CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5819
https://notcve.org/view.php?id=CVE-2015-5819
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. Vulnerabilidad en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 9 y iTunes en versiones anteriores a 12.3, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otras CVEs WebKit listadas en APPLE-SA-2015-09-16-1 y APPLE-SA-2015-09-16-3. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html http://www.securityfocus.com/bid/76766 http://www.securitytracker.com/id/1033609 https://support.apple.com/HT205212 https://support.apple.com/HT205221 https://support.apple.com/HT205265 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5748
https://notcve.org/view.php?id=CVE-2015-5748
The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume. Vulnerabilidad en el kernel en Apple OS X en versiones anteriores a 10.10.5, no monta adecuadamente volúmenes HFS, lo que permite a usuarios locales causar una denegación de servicio a través de un volumen manipulado. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://www.securityfocus.com/bid/76340 http://www.securitytracker.com/id/1033276 https://support.apple.com/HT205212 https://support.apple.com/HT205213 https://support.apple.com/kb/HT205031 • CWE-17: DEPRECATED: Code •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2015-3660
https://notcve.org/view.php?id=CVE-2015-3660
Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content. Vulnerabilidad de XSS en la funcionalidad PDF en WebKit en Apple Safari anterior a 6.2.7, 7.x anterior a 7.1.7, y 8.x anterior a 8.0.7 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada en contenido PDF embebido. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html http://support.apple.com/kb/HT204950 http://www.securityfocus.com/bid/75494 http://www.securitytracker.com/id/1032754 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 1%CPEs: 24EXPL: 0CVE-2015-3658
https://notcve.org/view.php?id=CVE-2015-3658
The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site. La funcionalidad Page Loading en WebKit en Apple Safari anterior a 6.2.7, 7.x anterior a 7.1.7, y 8.x anterior a 8.0.7, utilizado en Apple iOS anterior a 8.4 y otros productos, no considera correctamente las redirecciones durante decisiones sobre el envío de una cabecera Origin, lo que facilita a atacantes remotos evadir los mecanismos de protección CSRF a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204950 http://www.securityfocus.com/bid/75492 http://www.securitytracker.com/id/1032754 http://www.ubuntu.com/usn/USN-2937-1 • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 0CVE-2015-3727 – WebKit WebSQL ALTER TABLE Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3727
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site. WebKit en Apple Safari anterior a 6.2.7, 7.x anterior a 7.1.7, y 8.x anterior a 8.0.7, utilizado en Apple iOS anterior a 8.4 y otros productos, no restringe correctamente las operaciones de renombramiento en las tablas WebSQL, lo que permite a atacantes remotos acceder a la base de datos de un sitio web arbitrario a través de un sitio web manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of WebSQL. The issue lies in the failure to properly utilize SQLite's authorization code. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204950 http://www.securityfocus.com/bid/75492 http://www.securitytracker.com/id/1032754 http://www.ubuntu.com/usn/USN-2937-1 • CWE-264: Permissions, Privileges, and Access Controls •