Page 150 of 1351 results (0.008 seconds)

CVSS: 4.3EPSS: 91%CPEs: 19EXPL: 0

CVE-2015-1126 – Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft

https://notcve.org/view.php?id=CVE-2015-1126

WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors. WebKit, utilizado en Apple iOS anterior a 8.3 y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, no maneja correctamente el campo userinfo en las URLs FTP, lo que permite a atacantes remotos provocar el acceso a recursos incorrecto a través de vectores no especificados. A vulnerability exists in versions of OSX, iOS, and Windows Safari released before April 8, 2015 that allows the non-HTTPOnly cookies of any domain to be stolen. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://www.securitytracker.com/id/1032047 https://support.apple.com/HT204658 https://support.apple.com/HT204661 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 18EXPL: 0

CVE-2015-1128

https://notcve.org/view.php?id=CVE-2015-1128

The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests. La implementación private-browsing en Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5 permite a atacantes obtener información sensible del historial de navegación a través de vectores que involucran solicitudes 'push-notification'. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://www.securitytracker.com/id/1032047 https://support.apple.com/HT204658 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 3%CPEs: 21EXPL: 0

CVE-2015-1124

https://notcve.org/view.php?id=CVE-2015-1124

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. WebKit, utilizado en Apple iOS anterior a 8.3, Apple TV anterior a 7.2, y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, y APPLE-SA-2015-04-08-4. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://www.securityfocus.com/bid/73972 http://www.securitytracker.com/id/1032047 https://support.apple.com/HT204658 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https:// •

CVSS: 6.8EPSS: 3%CPEs: 21EXPL: 0

CVE-2015-1119

https://notcve.org/view.php?id=CVE-2015-1119

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. WebKit, utilizado en Apple iOS anterior a 8.3, Apple TV anterior a 7.2, y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, y APPLE-SA-2015-04-08-4. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://www.securityfocus.com/bid/73972 http://www.securitytracker.com/id/1032047 https://support.apple.com/HT204658 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https:// •

CVSS: 6.8EPSS: 4%CPEs: 21EXPL: 0

CVE-2015-1120

https://notcve.org/view.php?id=CVE-2015-1120

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. WebKit, utilizado en Apple iOS anterior a 8.3, Apple TV anterior a 7.2, y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, y APPLE-SA-2015-04-08-4. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html http://www.securityfocus.com/bid/73972 http://www.securitytracker.com/id/1032047 http://www.ubuntu.com/usn/USN-2937-1 https:/ •