160 results (0.008 seconds)

CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Se abordó un problema de lógica con una administración de estados mejorada. Este problema es corregido en iOS versión 15.3 y iPadOS versión 15.3, watchOS versión 8.4, tvOS versión 15.3, Safari versión 15.3, macOS Monterey versión 12.2. • https://security.gentoo.org/glsa/202208-39 https://support.apple.com/en-us/HT213053 https://support.apple.com/en-us/HT213054 https://support.apple.com/en-us/HT213057 https://support.apple.com/en-us/HT213058 https://support.apple.com/en-us/HT213059 https://access.redhat.com/security/cve/CVE-2022-22592 https://bugzilla.redhat.com/show_bug.cgi?id=2053185 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 7.5EPSS: 4%CPEs: 7EXPL: 0

Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file. Vulnerabilidad de doble liberación en Apple Pages v2.x anterior a v2.1 y v5.x anterior a v5.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de un fichero de Microsoft Word manipulado. • http://osvdb.org/102460 http://secunia.com/advisories/56615 http://secunia.com/advisories/56630 http://support.apple.com/kb/HT6117 http://support.apple.com/kb/HT6150 http://support.apple.com/kb/HT6162 http://www.securityfocus.com/bid/65113 http://www.securitytracker.com/id/1029683 https://exchange.xforce.ibmcloud.com/vulnerabilities/90672 • CWE-415: Double Free •

CVSS: 4.7EPSS: 0%CPEs: 48EXPL: 0

IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application. IOCatalogue en IOKitUser de Apple iOS (anteriores a v7) permite a atacantes causar una denegación de servicio (referencia a puntero nulo y cuelgue del dispositivo) a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 •

CVSS: 6.3EPSS: 0%CPEs: 48EXPL: 0

kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. kextd en Kext Management de Apple iOS (anteriores a v7) no verifica apropiadamente la autorización para mensajes IPC, lo que permite a usuarios locales (1) cargar o (2) descargar extensiones de kernel a través de mensajes manipulados. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.7EPSS: 0%CPEs: 48EXPL: 1

Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card. El Passcode Lock en Apple iOS para versiones anteriores a 7 no maneja adecuadamente el estado de bloqueo , lo que permite a atacantes físicos evitar la condicion de carrera afectando a llamadas y expulsión de tarjeta SIM • https://www.exploit-db.com/exploits/28978 http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •