CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5824 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5824
18 Sep 2015 — The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Vulnerabilidad en la implementación de NSURL en el componente CFNetwork SSL en Apple iOS en versiones anteriores a 9, no verifica adecuadamente los certificados X.509 de los servidores SSL después un cambio en el certificado, l... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-310: Cryptographic Issues •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5825 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5825
18 Sep 2015 — WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code. Vulnerabilidad en WebKit en Apple iOS en versiones anteriores a 9, no restringe adecuadamente la disponibilidad de tiempos en la Performance API, lo que permite a atacantes remotos obtener información sensible sobre el histórico del navegador, el movimiento de... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5826 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5826
18 Sep 2015 — WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Vulnerabilidad en WebKit en Apple iOS en versiones anteriores a 9, no selecciona adecuadamente los casos en los que se necesita un documento Cascading Style Sheets (CSS) para obtener el tipo de contenido text/css, lo que permite a atacantes remotos eludir la Same O... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-284: Improper Access Control •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5827 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5827
18 Sep 2015 — WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event. Vulnerabilidad en WebKit en Apple iOS en versiones anteriores a 9, permite a atacantes remotos eludir la Same Origin Policy y obtener una referencia de objeto a través de vectores que involucran un evento (1) custom , (2) message o (3) pop state. Various 2.x releases of WebKitGTK+ suffer from over 130 vulnera... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-5829 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5829
18 Sep 2015 — Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file. Vulnerabilidad en Data Detectors Engine en Apple iOS en versiones anteriores a 9, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo de texto manipulado. iOS 9 is now available and addresses denial of service, information disclosure, and various other issue... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5831 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5831
18 Sep 2015 — NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app. Vulnerabilidad en NetworkExtension en el kernel en Apple iOS en versiones anteriores a 9, no inicializa adecuadamente una estructura de datos no especificada, lo que permite a atacantes obtener información sensible del memory-layout a través de una aplicación manipulada. OS X El Capitan 10.11 is now available ... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5832 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5832
18 Sep 2015 — The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified vectors. Vulnerabilidad en el componente iTunes Store en Apple iOS en versiones anteriores a 9, no borra adecuadamente las credenciales del AppleID desde el llavero en una acción de desconexión, lo que podría permitir a atacantes físicamente próximos obtener información sensible ... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5834 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5834
18 Sep 2015 — IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. Vulnerabilidad en IOAcceleratorFamily en Apple iOS en versiones anteriores a 9, permite a atacantes obtener información sensible de la estructura de memoria del kernel a través de una aplicación manipulada. iOS 9 is now available and addresses denial of service, information disclosure, and various other issues. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5835 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5835
18 Sep 2015 — Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme. Apple iOS en versiones anteriores a 9, permite a atacantes obtener información sensible sobre la comunicación entre aplicaciones a través de una aplicación manipulada que lleva a cabo un ataque de interceptación que implica un esquema de URL no especificado. iOS 9 is now available and addresses denial of service, informa... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5837 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5837
18 Sep 2015 — PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app. Vulnerabilidad en PluginKit en Apple iOS en versiones anteriores a 9, permite a atacantes eludir un requisito destinado a app-trust e instalar extensiones arbitrarias a través de una aplicación empresarial manipulada. iOS 9 is now available and addresses denial of service, information disclosure, and various other issues. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-20: Improper Input Validation •