CVE-2015-1126 – Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft
https://notcve.org/view.php?id=CVE-2015-1126
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors. WebKit, utilizado en Apple iOS anterior a 8.3 y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, no maneja correctamente el campo userinfo en las URLs FTP, lo que permite a atacantes remotos provocar el acceso a recursos incorrecto a través de vectores no especificados. A vulnerability exists in versions of OSX, iOS, and Windows Safari released before April 8, 2015 that allows the non-HTTPOnly cookies of any domain to be stolen. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://www.securitytracker.com/id/1032047 https://support.apple.com/HT204658 https://support.apple.com/HT204661 • CWE-20: Improper Input Validation •
CVE-2015-1077
https://notcve.org/view.php?id=CVE-2015-1077
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. WebKit, usado en Apple Safari anterior a 6.2.4, 7.x anterior a 7.1.4, y 8.x anterior a 8.0.4, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web modificado, una vulnerabilidad diferente de otros CVEs listados en APPLE-SA-2015-03-17-1. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html http://www.securitytracker.com/id/1031936 https://support.apple.com/HT204560 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https://support.apple.com/kb/HT204949 • CWE-399: Resource Management Errors •
CVE-2015-1068
https://notcve.org/view.php?id=CVE-2015-1068
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. WebKit, utilizado en Apple Safari anterior a 6.2.4, 7.x anterior a 7.1.4, y 8.x anterior a 8.0.4, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs listados en APPLE-SA-2015-03-17-1. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html http://www.securitytracker.com/id/1031936 https://support.apple.com/HT204560 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https://support.apple.com/kb/HT204949 • CWE-399: Resource Management Errors •
CVE-2015-1071
https://notcve.org/view.php?id=CVE-2015-1071
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. WebKit, utilizado en Apple Safari anterior a 6.2.4, 7.x anterior a 7.1.4, y 8.x anterior a 8.0.4, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs listados en APPLE-SA-2015-03-17-1. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html http://www.securitytracker.com/id/1031936 http://www.ubuntu.com/usn/USN-2937-1 https://support.apple.com/HT204560 https://support • CWE-399: Resource Management Errors •
CVE-2015-1074
https://notcve.org/view.php?id=CVE-2015-1074
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. WebKit, utilizado en Apple Safari anterior a 6.2.4, 7.x anterior a 7.1.4, y 8.x anterior a 8.0.4, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria o caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs listados en APPLE-SA-2015-03-17-1. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html http://www.securitytracker.com/id/1031936 https://support.apple.com/HT204560 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https://support.apple.com/kb/HT204949 • CWE-399: Resource Management Errors •