CVSS: 5.5EPSS: 1%CPEs: 3EXPL: 0CVE-2015-5862 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5862
18 Sep 2015 — The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file. Vulnerabilidad en el componente Audio en Apple iOS en versiones anteriores a 9, permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un archivo de audio manipulado. OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5824 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5824
18 Sep 2015 — The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Vulnerabilidad en la implementación de NSURL en el componente CFNetwork SSL en Apple iOS en versiones anteriores a 9, no verifica adecuadamente los certificados X.509 de los servidores SSL después un cambio en el certificado, l... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5847 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5847
18 Sep 2015 — The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. Vulnerabilidad en el componente Disk Images en Apple iOS en versiones anteriores a 9, permite a usuarios locales ganar privilegios o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5841 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5841
18 Sep 2015 — The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. Vulnerabilidad en el componente CFNetwork Proxies en Apple iOS en versiones anteriores a 9, no maneja correctamente una cabecera Set-Cookie en una respuesta en una petición HTTP CONNECT, lo que permite a servidores proxy remotos realizar un ataque de cookie-injection a tra... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 0CVE-2015-5874 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2015-5874
18 Sep 2015 — CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. Vulnerabilidad en CoreText en Apple iOS en versiones anteriores a 9 y iTunes en versiones anteriores a 12.3, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo de fuente manipulado. iTunes 12.3 is now available and addresses code execution, applic... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5863 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5863
18 Sep 2015 — IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors. Vulnerabilidad en IOStorageFamily en Apple iOS en versiones anteriores a 9, no inicializa adecuadamente una estructura de datos no especificada, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de vectores desconocidos. OS X El Capitan 10.11 is now available and addres... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 12%CPEs: 9EXPL: 4CVE-2015-5522 – Debian Security Advisory 3309-1
https://notcve.org/view.php?id=CVE-2015-5522
20 Jul 2015 — Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. Desbordamiento de buffer basado en memoria dinámica en la función ParseValue en lexer.c en tidy en versiones anteriores a 4.9.31, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores implicando un carácter de comando en un href. Fernando Munoz discovered that HTML Tidy ... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 9%CPEs: 9EXPL: 3CVE-2015-5523 – Debian Security Advisory 3309-1
https://notcve.org/view.php?id=CVE-2015-5523
20 Jul 2015 — The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. Vulnerabilidad en la función ParseValue en lexer.c en tidy en versiones anteriores a 4.9.31, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores implicando múltiples espacios en blanco antes de un href vacío, lo que desencadena una asig... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 4%CPEs: 17EXPL: 0CVE-2015-1819 – libxml2: denial of service processing a crafted XML document
https://notcve.org/view.php?id=CVE-2015-1819
07 Jul 2015 — The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Vulnerabilidad en el xmlreader en libxml, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de datos XML manipulados, relacionada con un ataque XML Entity Expansión (XEE). A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 59%CPEs: 3EXPL: 3CVE-2014-8147 – ICU library 52 < 54 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-8147
05 May 2015 — The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. La función resolveImplicitLevels en common/ubidi.c en la implementación Unicode Bidirectional Algorithm en ICU4C en... • https://www.exploit-db.com/exploits/43887 • CWE-189: Numeric Errors •