CVE-2015-7097
published 2015-12-11CVE-2015-7097: WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory…
PriorityP430medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.09%
78.3th percentile
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | <= 9.1 | — |
| apple | itunes | — | — |
| apple | safari | <= 9.0.1 | — |
| apple | safari | — | — |
| apple | tvos | <= 9.0 | — |
| apple | tvos | — | — |
| debian | webkit2gtk | < webkit2gtk 2.10.5-1 (bookworm) | webkit2gtk 2.10.5-1 (bookworm) |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
GHSA
GHSA-hfj6-37rw-7322: WebKit in Apple iOS before 9
ghsa_unreviewed·2022-05-14·CVSS 6.8
CVE-2015-7048 [MEDIUM] CWE-119 GHSA-hfj6-37rw-7322: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
GHSA
GHSA-fm76-6855-5xp2: WebKit in Apple iOS before 9
ghsa_unreviewed·2022-05-14·CVSS 6.8
CVE-2015-7101 [MEDIUM] CWE-119 GHSA-fm76-6855-5xp2: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7102, and CVE-2015-7103.
GHSA
GHSA-wpv9-xpxj-93jv: WebKit in Apple iOS before 9
ghsa_unreviewed·2022-05-14·CVSS 6.8
CVE-2015-7098 [MEDIUM] CWE-119 GHSA-wpv9-xpxj-93jv: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
GHSA
GHSA-6p9m-2xm6-mvv4: WebKit in Apple iOS before 9
ghsa_unreviewed·2022-05-14·CVSS 6.8
CVE-2015-7103 [MEDIUM] CWE-119 GHSA-6p9m-2xm6-mvv4: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7102.
GHSA
GHSA-qfpf-x2q6-jr4v: WebKit in Apple iOS before 9
ghsa_unreviewed·2022-05-14·CVSS 6.8
CVE-2015-7097 [MEDIUM] CWE-119 GHSA-qfpf-x2q6-jr4v: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
GHSA
GHSA-8972-q8q9-hm5c: WebKit in Apple iOS before 9
ghsa_unreviewed·2022-05-14·CVSS 6.8
CVE-2015-7099 [MEDIUM] CWE-119 GHSA-8972-q8q9-hm5c: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
GHSA
GHSA-xh27-gh58-w45h: WebKit in Apple iOS before 9
ghsa_unreviewed·2022-05-14·CVSS 6.8
CVE-2015-7102 [MEDIUM] CWE-119 GHSA-xh27-gh58-w45h: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7103.
GHSA
GHSA-q877-3rxh-hr7f: WebKit in Apple iOS before 9
ghsa_unreviewed·2022-05-14·CVSS 6.8
CVE-2015-7095 [MEDIUM] CWE-119 GHSA-q877-3rxh-hr7f: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
GHSA
GHSA-vjjx-869w-gg2x: WebKit in Apple iOS before 9
ghsa_unreviewed·2022-05-14·CVSS 6.8
CVE-2015-7096 [MEDIUM] CWE-119 GHSA-vjjx-869w-gg2x: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
GHSA
GHSA-rprg-7vrp-gxwg: WebKit in Apple iOS before 9
ghsa_unreviewed·2022-05-14·CVSS 6.8
CVE-2015-7100 [MEDIUM] CWE-119 GHSA-rprg-7vrp-gxwg: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
OSV
CVE-2015-7099: WebKit in Apple iOS before 9
osv·2015-12-11·CVSS 6.8
CVE-2015-7099 [MEDIUM] CVE-2015-7099: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
OSV
CVE-2015-7098: WebKit in Apple iOS before 9
osv·2015-12-11·CVSS 6.8
CVE-2015-7098 [MEDIUM] CVE-2015-7098: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
OSV
CVE-2015-7103: WebKit in Apple iOS before 9
osv·2015-12-11·CVSS 6.8
CVE-2015-7103 [MEDIUM] CVE-2015-7103: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7102.
OSV
CVE-2015-7095: WebKit in Apple iOS before 9
osv·2015-12-11·CVSS 6.8
CVE-2015-7095 [MEDIUM] CVE-2015-7095: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
OSV
CVE-2015-7102: WebKit in Apple iOS before 9
osv·2015-12-11·CVSS 6.8
CVE-2015-7102 [MEDIUM] CVE-2015-7102: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7103.
OSV
CVE-2015-7096: WebKit in Apple iOS before 9
osv·2015-12-11·CVSS 6.8
CVE-2015-7096 [MEDIUM] CVE-2015-7096: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
OSV
CVE-2015-7097: WebKit in Apple iOS before 9
osv·2015-12-11·CVSS 6.8
CVE-2015-7097 [MEDIUM] CVE-2015-7097: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
OSV
CVE-2015-7101: WebKit in Apple iOS before 9
osv·2015-12-11·CVSS 6.8
CVE-2015-7101 [MEDIUM] CVE-2015-7101: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7102, and CVE-2015-7103.
OSV
CVE-2015-7048: WebKit in Apple iOS before 9
osv·2015-12-11·CVSS 6.8
CVE-2015-7048 [MEDIUM] CVE-2015-7048: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
OSV
CVE-2015-7100: WebKit in Apple iOS before 9
osv·2015-12-11·CVSS 6.8
CVE-2015-7100 [MEDIUM] CVE-2015-7100: WebKit in Apple iOS before 9
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
Debian
CVE-2015-7096: webkit2gtk - WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows ...
vendor_debian·2015·CVSS 6.8
CVE-2015-7096 [MEDIUM] CVE-2015-7096: webkit2gtk - WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows ...
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
Scope: local
bookworm: resolved (fixed in 2.10.5-1)
bullseye: resolved (fixed in 2.10.5-1)
forky: resolved (fixed in 2.10.5-1)
sid: resolved (fixed in 2.10.5-1)
trixie: resolved (fixed in 2.10.5-1)
Debian
CVE-2015-7098: webkit2gtk - WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows ...
vendor_debian·2015·CVSS 6.8
CVE-2015-7098 [MEDIUM] CVE-2015-7098: webkit2gtk - WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows ...
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
Scope: local
bookworm: resolved (fixed in 2.10.5-1)
bullseye: resolved (fixed in 2.10.5-1)
forky: resolved (fixed in 2.10.5-1)
sid: resolved (fixed in 2.10.5-1)
trixie: resolved (fixed in 2.10.5-1)
Apple
CVE-2015-7097: Safari 9.0.2
vendor_apple·CVSS 6.8
CVE-2015-7097 [MEDIUM] CVE-2015-7097: Safari 9.0.2
Apple Security Update: About the security content of Safari 9.0.2
Product: Safari
Version: 9.0.2
CVE: CVE-2015-7097
Component: CVE-ID
Apple
CVE-2015-7097: iOS 9.2
vendor_apple·CVSS 6.8
CVE-2015-7097 [MEDIUM] CVE-2015-7097: iOS 9.2
Apple Security Update: About the security content of iOS 9.2
Product: iOS
Version: 9.2
CVE: CVE-2015-7097
Component: CVE-ID
Apple
CVE-2015-7097: tvOS 9.1
vendor_apple·CVSS 6.8
CVE-2015-7097 [MEDIUM] CVE-2015-7097: tvOS 9.1
Apple Security Update: About the security content of tvOS 9.1
Product: tvOS
Version: 9.1
CVE: CVE-2015-7097
Component: CVE-ID
Apple
CVE-2015-7097: iTunes 12.3.2
vendor_apple·CVSS 6.8
CVE-2015-7097 [MEDIUM] CVE-2015-7097: iTunes 12.3.2
Apple Security Update: About the security content of iTunes 12.3.2
Product: iTunes
Version: 12.3.2
CVE: CVE-2015-7097
Component: CVE-ID
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2015/Dec/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2015/Dec/msg00003.htmlhttp://lists.opensuse.org/opensuse-updates/2016-03/msg00054.htmlhttp://www.securityfocus.com/bid/78720http://www.securitytracker.com/id/1034341https://support.apple.com/HT205635https://support.apple.com/HT205639https://support.apple.com/HT205640https://support.apple.com/kb/HT205636http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2015/Dec/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2015/Dec/msg00003.htmlhttp://lists.opensuse.org/opensuse-updates/2016-03/msg00054.htmlhttp://www.securityfocus.com/bid/78720http://www.securitytracker.com/id/1034341https://support.apple.com/HT205635https://support.apple.com/HT205639https://support.apple.com/HT205640https://support.apple.com/kb/HT205636
2015-12-11
Published