CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7022 – Apple Security Advisory 2015-10-21-1
https://notcve.org/view.php?id=CVE-2015-7022
21 Oct 2015 — The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app. El subsistema Telephony en Apple iOS en versiones anteriores a 9.1 permite a atacantes obtener información sensible del estado de llamada a través de una aplicación manipulada. iOS 9.1 is now available and addresses arbitrary code execution, cookies being overwritten, heap based buffer overflow, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7023 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-7023
21 Oct 2015 — CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. CFNetwork en Apple iOS en versiones anteriores a 9.1 y OS X en versiones anteriores a 10.11.1 no considera adecuadamente la distinción de mayúsculas frente a minúsculas durante el análisis de cookie, lo que permite a servidores web remotos sobrescribir cookies a través de vectores n... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-17: DEPRECATED: Code •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-7014 – Apple Security Advisory 2015-10-21-3
https://notcve.org/view.php?id=CVE-2015-7014
21 Oct 2015 — WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. WebKit, como se utiliza en Apple iOS en versiones anteriores a 9.1, Safari en versiones anteriores a 9.0.1 y iTunes en versiones anteriores a 12.3.... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-7015 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-7015
21 Oct 2015 — Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client. Desbordamiento de buffer basado en memoria dinámica en la librería del cliente DNS en configd en Apple iOS en versiones anteriores a 9.1, OS X en versiones anteriores a 10.11.1 y watchOS en versiones anteriores a 2.0.1 permite a atacantes ejecutar código arbitrario... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 4%CPEs: 3EXPL: 0CVE-2015-7017 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-7017
21 Oct 2015 — CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992. CoreText en Apple iOS en versiones anteriores 9.1, OS X anteriores a 10.11.1 y iTunes en versiones a 12.3.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a tavés de un archi... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-7018 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-7018
21 Oct 2015 — FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7010. FontParser en Apple iOS en versiones anteriores a 9.1 y OS X en versiones anteriores a 10.11.1 permite a atacantes remotos ejecutar código arbitrario o provoca... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5924 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-5924
21 Oct 2015 — The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. La implementación OpenGL en Apple iOS en versiones anteriores a 9.1 y OS X en versiones anteriores a 10.11.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado. iOS 9.1 is now available and addresses arbitrary cod... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5925 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-5925
21 Oct 2015 — The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926. El componente CoreGraphics en Apple iOS en versiones anteriores a 9.1, OS X en versiones anteriores a 10.11.1 y watchOS en versiones anteriores a 2.0.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio ... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5923 – Apple Security Advisory 2015-09-30-01
https://notcve.org/view.php?id=CVE-2015-5923
01 Oct 2015 — Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors. Apple iOS en versiones anteriores a 9.0.2 no restringe adecuadamente las opciones disponibles en la pantalla de bloqueo, lo que permite a atacantes físicamente próximos leer los datos de contactos o ver fotos a través de vectores no especificados. iOS 9.0.2 is now available and addresses a lock screen vulnerabilit... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3801 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-3801
18 Sep 2015 — The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors. Vulnerabilidad en la implementación de la API document.cookie en el subsistema CFNetwork Cookies en WebKit en Apple iOS en versiones anteriores a la 9, permite a atacantes remotos eludir una restricción destinada a una única cookie a través de vectores no especificados. Safari 9 is now available and addresse... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •