CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2015-5928 – Apple Security Advisory 2015-10-21-3
https://notcve.org/view.php?id=CVE-2015-5928
21 Oct 2015 — WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. WebKit, como se utiliza en Apple iOS en versiones anteriores a 9.1, Safari en versiones anteriores a 9.0.1 y iTunes en versiones anteriores a 12.3.... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5929 – Apple Security Advisory 2015-10-21-3
https://notcve.org/view.php?id=CVE-2015-5929
21 Oct 2015 — WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. WebKit, como se utiliza en Apple iOS en versiones anteriores a 9.1, Safari en versiones anteriores a 9.0.1 y iTunes en versiones anteriores a 12.3.... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5930 – Apple Security Advisory 2015-10-21-3
https://notcve.org/view.php?id=CVE-2015-5930
21 Oct 2015 — WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. WebKit, como se utiliza en Apple iOS en versiones anteriores a 9.1, Safari en versiones anteriores a 9.0.1 y iTunes en versiones anteriores a 12.3.... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6983 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-6983
21 Oct 2015 — Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors. Vulnerabilidad de liberación doble en Apple iOS en versiones anteriores a 9.1 y OS X en versiones anteriores a 10.11.1 permite a atacantes escribir en archivos arbitrarios a través de una aplicación manipulada que accede a descriptores AtomicBufferedFile. iOS 9.1 is now available and addresses arbitrary code execution, cookies ... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6994 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-6994
21 Oct 2015 — The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app. El kernel en Apple iOS en versiones anteriores a 9.1 y OS X en versiones anteriores a 10.11.1 no maneja correctamente la reutilización de la memoria virtual, lo que permite a atacantes provocar una denegación de servicio a través de una aplicación manipulada. iOS 9.1 is now available and addresses arbitrary code execution, cookies being overwri... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6997 – Apple Security Advisory 2015-10-21-1
https://notcve.org/view.php?id=CVE-2015-6997
21 Oct 2015 — The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. La implementación del certificado de confianza X.509 en Apple iOS en versiones anteriores a 9.1 no reconoce que el indicador kSecRevocationRequirePositiveResponse implica un requerimiento de verificación de revo... • http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6999 – Apple Security Advisory 2015-10-21-1
https://notcve.org/view.php?id=CVE-2015-6999
21 Oct 2015 — The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate. El cliente OCSP en Apple iOS en versiones anteriores a 9.1 no verifica el vencimiento del certificado, lo que permite a atacantes remotos falsificar un certificado válido aprovechando el acceso a un certificado revocado. iOS 9.1 is now available and addresses arbitrary code execution, cookies being overwritten, heap based buf... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-254: 7PK - Security Features •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7000 – Apple Security Advisory 2015-10-21-1
https://notcve.org/view.php?id=CVE-2015-7000
21 Oct 2015 — Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on the lock screen soon after a setting was disabled. Notification Center en Apple iOS en versiones anteriores a 9.1 no maneja correctamente los cambios en los ajustes 'Show on Lock Screen', lo que permite a atacantes físicamente próximos obtener información sensible buscando una n... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-7002 – Apple Security Advisory 2015-10-21-3
https://notcve.org/view.php?id=CVE-2015-7002
21 Oct 2015 — WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. WebKit, como se utiliza en Apple iOS en versiones anteriores a 9.1, Safari en versiones anteriores a 9.0.1 y iTunes en versiones anteriores a 12.3.... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7004 – Apple Security Advisory 2015-10-21-1
https://notcve.org/view.php?id=CVE-2015-7004
21 Oct 2015 — The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app. El kernel en Apple iOS en versiones anteriores a 9.1 permite a atacantes provocar una denegación de servicio mediante una aplicación manipulada. iOS 9.1 is now available and addresses arbitrary code execution, cookies being overwritten, heap based buffer overflow, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-20: Improper Input Validation •