202. | ||||
| Applies to: |
Created: 2015-06-13 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0771 |
Title: The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2015-0771 |
Severity: Medium |
| Description: The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505. | ||||
| Applies to: |
Created: 2015-06-12 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0775 |
Title: The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000... |
Type: Hardware |
Bulletins:
CVE-2015-0775 |
Severity: Medium |
| Description: The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000 devices, and 7.2(0)ZN(99.67) on Nexus 3000 devices allows remote attackers to cause a denial of service (login process reset) via an unspecified terminal-session request during TELNET session setup, aka Bug IDs CSCuo10554, CSCuu75466, CSCuu75471, CSCuu75484, CSCuu75498, CSCuu77170, and CSCuu77182. | ||||
| Applies to: Cisco Nexus 1000V VSM |
Created: 2015-06-12 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0776 |
Title: telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566. |
Type: Hardware |
Bulletins:
CVE-2015-0776 |
Severity: Medium |
| Description: telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566. | ||||
| Applies to: |
Created: 2015-06-12 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0756 |
Title: Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104. |
Type: Hardware |
Bulletins:
CVE-2015-0756 |
Severity: Medium |
| Description: Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104. | ||||
| Applies to: |
Created: 2015-05-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0751 |
Title: Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. |
Type: Hardware |
Bulletins:
CVE-2015-0751 |
Severity: High |
| Description: Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. | ||||
| Applies to: Unified Communications Manager |
Created: 2015-05-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1157 |
Title: CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications... |
Type: Mobile Devices |
Bulletins:
CVE-2015-1157 SFBID75491 |
Severity: High |
| Description: CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message. | ||||
| Applies to: |
Created: 2015-05-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0723 |
Title: The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart) via a crafted value, aka Bug ID CSCum03269. |
Type: Hardware |
Bulletins:
CVE-2015-0723 |
Severity: Medium |
| Description: The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart) via a crafted value, aka Bug ID CSCum03269. | ||||
| Applies to: |
Created: 2015-05-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0726 |
Title: The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via... |
Type: Hardware |
Bulletins:
CVE-2015-0726 SFBID74641 |
Severity: Medium |
| Description: The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via unspecified parameters, aka Bug IDs CSCum65159 and CSCum65252. | ||||
| Applies to: |
Created: 2015-05-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0717 |
Title: Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. |
Type: Hardware |
Bulletins:
CVE-2015-0717 |
Severity: Medium |
| Description: Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. | ||||
| Applies to: Unified Communications Manager |
Created: 2015-05-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0731 |
Title: The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890. |
Type: Hardware |
Bulletins:
CVE-2015-0731 |
Severity: Medium |
| Description: The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890. | ||||
| Applies to: |
Created: 2015-05-15 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1152 |
Title: WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-1152 SFBID74525 |
Severity: Medium |
| Description: WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154. | ||||
| Applies to: |
Created: 2015-05-07 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1153 |
Title: WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-1153 SFBID74523 |
Severity: Medium |
| Description: WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154. | ||||
| Applies to: |
Created: 2015-05-07 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1156 |
Title: The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same... |
Type: Mobile Devices |
Bulletins:
CVE-2015-1156 SFBID74524 |
Severity: Medium |
| Description: The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site. | ||||
| Applies to: |
Created: 2015-05-07 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1155 |
Title: The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1155 SFBID74527 |
Severity: Medium |
| Description: The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. | ||||
| Applies to: |
Created: 2015-05-07 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-8361 |
Title: The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request. |
Type: Hardware |
Bulletins:
CVE-2014-8361 SFBID74330 |
Severity: High |
| Description: The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request. | ||||
| Applies to: dir-600l dir-605l dir-619l dir-809 dir-905l |
Created: 2015-05-01 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3447 |
Title: Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchSpoof or (2) searchSpoofIpDet parameter. |
Type: Hardware |
Bulletins:
CVE-2015-3447 SFBID74406 |
Severity: Medium |
| Description: Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchSpoof or (2) searchSpoofIpDet parameter. | ||||
| Applies to: |
Created: 2015-04-29 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0710 |
Title: The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversized and trigger improper fragmentation handling,... |
Type: Hardware |
Bulletins:
CVE-2015-0710 |
Severity: Medium |
| Description: The Overlay Transport Virtualization (OTV) implementation in Cisco IOS XE 3.10S allows remote attackers to cause a denial of service (device reload) via a series of packets that are considered oversized and trigger improper fragmentation handling, aka Bug IDs CSCup37676 and CSCup30335. | ||||
| Applies to: |
Created: 2015-04-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0709 |
Title: Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID CSCur21348. |
Type: Hardware |
Bulletins:
CVE-2015-0709 |
Severity: Medium |
| Description: Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID CSCur21348. | ||||
| Applies to: |
Created: 2015-04-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0708 |
Title: Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956. |
Type: Hardware |
Bulletins:
CVE-2015-0708 |
Severity: Medium |
| Description: Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956. | ||||
| Applies to: |
Created: 2015-04-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0695 |
Title: Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card... |
Type: Hardware |
Bulletins:
CVE-2015-0695 SFBID74162 |
Severity: High |
| Description: Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card hangs and reloads) by triggering use of a BVI interface for IPv4 packets, aka Bug ID CSCur62957. | ||||
| Applies to: |
Created: 2015-04-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1126 |
Title: WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource... |
Type: Mobile Devices |
Bulletins:
CVE-2015-1126 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1116 |
Title: The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1116 SFBID73978 |
Severity: Low |
| Description: The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1125 |
Title: The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1125 |
Severity: Medium |
| Description: The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1115 |
Title: The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1115 SFBID73978 |
Severity: Medium |
| Description: The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1113 |
Title: The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1113 SFBID73978 |
Severity: Low |
| Description: The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1106 |
Title: The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1106 SFBID73978 |
Severity: Low |
| Description: The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1107 |
Title: The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making... |
Type: Mobile Devices |
Bulletins:
CVE-2015-1107 SFBID73978 |
Severity: Low |
| Description: The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1108 |
Title: The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1108 SFBID73978 |
Severity: Low |
| Description: The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1091 |
Title: The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin... |
Type: Mobile Devices |
Bulletins:
CVE-2015-1091 SFBID73984 |
Severity: Medium |
| Description: The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1111 |
Title: Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1111 SFBID73978 |
Severity: Medium |
| Description: Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1109 |
Title: NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1109 SFBID73978 |
Severity: Low |
| Description: NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3003 |
Title: Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 allows local users... |
Type: Hardware |
Bulletins:
CVE-2015-3003 SFBID74023 |
Severity: High |
| Description: Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 allows local users to gain privileges via crafted combinations of CLI commands and arguments. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3002 |
Title: Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port... |
Type: Hardware |
Bulletins:
CVE-2015-3002 SFBID74019 |
Severity: Medium |
| Description: Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port console] stanza, which allows physically proximate attackers to reconnect to the console port and gain administrative access by leveraging access to the device. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3004 |
Title: J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3... |
Type: Hardware |
Bulletins:
CVE-2015-3004 SFBID74017 |
Severity: Medium |
| Description: J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R5, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, and 14.2 before 14.2R1 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1098 |
Title: iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1098 SFBID73984 |
Severity: Medium |
| Description: iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1093 |
Title: FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1093 SFBID73984 |
Severity: Medium |
| Description: FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1087 |
Title: Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1087 SFBID73978 |
Severity: Low |
| Description: Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3005 |
Title: Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject... |
Type: Hardware |
Bulletins:
CVE-2015-3005 SFBID74016 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1088 |
Title: CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1088 SFBID73984 |
Severity: Medium |
| Description: CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1090 |
Title: CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1090 SFBID73978 |
Severity: Medium |
| Description: CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1089 |
Title: CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1089 SFBID73984 |
Severity: Medium |
| Description: CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1085 |
Title: AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1085 SFBID73978 |
Severity: Low |
| Description: AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1112 |
Title: Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive... |
Type: Mobile Devices |
Bulletins:
CVE-2015-1112 |
Severity: Medium |
| Description: Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1129 |
Title: Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1129 |
Severity: Medium |
| Description: Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site. | ||||
| Applies to: |
Created: 2015-04-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0690 |
Title: Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178. |
Type: Hardware |
Bulletins:
CVE-2015-0690 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178. | ||||
| Applies to: |
Created: 2015-04-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0688 |
Title: Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070. |
Type: Hardware |
Bulletins:
CVE-2015-0688 |
Severity: High |
| Description: Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323 packets, aka Bug ID CSCup21070. | ||||
| Applies to: |
Created: 2015-04-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0686 |
Title: The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service (device reload) via unspecified vectors, aka Bug ID... |
Type: Hardware |
Bulletins:
CVE-2015-0686 |
Severity: Medium |
| Description: The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service (device reload) via unspecified vectors, aka Bug ID CSCuq92240. | ||||
| Applies to: |
Created: 2015-04-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0687 |
Title: The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of service (device crash) by performing SNMP polling, aka... |
Type: Hardware |
Bulletins:
CVE-2015-0687 |
Severity: Medium |
| Description: The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of service (device crash) by performing SNMP polling, aka Bug ID CSCuq04574. | ||||
| Applies to: |
Created: 2015-04-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0685 |
Title: Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873. |
Type: Hardware |
Bulletins:
CVE-2015-0685 |
Severity: High |
| Description: Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873. | ||||
| Applies to: |
Created: 2015-04-02 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0679 |
Title: The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980. |
Type: Hardware |
Bulletins:
CVE-2015-0679 |
Severity: Medium |
| Description: The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980. | ||||
| Applies to: |
Created: 2015-03-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0658 |
Title: The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on... |
Type: Hardware |
Bulletins:
CVE-2015-0658 |
Severity: High |
| Description: The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589. | ||||
| Applies to: |
Created: 2015-03-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0680 |
Title: Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439. |
Type: Hardware |
Bulletins:
CVE-2015-0680 |
Severity: Medium |
| Description: Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439. | ||||
| Applies to: Unified Callmanager |
Created: 2015-03-27 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0650 |
Title: The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote... |
Type: Hardware |
Bulletins:
CVE-2015-0650 |
Severity: High |
| Description: The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) by sending malformed mDNS UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCup70579. | ||||
| Applies to: |
Created: 2015-03-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0645 |
Title: The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device... |
Type: Hardware |
Bulletins:
CVE-2015-0645 |
Severity: High |
| Description: The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuq59131. | ||||
| Applies to: |
Created: 2015-03-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0640 |
Title: The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device... |
Type: Hardware |
Bulletins:
CVE-2015-0640 |
Severity: High |
| Description: The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via large IP packets that require NAT and HSL processing after fragmentation, aka Bug ID CSCuo25741. | ||||
| Applies to: |
Created: 2015-03-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0672 |
Title: The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822. |
Type: Hardware |
Bulletins:
CVE-2015-0672 |
Severity: Medium |
| Description: The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822. | ||||
| Applies to: |
Created: 2015-03-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0639 |
Title: The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S,... |
Type: Hardware |
Bulletins:
CVE-2015-0639 |
Severity: High |
| Description: The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S, when MMON or NBAR is enabled, allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets with IPv4 UDP encapsulation, aka Bug ID CSCua79665. | ||||
| Applies to: |
Created: 2015-03-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0635 |
Title: The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA)... |
Type: Hardware |
Bulletins:
CVE-2015-0635 |
Severity: High |
| Description: The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device and node access restrictions or cause a denial of service (disrupted domain access), via crafted AN messages, aka Bug ID CSCup62191. | ||||
| Applies to: |
Created: 2015-03-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0636 |
Title: The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via... |
Type: Hardware |
Bulletins:
CVE-2015-0636 |
Severity: High |
| Description: The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine, aka Bug ID CSCup62293. | ||||
| Applies to: |
Created: 2015-03-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0637 |
Title: The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN... |
Type: Hardware |
Bulletins:
CVE-2015-0637 |
Severity: High |
| Description: The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN messages, aka Bug ID CSCup62315. | ||||
| Applies to: |
Created: 2015-03-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0646 |
Title: Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of... |
Type: Hardware |
Bulletins:
CVE-2015-0646 SFBID73340 |
Severity: High |
| Description: Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted TCP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum94811. | ||||
| Applies to: |
Created: 2015-03-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0648 |
Title: Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658. |
Type: Hardware |
Bulletins:
CVE-2015-0648 |
Severity: High |
| Description: Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658. | ||||
| Applies to: |
Created: 2015-03-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0641 |
Title: Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via crafted... |
Type: Hardware |
Bulletins:
CVE-2015-0641 |
Severity: High |
| Description: Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via crafted IPv6 packets, aka Bug ID CSCub68073. | ||||
| Applies to: |
Created: 2015-03-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0638 |
Title: Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145. |
Type: Hardware |
Bulletins:
CVE-2015-0638 |
Severity: High |
| Description: Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145. | ||||
| Applies to: |
Created: 2015-03-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0647 |
Title: Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371. |
Type: Hardware |
Bulletins:
CVE-2015-0647 |
Severity: High |
| Description: Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371. | ||||
| Applies to: |
Created: 2015-03-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0649 |
Title: Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514. |
Type: Hardware |
Bulletins:
CVE-2015-0649 |
Severity: High |
| Description: Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514. | ||||
| Applies to: |
Created: 2015-03-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0642 |
Title: Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of... |
Type: Hardware |
Bulletins:
CVE-2015-0642 SFBID73333 |
Severity: High |
| Description: Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum36951. | ||||
| Applies to: |
Created: 2015-03-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0643 |
Title: Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of... |
Type: Hardware |
Bulletins:
CVE-2015-0643 SFBID73333 |
Severity: High |
| Description: Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (memory consumption and device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuo75572. | ||||
| Applies to: |
Created: 2015-03-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0644 |
Title: AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service... |
Type: Hardware |
Bulletins:
CVE-2015-0644 |
Severity: High |
| Description: AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via a crafted TCP packet, aka Bug ID CSCuo53622. | ||||
| Applies to: |
Created: 2015-03-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0669 |
Title: The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN)... |
Type: Hardware |
Bulletins:
CVE-2015-0669 |
Severity: Medium |
| Description: The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN) messages on an intranet network, aka Bug ID CSCup62167. | ||||
| Applies to: |
Created: 2015-03-20 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1084 |
Title: The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1084 |
Severity: Medium |
| Description: The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. | ||||
| Applies to: |
Created: 2015-03-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1064 |
Title: Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1064 |
Severity: Low |
| Description: Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process. | ||||
| Applies to: |
Created: 2015-03-12 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1065 |
Title: Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1065 SFBID73007 |
Severity: Medium |
| Description: Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery. | ||||
| Applies to: |
Created: 2015-03-12 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1063 |
Title: CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1063 |
Severity: High |
| Description: CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message. | ||||
| Applies to: |
Created: 2015-03-12 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0661 |
Title: The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858. |
Type: Hardware |
Bulletins:
CVE-2015-0661 |
Severity: Medium |
| Description: The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858. | ||||
| Applies to: |
Created: 2015-03-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0598 |
Title: The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693. |
Type: Hardware |
Bulletins:
CVE-2015-0598 |
Severity: Medium |
| Description: The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693. | ||||
| Applies to: |
Created: 2015-03-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0659 |
Title: The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157. |
Type: Hardware |
Bulletins:
CVE-2015-0659 |
Severity: Medium |
| Description: The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157. | ||||
| Applies to: |
Created: 2015-03-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0607 |
Title: The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that... |
Type: Hardware |
Bulletins:
CVE-2015-0607 SFBID72794 |
Severity: Medium |
| Description: The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016. | ||||
| Applies to: |
Created: 2015-03-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0657 |
Title: Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192. |
Type: Hardware |
Bulletins:
CVE-2015-0657 |
Severity: Medium |
| Description: Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192. | ||||
| Applies to: |
Created: 2015-03-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0632 |
Title: Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770. |
Type: Hardware |
Bulletins:
CVE-2015-0632 SFBID72797 |
Severity: Medium |
| Description: Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770. | ||||
| Applies to: |
Created: 2015-02-26 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0618 |
Title: Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with... |
Type: Hardware |
Bulletins:
CVE-2015-0618 SFBID72713 |
Severity: High |
| Description: Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with extension headers, aka Bug ID CSCuq95241. | ||||
| Applies to: |
Created: 2015-02-21 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0622 |
Title: The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that are improperly handled during rendering of the... |
Type: Hardware |
Bulletins:
CVE-2015-0622 |
Severity: High |
| Description: The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that are improperly handled during rendering of the Signature Events Summary page, aka Bug ID CSCus46861. | ||||
| Applies to: |
Created: 2015-02-18 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0609 |
Title: Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via... |
Type: Hardware |
Bulletins:
CVE-2015-0609 SFBID72564 |
Severity: High |
| Description: Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCuj96752. | ||||
| Applies to: |
Created: 2015-02-15 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-1474 |
Title: Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption)... |
Type: Mobile Devices |
Bulletins:
CVE-2015-1474 SFBID72788 |
Severity: High |
| Description: Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values. | ||||
| Applies to: |
Created: 2015-02-15 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0593 |
Title: The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted network traffic, aka Bug ID CSCul65003. |
Type: Hardware |
Bulletins:
CVE-2015-0593 SFBID72549 |
Severity: High |
| Description: The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted network traffic, aka Bug ID CSCul65003. | ||||
| Applies to: |
Created: 2015-02-12 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0592 |
Title: The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672. |
Type: Hardware |
Bulletins:
CVE-2015-0592 |
Severity: High |
| Description: The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672. | ||||
| Applies to: |
Created: 2015-02-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0606 |
Title: The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696. |
Type: Hardware |
Bulletins:
CVE-2015-0606 SFBID72550 |
Severity: Medium |
| Description: The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696. | ||||
| Applies to: |
Created: 2015-02-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0610 |
Title: Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco... |
Type: Hardware |
Bulletins:
CVE-2015-0610 SFBID72565 |
Severity: Medium |
| Description: Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCun21071. | ||||
| Applies to: |
Created: 2015-02-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0608 |
Title: Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper... |
Type: Hardware |
Bulletins:
CVE-2015-0608 SFBID72566 |
Severity: High |
| Description: Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCul48736. | ||||
| Applies to: |
Created: 2015-02-11 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-8013 |
Title: The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182. |
Type: Hardware |
Bulletins:
CVE-2014-8013 SFBID72393 |
Severity: Medium |
| Description: The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182. | ||||
| Applies to: |
Created: 2015-02-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4467 |
Title: WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4467 |
Severity: Medium |
| Description: WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site. | ||||
| Applies to: |
Created: 2015-01-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-8840 |
Title: The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store. |
Type: Mobile Devices |
Bulletins:
CVE-2014-8840 |
Severity: Medium |
| Description: The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store. | ||||
| Applies to: |
Created: 2015-01-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4493 |
Title: The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4493 |
Severity: High |
| Description: The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app. | ||||
| Applies to: |
Created: 2015-01-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-4494 |
Title: Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging... |
Type: Mobile Devices |
Bulletins:
CVE-2014-4494 |
Severity: Medium |
| Description: Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app. | ||||
| Applies to: |
Created: 2015-01-30 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0586 |
Title: The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote attackers to cause a denial of service (NBAR... |
Type: Hardware |
Bulletins:
CVE-2015-0586 SFBID72309 |
Severity: High |
| Description: The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote attackers to cause a denial of service (NBAR process hang) via IPv4 packets, aka Bug ID CSCuo73682. | ||||
| Applies to: |
Created: 2015-01-28 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-8008 |
Title: Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414. |
Type: Hardware |
Bulletins:
CVE-2014-8008 SFBID72263 |
Severity: Medium |
| Description: Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414. | ||||
| Applies to: Unified Communications Manager |
Created: 2015-01-22 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-6383 |
Title: The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule. |
Type: Hardware |
Bulletins:
CVE-2014-6383 SFBID72071 |
Severity: Medium |
| Description: The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule. | ||||
| Applies to: |
Created: 2015-01-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-6382 |
Title: The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of... |
Type: Hardware |
Bulletins:
CVE-2014-6382 SFBID72070 |
Severity: High |
| Description: The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of service (jpppd crash and restart) by sending a crafted PAP Authenticate-Request after the PPPoE Discovery and LCP phase are complete. | ||||
| Applies to: |
Created: 2015-01-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-6384 |
Title: Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle... |
Type: Hardware |
Bulletins:
CVE-2014-6384 SFBID72077 |
Severity: Medium |
| Description: Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle double quotes in authorization attributes in the TACACS+ configuration, which allows local users to bypass the security policy and execute commands via unspecified vectors. | ||||
| Applies to: |
Created: 2015-01-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-6386 |
Title: Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 before 12.3R3, 13.1 before 13.1R4, and 13.2 before... |
Type: Hardware |
Bulletins:
CVE-2014-6386 SFBID72067 |
Severity: High |
| Description: Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 before 12.3R3, 13.1 before 13.1R4, and 13.2 before 13.2R1 allows remote attackers to cause a denial of service (assertion failure and rpd restart) via a crafted BGP FlowSpec prefix. | ||||
| Applies to: |
Created: 2015-01-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-6385 |
Title: Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1... |
Type: Hardware |
Bulletins:
CVE-2014-6385 SFBID72072 |
Severity: Medium |
| Description: Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R2, and 14.2 before 14.2R1 allows remote attackers to cause a denial of service (kernel crash and restart) via a crafted fragmented OSPFv3 packet with an IPsec Authentication Header (AH). | ||||
| Applies to: |
Created: 2015-01-16 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0582 |
Title: The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129. |
Type: Hardware |
Bulletins:
CVE-2015-0582 SFBID71979 |
Severity: Medium |
| Description: The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129. | ||||
| Applies to: |
Created: 2015-01-09 |
Updated: 2025-10-08 |
||
