CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-3755
https://notcve.org/view.php?id=CVE-2015-3755
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL. Vulnerabilidad en WebKit en Apple Safari en versiones anteriores a 6.2.8, 7.x en versiones anteriores a 7.1.8 y 8.x en versiones anteriores a 8.0.8, tal como se utiliza en iOS en versiónes anteriores a 8.4.1 y otros productos, permite a atacantes remotos falsificar la interfaz de usuario a través de una dirección URL mal formada. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html http://www.securityfocus.com/bid/76344 http://www.securitytracker.com/id/1033274 https://support.apple.com/kb/HT205030 https://support.apple.com/kb/HT205033 • CWE-254: 7PK - Security Features •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-3736
https://notcve.org/view.php?id=CVE-2015-3736
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Vulnerabilidad en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 8.4.1 y en Safari en versiones anteriores a 6.2.8, 7.x en versiones anteriores a 7.1.8 y 8.x en versiones anteriores a 8.0.8, permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otras CVEs WebKit listadas en APPLE-SA-2015-08-13-1 y APPLE-SA-2105-08-13-3 • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html http://www.securityfocus.com/bid/76338 http://www.securitytracker.com/id/1033274 https://support.apple.com/HT205221 https://support.apple.com/kb/HT205030 https://support.apple.com/kb/HT205033 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-3730
https://notcve.org/view.php?id=CVE-2015-3730
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Vulnerabilidad en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 8.4.1 y en Safari en versiones anteriores a 6.2.8, 7.x en versiones anteriores a 7.1.8 y 8.x en versiones anteriores a 8.0.8, permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otras CVEs WebKit listadas en APPLE-SA-2015-08-13-1 y APPLE-SA-2105-08-13-3 • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html http://www.securityfocus.com/bid/76338 http://www.securitytracker.com/id/1033274 https://support.apple.com/HT205221 https://support.apple.com/kb/HT205030 https://support.apple.com/kb/HT205033 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-3731
https://notcve.org/view.php?id=CVE-2015-3731
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Vulnerabilidad en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 8.4.1 y en Safari en versiones anteriores a 6.2.8, 7.x en versiones anteriores a 7.1.8 y 8.x en versiones anteriores a 8.0.8, permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otras CVEs WebKit listadas en APPLE-SA-2015-08-13-1 y APPLE-SA-2105-08-13-3 • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html http://www.securityfocus.com/bid/76338 http://www.securitytracker.com/id/1033274 http://www.ubuntu.com/usn/USN-2937-1 https://support.apple.com/HT205221 https://support.apple.com/kb/HT205030 https:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2015-3660
https://notcve.org/view.php?id=CVE-2015-3660
Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content. Vulnerabilidad de XSS en la funcionalidad PDF en WebKit en Apple Safari anterior a 6.2.7, 7.x anterior a 7.1.7, y 8.x anterior a 8.0.7 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada en contenido PDF embebido. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html http://support.apple.com/kb/HT204950 http://www.securityfocus.com/bid/75494 http://www.securitytracker.com/id/1032754 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •