CVE-2015-1153
published 2015-05-08CVE-2015-1153: WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of…
PriorityP432medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
2.64%
86.0th percentile
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | <= 8.3 | — |
| apple | itunes | <= 12.2 | — |
| apple | itunes | <= 12.1 | — |
| apple | itunes | — | — |
| apple | itunes | — | — |
| apple | safari | <= 6.2.5 | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
Ubuntu
WebKitGTK+ vulnerabilities
vendor_ubuntu·2016-03-21
CVE-2014-1748 WebKitGTK+ vulnerabilities
Title: WebKitGTK+ vulnerabilities
Summary: Several security issues were fixed in WebKitGTK+.
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany and Evolution, to make all the
necessary changes.
Apple
CVE-2015-1153: iTunes 12.3
vendor_apple·CVSS 6.8
CVE-2015-1153 [MEDIUM] CVE-2015-1153: iTunes 12.3
Apple Security Update: About the security content of iTunes 12.3
Product: iTunes
Version: 12.3
CVE: CVE-2015-1153
Component: CVE-ID
Apple
CVE-2015-1153: iOS 8.4
vendor_apple·CVSS 6.8
CVE-2015-1153 [MEDIUM] CVE-2015-1153: iOS 8.4
Apple Security Update: About the security content of iOS 8.4
Product: iOS
Version: 8.4
CVE: CVE-2015-1153
Component: CVE-ID
Apple
CVE-2015-1153: iTunes 12.2
vendor_apple·CVSS 6.8
CVE-2015-1153 [MEDIUM] CVE-2015-1153: iTunes 12.2
Apple Security Update: About the security content of iTunes 12.2
Product: iTunes
Version: 12.2
CVE: CVE-2015-1153
Component: CVE-2015-1153
Apple
CVE-2015-1153: Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6
vendor_apple·CVSS 6.8
CVE-2015-1153 [MEDIUM] CVE-2015-1153: Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6
Apple Security Update: About the security content of Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6
Product: Safari 8.0.6, Safari 7.1.6, and Safari
Version: 6.2.6
CVE: CVE-2015-1153
Component: CVE-ID
GHSA
GHSA-xr42-288c-hwmj: WebKit, as used in Apple Safari before 6
ghsa_unreviewed·2022-05-17·CVSS 6.8
CVE-2015-1152 [MEDIUM] GHSA-xr42-288c-hwmj: WebKit, as used in Apple Safari before 6
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154.
GHSA
GHSA-cj7g-46rv-89r4: WebKit, as used in Apple Safari before 6
ghsa_unreviewed·2022-05-17·CVSS 6.8
CVE-2015-1153 [MEDIUM] GHSA-cj7g-46rv-89r4: WebKit, as used in Apple Safari before 6
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154.
GHSA
GHSA-vpw8-6fwj-h438: WebKit, as used in Apple Safari before 6
ghsa_unreviewed·2022-05-17·CVSS 6.8
CVE-2015-1154 [MEDIUM] GHSA-vpw8-6fwj-h438: WebKit, as used in Apple Safari before 6
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153.
OSV
CVE-2015-1152: WebKit, as used in Apple Safari before 6
osv·2015-05-08·CVSS 6.8
CVE-2015-1152 [MEDIUM] CVE-2015-1152: WebKit, as used in Apple Safari before 6
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154.
OSV
CVE-2015-1154: WebKit, as used in Apple Safari before 6
osv·2015-05-08·CVSS 6.8
CVE-2015-1154 [MEDIUM] CVE-2015-1154: WebKit, as used in Apple Safari before 6
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153.
OSV
CVE-2015-1153: WebKit, as used in Apple Safari before 6
osv·2015-05-07·CVSS 6.8
CVE-2015-1153 [MEDIUM] CVE-2015-1153: WebKit, as used in Apple Safari before 6
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2015/Jun/msg00006.htmlhttp://lists.apple.com/archives/security-announce/2015/May/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlhttp://lists.opensuse.org/opensuse-updates/2016-03/msg00132.htmlhttp://support.apple.com/kb/HT204941http://www.securityfocus.com/bid/74523http://www.securitytracker.com/id/1032270http://www.ubuntu.com/usn/USN-2937-1https://support.apple.com/HT204826https://support.apple.com/HT205221https://support.apple.com/kb/HT204949http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2015/Jun/msg00006.htmlhttp://lists.apple.com/archives/security-announce/2015/May/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlhttp://lists.opensuse.org/opensuse-updates/2016-03/msg00132.htmlhttp://support.apple.com/kb/HT204941http://www.securityfocus.com/bid/74523http://www.securitytracker.com/id/1032270http://www.ubuntu.com/usn/USN-2937-1https://support.apple.com/HT204826https://support.apple.com/HT205221https://support.apple.com/kb/HT204949
2015-05-08
Published