CVE-2015-5931
published 2015-10-23CVE-2015-5931: WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory…
medium6.8CVSS 3.1
AVNACMAuNCPIPAP
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | itunes | <= 12.3.0 | — |
| apple | itunes | — | — |
| apple | safari | <= 9.0 | — |
| apple | safari | — | — |
CVSS provenance
nvd6.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
Apple
CVE-2015-7002: iTunes 12.3.1
vendor_apple·CVSS 6.8
CVE-2015-7002 [MEDIUM] CVE-2015-7002: iTunes 12.3.1
Apple Security Update: About the security content of iTunes 12.3.1
Product: iTunes
Version: 12.3.1
CVE: CVE-2015-7002
Component: CVE-2015-5931
Apple
CVE-2015-7011: iTunes 12.3.1
vendor_apple·CVSS 6.8
CVE-2015-7011 [MEDIUM] CVE-2015-7011: iTunes 12.3.1
Apple Security Update: About the security content of iTunes 12.3.1
Product: iTunes
Version: 12.3.1
CVE: CVE-2015-7011
Component: CVE-2015-5931
Apple
CVE-2015-7002: Safari 9.0.1
vendor_apple·CVSS 6.8
CVE-2015-7002 [MEDIUM] CVE-2015-7002: Safari 9.0.1
Apple Security Update: About the security content of Safari 9.0.1
Product: Safari
Version: 9.0.1
CVE: CVE-2015-7002
Component: CVE-2015-5931
Apple
CVE-2015-5931: iTunes 12.3.1
vendor_apple·CVSS 6.8
CVE-2015-5931 [MEDIUM] CVE-2015-5931: iTunes 12.3.1
Apple Security Update: About the security content of iTunes 12.3.1
Product: iTunes
Version: 12.3.1
CVE: CVE-2015-5931
Component: CVE-2015-5931
Apple
CVE-2015-7012: iTunes 12.3.1
vendor_apple·CVSS 6.8
CVE-2015-7012 [MEDIUM] CVE-2015-7012: iTunes 12.3.1
Apple Security Update: About the security content of iTunes 12.3.1
Product: iTunes
Version: 12.3.1
CVE: CVE-2015-7012
Component: CVE-2015-5931
Apple
CVE-2015-7013: iTunes 12.3.1
vendor_apple·CVSS 6.8
CVE-2015-7013 [MEDIUM] CVE-2015-7013: iTunes 12.3.1
Apple Security Update: About the security content of iTunes 12.3.1
Product: iTunes
Version: 12.3.1
CVE: CVE-2015-7013
Component: CVE-2015-5931
Apple
CVE-2015-7011: Safari 9.0.1
vendor_apple·CVSS 6.8
CVE-2015-7011 [MEDIUM] CVE-2015-7011: Safari 9.0.1
Apple Security Update: About the security content of Safari 9.0.1
Product: Safari
Version: 9.0.1
CVE: CVE-2015-7011
Component: CVE-2015-5931
Apple
CVE-2015-7012: Safari 9.0.1
vendor_apple·CVSS 6.8
CVE-2015-7012 [MEDIUM] CVE-2015-7012: Safari 9.0.1
Apple Security Update: About the security content of Safari 9.0.1
Product: Safari
Version: 9.0.1
CVE: CVE-2015-7012
Component: CVE-2015-5931
Apple
CVE-2015-7013: Safari 9.0.1
vendor_apple·CVSS 6.8
CVE-2015-7013 [MEDIUM] CVE-2015-7013: Safari 9.0.1
Apple Security Update: About the security content of Safari 9.0.1
Product: Safari
Version: 9.0.1
CVE: CVE-2015-7013
Component: CVE-2015-5931
Apple
CVE-2015-5931: Safari 9.0.1
vendor_apple·CVSS 6.8
CVE-2015-5931 [MEDIUM] CVE-2015-5931: Safari 9.0.1
Apple Security Update: About the security content of Safari 9.0.1
Product: Safari
Version: 9.0.1
CVE: CVE-2015-5931
Component: CVE-2015-5931
GHSA
GHSA-6w8p-2vvx-465g: WebKit, as used in Apple Safari before 9
ghsa_unreviewed·2022-05-17
CVE-2015-5931 [MEDIUM] CWE-119 GHSA-6w8p-2vvx-465g: WebKit, as used in Apple Safari before 9
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
OSV
CVE-2015-5931: WebKit, as used in Apple Safari before 9
osv·2015-10-23·CVSS 6.8
CVE-2015-5931 [MEDIUM] CVE-2015-5931: WebKit, as used in Apple Safari before 9
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.htmlhttp://lists.apple.com/archives/security-announce/2015/Oct/msg00006.htmlhttp://lists.opensuse.org/opensuse-updates/2016-03/msg00054.htmlhttp://www.securityfocus.com/bid/77264http://www.securitytracker.com/id/1033939https://support.apple.com/HT205372https://support.apple.com/HT205377http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.htmlhttp://lists.apple.com/archives/security-announce/2015/Oct/msg00006.htmlhttp://lists.opensuse.org/opensuse-updates/2016-03/msg00054.htmlhttp://www.securityfocus.com/bid/77264http://www.securitytracker.com/id/1033939https://support.apple.com/HT205372https://support.apple.com/HT205377
2015-10-23
Published