CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-3735
https://notcve.org/view.php?id=CVE-2015-3735
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Vulnerabilidad en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 8.4.1 y en Safari en versiones anteriores a 6.2.8, 7.x en versiones anteriores a 7.1.8 y 8.x en versiones anteriores a 8.0.8, permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otras CVEs WebKit listadas en APPLE-SA-2015-08-13-1 y APPLE-SA-2105-08-13-3 • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html http://www.securityfocus.com/bid/76338 http://www.securitytracker.com/id/1033274 https://support.apple.com/HT205221 https://support.apple.com/kb/HT205030 https://support.apple.com/kb/HT205033 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-3748
https://notcve.org/view.php?id=CVE-2015-3748
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Vulnerabilidad en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 8.4.1 y en Safari en versiones anteriores a 6.2.8, 7.x versiones anteriores a 7.1.8 y 8.x versiones anteriores a 8.0.8, permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otras CVEs WebKit listadas en APPLE-SA-2015-08-13-1 y APPLE-SA-2105-08-13-3. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html http://www.securityfocus.com/bid/76338 http://www.securitytracker.com/id/1033274 http://www.ubuntu.com/usn/USN-2937-1 https://support.apple.com/HT205221 https://support.apple.com/kb/HT205030 https:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2015-3750
https://notcve.org/view.php?id=CVE-2015-3750
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream. Vulnerabilidad en WebKit en Apple Safari en versiones anteriores a 6.2.8, 7.x en versiones anteriores a 7.1.8 y 8.x en versiones anteriores a 8.0.8, tal como se utiliza en iOS en versiones anteriores a 8.4.1 y otros productos, no hace cumplir el mecanismo de protección HTTP Strict Trasnport Security (HSTS) para las peticiones de informes Content Security Policy (CSP), lo que permite a atacantes man-in-the-middle obtener información sensible rastreando la red o falsificando un informe mediante la modificación de la secuencia de datos cliente-servidor. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html http://www.securityfocus.com/bid/76341 http://www.securitytracker.com/id/1033274 https://support.apple.com/kb/HT205030 https://support.apple.com/kb/HT205033 • CWE-254: 7PK - Security Features •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-3743
https://notcve.org/view.php?id=CVE-2015-3743
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Vulnerabilidad en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 8.4.1 y en Safari en versiones anteriores a 6.2.8, 7.x en versiones anteriores a 7.1.8 y 8.x en versiones anteriores a 8.0.8, permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otras CVEs WebKit listadas en APPLE-SA-2015-08-13-1 y APPLE-SA-2105-08-13-3. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html http://www.securityfocus.com/bid/76338 http://www.securitytracker.com/id/1033274 http://www.ubuntu.com/usn/USN-2937-1 https://support.apple.com/HT205221 https://support.apple.com/kb/HT205030 https:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-3736
https://notcve.org/view.php?id=CVE-2015-3736
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Vulnerabilidad en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 8.4.1 y en Safari en versiones anteriores a 6.2.8, 7.x en versiones anteriores a 7.1.8 y 8.x en versiones anteriores a 8.0.8, permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otras CVEs WebKit listadas en APPLE-SA-2015-08-13-1 y APPLE-SA-2105-08-13-3 • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html http://www.securityfocus.com/bid/76338 http://www.securitytracker.com/id/1033274 https://support.apple.com/HT205221 https://support.apple.com/kb/HT205030 https://support.apple.com/kb/HT205033 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •