CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22592 – webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
https://notcve.org/view.php?id=CVE-2022-22592
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Se abordó un problema de lógica con una administración de estados mejorada. Este problema es corregido en iOS versión 15.3 y iPadOS versión 15.3, watchOS versión 8.4, tvOS versión 15.3, Safari versión 15.3, macOS Monterey versión 12.2. • https://security.gentoo.org/glsa/202208-39 https://support.apple.com/en-us/HT213053 https://support.apple.com/en-us/HT213054 https://support.apple.com/en-us/HT213057 https://support.apple.com/en-us/HT213058 https://support.apple.com/en-us/HT213059 https://access.redhat.com/security/cve/CVE-2022-22592 https://bugzilla.redhat.com/show_bug.cgi?id=2053185 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.5EPSS: 4%CPEs: 7EXPL: 0CVE-2014-1252
https://notcve.org/view.php?id=CVE-2014-1252
Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file. Vulnerabilidad de doble liberación en Apple Pages v2.x anterior a v2.1 y v5.x anterior a v5.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de un fichero de Microsoft Word manipulado. • http://osvdb.org/102460 http://secunia.com/advisories/56615 http://secunia.com/advisories/56630 http://support.apple.com/kb/HT6117 http://support.apple.com/kb/HT6150 http://support.apple.com/kb/HT6162 http://www.securityfocus.com/bid/65113 http://www.securitytracker.com/id/1029683 https://exchange.xforce.ibmcloud.com/vulnerabilities/90672 • CWE-415: Double Free •
CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5151
https://notcve.org/view.php?id=CVE-2013-5151
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. Vulnerabilidad en Mobile Safari de Apple iOS anterior a la versión 7 no previene la interpretación HTML de un documento servido con un tipo de contenido text/plain, lo que permite a atacantes remotos realizar ataques XSS mediante la subida de un archivo. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5152
https://notcve.org/view.php?id=CVE-2013-5152
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. Vulnerabilidad en Mobile Safari de Apple iOS anterior a la versión 7 permite a atacantes remotos falsificar la barra de direcciones a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5142
https://notcve.org/view.php?id=CVE-2013-5142
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API. El kernel en Apple IOS anterior a v7 no inicializa estructuras de datos del kernel no especificadas, lo que permite a usuarios locales obtener información sensible desde la pila del kernel mediante las APIs msgctl y segctl. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •