CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5848 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5848
18 Sep 2015 — IOAcceleratorFamily in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. Vulnerabilidad en IOAcceleratorFamily en Apple iOS en versiones anteriores a 9, permite a usuarios locales ganar privilegios o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. iOS 9 is now available and addresses denial of service, information disclosure, and various other issues. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5850 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5850
18 Sep 2015 — AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup. Vulnerabilidad en AppleKeyStore en Apple iOS en versiones anteriores a 9, permite a atacantes físicamente próximos reiniciar la cuenta de los intentos de código de acceso incorrectos a través de una copia de seguridad del dispositivo. iOS 9 is now available and addresses denial of service, information disclosure, and various other issues. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-254: 7PK - Security Features •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5851 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5851
18 Sep 2015 — The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack. Vulnerabilidad en el inicializador de conveniencia en el componente Multipeer Connectivity en Apple iOS en versiones anteriores a 9, no requiere una sesión cifrada, lo que permite a usuarios locales obtener los datos multipeer en texto plano a través de un ataque encrypted... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5855 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5855
18 Sep 2015 — Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app. Vulnerabilidad en Apple iOS en versiones anteriores a 9, permite a atacantes descubrir las direcciones de e-mail de un jugador a través de una aplicación del Game Center manipulada. OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5856 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5856
18 Sep 2015 — The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL. Vulnerabilidad en el componente Application Store en Apple iOS en versiones anteriores a 9, permite a atacantes causar una denegación de servicio a una aplicación enterprise-signed a través de una URL ITMS manipulada. iOS 9 is now available and addresses denial of service, information disclosure, and various other issues. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-254: 7PK - Security Features •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5857 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5857
18 Sep 2015 — Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors. Vulnerabilidad en Mail en Apple iOS en versiones anteriores a 9, permite a atacantes remotos usar un contacto de la libreta de direcciones como un remitente de e-mail suplantado a través de vectores no especificados. iOS 9 is now available and addresses denial of service, information disclosure, and various other issues. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-254: 7PK - Security Features •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5858 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5858
18 Sep 2015 — The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL. Vulnerabilidad en el componente CFNetwork HTTPProtocol en Apple iOS en versiones anteriores a 9, permite a atacantes remotos eludir el mecanismo de protección HSTS, y consecuentemente obtener información sensible, a través de una URL manipulada. OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabil... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5860 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5860
18 Sep 2015 — The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site. Vulnerabilidad en el componente CFNetwork HTTPProtocol en Apple iOS en versiones anteriores a 9, no maneja correctamente el estado HSTS, lo que permite a atacantes remotos eludir el mecanismo de protección private-browsing de Safari y rastrear a los usuarios a través de un sitio web manipulado. OS X ... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5861 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5861
18 Sep 2015 — SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors. Vulnerabilidad en SpringBoard en Apple iOS en versiones anteriores a 9, permite a atacantes físicamente próximos eludir los ajustes de la vista previa deshabilitada de la pantalla de bloqueo, y responder a un mensaje de audio, a través de vectores no especificados. iOS 9 is now available and addresses denial of service, information ... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 3%CPEs: 3EXPL: 0CVE-2015-5862 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5862
18 Sep 2015 — The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file. Vulnerabilidad en el componente Audio en Apple iOS en versiones anteriores a 9, permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un archivo de audio manipulado. OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •