CVE-2015-1120
published 2015-04-10CVE-2015-1120: WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to…
PriorityP429medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
0.77%
73.9th percentile
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | apple_tv | — | — |
| apple | ios | — | — |
| apple | iphone_os | <= 8.2 | — |
| apple | itunes | <= 12.1 | — |
| apple | itunes | — | — |
| apple | safari | <= 6.2.4 | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari_8.0.5_safari_7.1.5_and_safari | — | — |
| apple | tvos | <= 7.1 | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
Ubuntu
WebKitGTK+ vulnerabilities
vendor_ubuntu·2016-03-21
CVE-2014-1748 WebKitGTK+ vulnerabilities
Title: WebKitGTK+ vulnerabilities
Summary: Several security issues were fixed in WebKitGTK+.
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany and Evolution, to make all the
necessary changes.
Apple
CVE-2015-1120: iOS 8.3
vendor_apple·CVSS 6.8
CVE-2015-1120 [MEDIUM] CVE-2015-1120: iOS 8.3
Apple Security Update: About the security content of iOS 8.3
Product: iOS
Version: 8.3
CVE: CVE-2015-1120
Component: CVE-2015-1076
Apple
CVE-2015-1120: iTunes 12.2
vendor_apple·CVSS 6.8
CVE-2015-1120 [MEDIUM] CVE-2015-1120: iTunes 12.2
Apple Security Update: About the security content of iTunes 12.2
Product: iTunes
Version: 12.2
CVE: CVE-2015-1120
Component: CVE-2015-1076
Apple
CVE-2015-1120: Apple TV 7.2
vendor_apple·CVSS 6.8
CVE-2015-1120 [MEDIUM] CVE-2015-1120: Apple TV 7.2
Apple Security Update: About the security content of Apple TV 7.2
Product: Apple TV
Version: 7.2
CVE: CVE-2015-1120
Component: CVE-2015-1076
Apple
CVE-2015-1120: Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5
vendor_apple·CVSS 6.8
CVE-2015-1120 [MEDIUM] CVE-2015-1120: Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5
Apple Security Update: About the security content of Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5
Product: Safari 8.0.5, Safari 7.1.5, and Safari
Version: 6.2.5
CVE: CVE-2015-1120
Component: CVE-ID
GHSA
GHSA-q79p-x366-w93x: WebKit, as used in Apple iOS before 8
ghsa_unreviewed·2022-05-14
CVE-2015-1120 [MEDIUM] GHSA-q79p-x366-w93x: WebKit, as used in Apple iOS before 8
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
OSV
CVE-2015-1120: WebKit, as used in Apple iOS before 8
osv·2015-04-10·CVSS 6.8
CVE-2015-1120 [MEDIUM] CVE-2015-1120: WebKit, as used in Apple iOS before 8
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2015/Jun/msg00006.htmlhttp://lists.opensuse.org/opensuse-updates/2016-03/msg00132.htmlhttp://www.securityfocus.com/bid/73972http://www.securitytracker.com/id/1032047http://www.ubuntu.com/usn/USN-2937-1https://support.apple.com/HT204658https://support.apple.com/HT204661https://support.apple.com/HT204662https://support.apple.com/kb/HT204949http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2015/Jun/msg00006.htmlhttp://lists.opensuse.org/opensuse-updates/2016-03/msg00132.htmlhttp://www.securityfocus.com/bid/73972http://www.securitytracker.com/id/1032047http://www.ubuntu.com/usn/USN-2937-1https://support.apple.com/HT204658https://support.apple.com/HT204661https://support.apple.com/HT204662https://support.apple.com/kb/HT204949
2015-04-10
Published