CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 0CVE-2015-5879 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5879
18 Sep 2015 — XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header. Vulnerabilidad en XNU en el kernel en Apple iOS en versiones anteriores a 9, no valida adecuadamente las cabeceras de los paquetes TCP, lo que permite a atacantes remotos eludir el mecanismo de protección de secuencia numérica y causar una denegación de se... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5814 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2015-5814
18 Sep 2015 — WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. Vulnerabilidad en WebKit, tal como se utiliza en JavaScriptCore en Apple iOS en versiones anteriores a 9 y iTunes en versiones anteriores a 12.3, permite a atacantes remotos ejecu... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5816 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2015-5816
18 Sep 2015 — WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. Vulnerabilidad en WebKit, tal como se utiliza en JavaScriptCore en Apple iOS en versiones anteriores a 9 y iTunes en versiones anteriores a 12.3, permite a atacantes remotos ejecu... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5817 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2015-5817
18 Sep 2015 — WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. Vulnerabilidad en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 9 y iTunes en versiones anteriores a 12.3, permite a atacantes remotos ejecutar código arbitrario o causar una d... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5818 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2015-5818
18 Sep 2015 — WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. Vulnerabilidad en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 9 y iTunes en versiones anteriores a 12.3, permite a atacantes remotos ejecutar código arbitrario o causar una d... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5905 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5905
18 Sep 2015 — Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site. Vulnerabilidad en Safari en Apple iOS en versiones anteriores a 9, permite a atacantes remotos suplantar la relación entre las URLs y el contenido web a través de la apertura de una ventana manipulada en un sitio web. iOS 9 is now available and addresses denial of service, information disclosure, and various other issues. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5906 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5906
18 Sep 2015 — The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character. Vulnerabilidad en la implementación del formulario HTML en WebKit en Apple iOS en versiones anteriores a 9, no impide el acceso de QuickType al carácter finel de una contraseña, lo que podría facilitar a un atacante remoto descubrir una contraseña ... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5907 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5907
18 Sep 2015 — WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate. Vulnerabilidad en WebKit en Apple iOS en versiones anteriores a 9, permite a atacantes man-in-the-middle realizar ataques de redirección aprovechando el mal manejo de la caché de recursos de un sitio web SSL con un certificado X.509 no válido. iOS 9 is now available and addresses denial of service, information... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5912 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5912
18 Sep 2015 — The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. Vulnerabilidad en el componente CFNetwork FTPProtocol en Apple iOS en versiones anteriores a 9, permite a los servidores proxy FTP remotos activar los intentos de conexión TCP a los hosts de la intranet a través de respuestas manipuladas. OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior r... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-17: DEPRECATED: Code •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5916 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5916
18 Sep 2015 — The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature. Vulnerabilidad en el componente Apple Pay en Apple iOS en versiones anteriores a 9, permite a terminales remotos obtener información sensible de recent-transaction durante los pagos mediante el aprovechamiento de la característica transaction-log. watchOS 2.0.1 is now available and addresses arbitrary code execution, heap buffer o... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •