CVE-2015-4000
- EPSS 99.86%
- Veröffentlicht 21.05.2015 00:59:00
- Zuletzt bearbeitet 27.05.2026 17:16:21
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a Clie...
CVE-2015-1156
- EPSS 1.63%
- Veröffentlicht 08.05.2015 00:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a ...
CVE-2015-1155
- EPSS 10.95%
- Veröffentlicht 08.05.2015 00:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.
CVE-2015-1153
- EPSS 3.13%
- Veröffentlicht 08.05.2015 00:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnera...
CVE-2015-1152
- EPSS 3.01%
- Veröffentlicht 08.05.2015 00:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnera...
CVE-2015-1129
- EPSS 0.97%
- Veröffentlicht 10.04.2015 14:59:42
- Zuletzt bearbeitet 06.05.2026 22:30:45
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.
CVE-2015-1126
- EPSS 9.96%
- Veröffentlicht 10.04.2015 14:59:39
- Zuletzt bearbeitet 06.05.2026 22:30:45
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified...
CVE-2015-1124
- EPSS 2.78%
- Veröffentlicht 10.04.2015 14:59:38
- Zuletzt bearbeitet 06.05.2026 22:30:45
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cra...
CVE-2015-1125
- EPSS 1.46%
- Veröffentlicht 10.04.2015 14:59:38
- Zuletzt bearbeitet 06.05.2026 22:30:45
The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.
CVE-2015-1123
- EPSS 2.18%
- Veröffentlicht 10.04.2015 14:59:37
- Zuletzt bearbeitet 06.05.2026 22:30:45
WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other Web...