CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22592 – webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
https://notcve.org/view.php?id=CVE-2022-22592
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Se abordó un problema de lógica con una administración de estados mejorada. Este problema es corregido en iOS versión 15.3 y iPadOS versión 15.3, watchOS versión 8.4, tvOS versión 15.3, Safari versión 15.3, macOS Monterey versión 12.2. • https://security.gentoo.org/glsa/202208-39 https://support.apple.com/en-us/HT213053 https://support.apple.com/en-us/HT213054 https://support.apple.com/en-us/HT213057 https://support.apple.com/en-us/HT213058 https://support.apple.com/en-us/HT213059 https://access.redhat.com/security/cve/CVE-2022-22592 https://bugzilla.redhat.com/show_bug.cgi?id=2053185 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5151
https://notcve.org/view.php?id=CVE-2013-5151
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. Vulnerabilidad en Mobile Safari de Apple iOS anterior a la versión 7 no previene la interpretación HTML de un documento servido con un tipo de contenido text/plain, lo que permite a atacantes remotos realizar ataques XSS mediante la subida de un archivo. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5152
https://notcve.org/view.php?id=CVE-2013-5152
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. Vulnerabilidad en Mobile Safari de Apple iOS anterior a la versión 7 permite a atacantes remotos falsificar la barra de direcciones a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5142
https://notcve.org/view.php?id=CVE-2013-5142
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API. El kernel en Apple IOS anterior a v7 no inicializa estructuras de datos del kernel no especificadas, lo que permite a usuarios locales obtener información sensible desde la pila del kernel mediante las APIs msgctl y segctl. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5155
https://notcve.org/view.php?id=CVE-2013-5155
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random. El subsistema Sandbox en versiones anteriores a Apple IOS 7 permite a los atacantes provocar una denegación de servicio (bucle infinito) a través de una aplicación que escriba valores manipulados en /dev/random. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-20: Improper Input Validation •