Page 132 of 1278 results (0.024 seconds)

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. La implementación Page Loading en WebKit en Apple iOS en versiones anteriores a 9.3 y Safari en versiones anteriores a 9.1 no gestiona correctamente el codificado de caracteres durante el acceso a los datos cacheados, lo que permite a atacantes remotos eludir la Same Origin Policy y obtener información sensible a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html http://www.securityfocus.com/archive/1/537948/100/0/threaded http://www.securitytracker.com/id/1035353 https://support.apple.com/HT206166 https://support.apple.com/HT206171 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site. La funcionalidad Downloads en Apple Safari en versiones anteriores a 9.1 no gestiona correctamente la expansión de archivo, lo que permite a atacantes remotos causar un denegación de servicio a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html http://www.securityfocus.com/bid/85055 http://www.securitytracker.com/id/1035354 https://support.apple.com/HT206171 • CWE-19: Data Processing Errors •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog. Apple Safari en versiones anteriores a 9.1 permite a atacantes remotos suplantar la interfaz de usuario a través de una página web que introduce texto en un contexto manipulado, conduciendo al uso no intencionado de ese texto dentro de un diálogo de Safari. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html http://www.securityfocus.com/bid/85055 http://www.securitytracker.com/id/1035354 https://support.apple.com/HT206171 • CWE-19: Data Processing Errors •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site. WebKit en Apple iOS en versiones anteriores a 9.3 y Safari en versiones anteriores a 9.1 no restringe correctamente los redireccionamientos que especifican un número de puerto TCP, lo que permite a atacantes remotos eludir las restricciones de puerto previstas a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html http://www.securityfocus.com/archive/1/537948/100/0/threaded http://www.securitytracker.com/id/1035353 https://support.apple.com/HT206166 https://support.apple.com/HT206171 • CWE-284: Improper Access Control •

CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0

WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. WebKit en Apple iOS en versiones anteriores a 9.3, Safari en versiones anteriores a 9.1 y tvOS en versiones anteriores a 9.2 permite a atacantes remotos ejecutar código arbitrario o causar un denegación de servicio (corrupción de memoria) a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html http://www.securityfocus.com/archive/1/537948/100/0/threaded http://www.securitytracker.com/id/1035353 https://support.apple.com/HT206166 https://support.apple.com/HT206169 https://support.apple.com/HT206171 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •