6.8

CVE-2015-3659

The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

Data is provided by the National Vulnerability Database (NVD)
AppleiPhone OS Version <= 8.3
ApplemacOS X Version <= 10.10.3
AppleSafari Version <= 6.2.6
AppleSafari Version7.0
AppleSafari Version7.0.1
AppleSafari Version7.0.2
AppleSafari Version7.0.3
AppleSafari Version7.0.4
AppleSafari Version7.0.5
AppleSafari Version7.0.6
AppleSafari Version7.1.0
AppleSafari Version7.1.1
AppleSafari Version7.1.2
AppleSafari Version7.1.3
AppleSafari Version7.1.4
AppleSafari Version7.1.5
AppleSafari Version7.1.6
AppleSafari Version8.0
AppleSafari Version8.0.1
AppleSafari Version8.0.2
AppleSafari Version8.0.3
AppleSafari Version8.0.4
AppleSafari Version8.0.5
AppleSafari Version8.0.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.11% 0.772
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P