CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3801 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-3801
18 Sep 2015 — The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors. Vulnerabilidad en la implementación de la API document.cookie en el subsistema CFNetwork Cookies en WebKit en Apple iOS en versiones anteriores a la 9, permite a atacantes remotos eludir una restricción destinada a una única cookie a través de vectores no especificados. Safari 9 is now available and addresse... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5831 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5831
18 Sep 2015 — NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app. Vulnerabilidad en NetworkExtension en el kernel en Apple iOS en versiones anteriores a 9, no inicializa adecuadamente una estructura de datos no especificada, lo que permite a atacantes obtener información sensible del memory-layout a través de una aplicación manipulada. OS X El Capitan 10.11 is now available ... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2015-5789 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2015-5789
18 Sep 2015 — WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. Vulnerabilidad en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 9 y iTunes en versiones anteriores a 12.3, permite a atacantes remotos ejecutar código arbitrario o causar una d... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5858 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5858
18 Sep 2015 — The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL. Vulnerabilidad en el componente CFNetwork HTTPProtocol en Apple iOS en versiones anteriores a 9, permite a atacantes remotos eludir el mecanismo de protección HSTS, y consecuentemente obtener información sensible, a través de una URL manipulada. OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabil... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5846 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5846
18 Sep 2015 — IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5845. Vulnerabilidad en IOKit en el kernel en Apple iOS en versiones anteriores a 9, permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada, una vulnerabilidad... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5816 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2015-5816
18 Sep 2015 — WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. Vulnerabilidad en WebKit, tal como se utiliza en JavaScriptCore en Apple iOS en versiones anteriores a 9 y iTunes en versiones anteriores a 12.3, permite a atacantes remotos ejecu... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5912 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5912
18 Sep 2015 — The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. Vulnerabilidad en el componente CFNetwork FTPProtocol en Apple iOS en versiones anteriores a 9, permite a los servidores proxy FTP remotos activar los intentos de conexión TCP a los hosts de la intranet a través de respuestas manipuladas. OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior r... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-17: DEPRECATED: Code •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5821 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2015-5821
18 Sep 2015 — WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. Vulnerabilidad en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 9 y iTunes en versiones anteriores a 12.3, permite a atacantes remotos ejecutar código arbitrario o causar una d... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5856 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5856
18 Sep 2015 — The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL. Vulnerabilidad en el componente Application Store en Apple iOS en versiones anteriores a 9, permite a atacantes causar una denegación de servicio a una aplicación enterprise-signed a través de una URL ITMS manipulada. iOS 9 is now available and addresses denial of service, information disclosure, and various other issues. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-254: 7PK - Security Features •
CVSS: 5.3EPSS: 1%CPEs: 3EXPL: 0CVE-2015-5885 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5885
18 Sep 2015 — The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain. Vulnerabilidad en el componente CFNetwork Cookies en Apple iOS en versiones anteriores a 9, permite a atacantes remotos rastrear usuarios a través de vectores que involucran una cookie para un dominio top-level. OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •