CVSS: 6.8EPSS: 4%CPEs: 21EXPL: 0CVE-2015-1122
https://notcve.org/view.php?id=CVE-2015-1122
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. WebKit, utilizado en Apple iOS anterior a 8.3, Apple TV anterior a 7.2, y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, y APPLE-SA-2015-04-08-4. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html http://www.securityfocus.com/bid/73972 http://www.securitytracker.com/id& •
CVSS: 6.8EPSS: 3%CPEs: 21EXPL: 0CVE-2015-1121
https://notcve.org/view.php?id=CVE-2015-1121
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. WebKit, utilizado en Apple iOS anterior a 8.3, Apple TV anterior a 7.2, y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, y APPLE-SA-2015-04-08-4. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://www.securityfocus.com/bid/73972 http://www.securitytracker.com/id/1032047 https://support.apple.com/HT204658 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https:// •
CVSS: 5.0EPSS: 0%CPEs: 19EXPL: 0CVE-2015-1112
https://notcve.org/view.php?id=CVE-2015-1112
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file. Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, utilizado en iOS anterior a 8.3 y otras plataformas, no elimina correctamente los datos del historial de navegación del fichero history.plist, lo que permite a atacantes obtener información sensible mediante la lectura de este fichero. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://www.securitytracker.com/id/1032047 https://support.apple.com/HT204658 https://support.apple.com/HT204661 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 18EXPL: 0CVE-2015-1127
https://notcve.org/view.php?id=CVE-2015-1127
The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries. La implementación private-browsing en WebKit en Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5 coloca el historial de navegación en un indice, lo que podría permitir a usuarios locales obtener información sensible mediante la lectura de las entradas de indices. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html http://www.securitytracker.com/id/1032047 http://www.ubuntu.com/usn/USN-2937-1 https://support.apple.com/HT204658 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2015-1129
https://notcve.org/view.php?id=CVE-2015-1129
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site. Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5 no selecciona correctamente los certificados de clientes X.509, lo que facilita a atacantes remotos seguir usuarios a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://www.securitytracker.com/id/1032047 https://support.apple.com/HT204658 https://support.apple.com/HT205212 • CWE-310: Cryptographic Issues •