CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7023 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-7023
21 Oct 2015 — CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. CFNetwork en Apple iOS en versiones anteriores a 9.1 y OS X en versiones anteriores a 10.11.1 no considera adecuadamente la distinción de mayúsculas frente a minúsculas durante el análisis de cookie, lo que permite a servidores web remotos sobrescribir cookies a través de vectores n... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-17: DEPRECATED: Code •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-7014 – Apple Security Advisory 2015-10-21-3
https://notcve.org/view.php?id=CVE-2015-7014
21 Oct 2015 — WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. WebKit, como se utiliza en Apple iOS en versiones anteriores a 9.1, Safari en versiones anteriores a 9.0.1 y iTunes en versiones anteriores a 12.3.... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-7015 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-7015
21 Oct 2015 — Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client. Desbordamiento de buffer basado en memoria dinámica en la librería del cliente DNS en configd en Apple iOS en versiones anteriores a 9.1, OS X en versiones anteriores a 10.11.1 y watchOS en versiones anteriores a 2.0.1 permite a atacantes ejecutar código arbitrario... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 4%CPEs: 3EXPL: 0CVE-2015-7017 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-7017
21 Oct 2015 — CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992. CoreText en Apple iOS en versiones anteriores 9.1, OS X anteriores a 10.11.1 y iTunes en versiones a 12.3.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a tavés de un archi... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-7018 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-7018
21 Oct 2015 — FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7010. FontParser en Apple iOS en versiones anteriores a 9.1 y OS X en versiones anteriores a 10.11.1 permite a atacantes remotos ejecutar código arbitrario o provoca... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5924 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-5924
21 Oct 2015 — The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. La implementación OpenGL en Apple iOS en versiones anteriores a 9.1 y OS X en versiones anteriores a 10.11.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado. iOS 9.1 is now available and addresses arbitrary cod... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5925 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-5925
21 Oct 2015 — The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926. El componente CoreGraphics en Apple iOS en versiones anteriores a 9.1, OS X en versiones anteriores a 10.11.1 y watchOS en versiones anteriores a 2.0.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio ... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2015-3807 – Apple Security Advisory 2015-12-08-1
https://notcve.org/view.php?id=CVE-2015-3807
13 Aug 2015 — libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document. Vulnerabilidad en libxml2 en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes remotos obtener información sensible de la memoria del proceso o causar una denegación de servicio (corrupción de memoria) a través de un documento XML manipulado. OS X... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 3%CPEs: 17EXPL: 0CVE-2015-1819 – libxml2: denial of service processing a crafted XML document
https://notcve.org/view.php?id=CVE-2015-1819
07 Jul 2015 — The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Vulnerabilidad en el xmlreader en libxml, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de datos XML manipulados, relacionada con un ataque XML Entity Expansión (XEE). A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2013-0340 – Apple Security Advisory 2021-10-26-11
https://notcve.org/view.php?id=CVE-2013-0340
21 Jan 2014 — expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issu... • http://openwall.com/lists/oss-security/2013/02/22/3 • CWE-611: Improper Restriction of XML External Entity Reference •