Page 157 of 1393 results (0.010 seconds)

CVSS: 2.1EPSS: 0%CPEs: 18EXPL: 0

The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries. La implementación private-browsing en WebKit en Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5 coloca el historial de navegación en un indice, lo que podría permitir a usuarios locales obtener información sensible mediante la lectura de las entradas de indices. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html http://www.securitytracker.com/id/1032047 http://www.ubuntu.com/usn/USN-2937-1 https://support.apple.com/HT204658 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 89%CPEs: 19EXPL: 0

WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors. WebKit, utilizado en Apple iOS anterior a 8.3 y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, no maneja correctamente el campo userinfo en las URLs FTP, lo que permite a atacantes remotos provocar el acceso a recursos incorrecto a través de vectores no especificados. A vulnerability exists in versions of OSX, iOS, and Windows Safari released before April 8, 2015 that allows the non-HTTPOnly cookies of any domain to be stolen. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://www.securitytracker.com/id/1032047 https://support.apple.com/HT204658 https://support.apple.com/HT204661 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0

Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site. Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5 no selecciona correctamente los certificados de clientes X.509, lo que facilita a atacantes remotos seguir usuarios a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://www.securitytracker.com/id/1032047 https://support.apple.com/HT204658 https://support.apple.com/HT205212 • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 0%CPEs: 19EXPL: 0

Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file. Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, utilizado en iOS anterior a 8.3 y otras plataformas, no elimina correctamente los datos del historial de navegación del fichero history.plist, lo que permite a atacantes obtener información sensible mediante la lectura de este fichero. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://www.securitytracker.com/id/1032047 https://support.apple.com/HT204658 https://support.apple.com/HT204661 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 2%CPEs: 21EXPL: 0

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. WebKit, utilizado en Apple iOS anterior a 8.3, Apple TV anterior a 7.2, y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, y APPLE-SA-2015-04-08-4. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html http://www.securityfocus.com/bid/73972 http://www.securitytracker.com/id/1032047 https://support.apple.com/HT204658 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https:// •