CVSS: 8.3EPSS: 0%CPEs: 5EXPL: 0CVE-2015-3750 – WebKitGTK+ 2.x Use-After-Free / DoS / Code Execution
https://notcve.org/view.php?id=CVE-2015-3750
13 Aug 2015 — WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream. Vulnerabilidad en WebKit en Apple Safari en versiones anteriores a 6.2.8, 7.x en versiones anteri... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html • CWE-254: 7PK - Security Features •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3806 – Apple Security Advisory 2016-02-25-1
https://notcve.org/view.php?id=CVE-2015-3806
13 Aug 2015 — Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file. Vulnerabilidad en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a usuarios locales eludir un mecanismo de protección de firma de código añadiendo código a un archivo ejecutable manipulado. OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache, the OD pl... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-3729 – Apple Security Advisory 2015-08-13-1
https://notcve.org/view.php?id=CVE-2015-3729
13 Aug 2015 — Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site. Vulnerabilidad en Apple Safari en versiones anteriores a 6.2.8, 7.x en versiones anteriores a 7.1.8 y 8.x en versiones anteriores a 8.0.8, tal como se utiliza en iOS en versiones anteriores a 8.4.1 y otros productos, no indica el sitio web que originó el símb... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html • CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3800 – Apple Security Advisory 2016-02-25-1
https://notcve.org/view.php?id=CVE-2015-3800
13 Aug 2015 — The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image. Vulnerabilidad en el componente DiskImages en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de una imagen DMG mal formada.... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2015-3807 – Apple Security Advisory 2015-12-08-1
https://notcve.org/view.php?id=CVE-2015-3807
13 Aug 2015 — libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document. Vulnerabilidad en libxml2 en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes remotos obtener información sensible de la memoria del proceso o causar una denegación de servicio (corrupción de memoria) a través de un documento XML manipulado. OS X... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2015-3752 – Ubuntu Security Notice USN-2937-1
https://notcve.org/view.php?id=CVE-2015-3752
13 Aug 2015 — The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request. Vulnerabilidad en la implementación de Content Security Policy en WebKit en Apple Safari en versiones anteriores a 6.2.8, 7.x e... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-3755 – WebKitGTK+ 2.x Use-After-Free / DoS / Code Execution
https://notcve.org/view.php?id=CVE-2015-3755
13 Aug 2015 — WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL. Vulnerabilidad en WebKit en Apple Safari en versiones anteriores a 6.2.8, 7.x en versiones anteriores a 7.1.8 y 8.x en versiones anteriores a 8.0.8, tal como se utiliza en iOS en versiónes anteriores a 8.4.1 y otros productos, permite a atacantes remotos falsificar la interfaz de usuario a través de una dirección... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html • CWE-254: 7PK - Security Features •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3763 – Apple Security Advisory 2015-08-13-3
https://notcve.org/view.php?id=CVE-2015-3763
13 Aug 2015 — Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site. Vulnerabilidad en Safari en Apple iOS en versiones anteriores a 8.4.1, no limita la velocidad de los mensajes de alerta de JavaScript, lo que permite a atacantes remotos causar una denegación de servicio (bloqueo aparente del navegador) a través de sitios web manipulados. iOS 8.4.1 is now available and addresses v... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html • CWE-19: Data Processing Errors •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3782 – Apple Security Advisory 2016-02-25-1
https://notcve.org/view.php?id=CVE-2015-3782
13 Aug 2015 — CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app. Vulnerabilidad en CloudKit en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes acceder a un registro de usuario de iCloud asociado a una sesión previa de login de usuario a través de una aplicación manipulada. OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and ... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3802 – Apple Security Advisory 2016-02-25-1
https://notcve.org/view.php?id=CVE-2015-3802
13 Aug 2015 — Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805. Vulnerabilidad en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a usuarios locales eludir un mecanismo de protección de firma de código a través de un archivo Mach-O manipulado, una vulnerabilidad diferente a CVE-2015-3805. OS X Yosemite 10.10.5 and Security Update 2015-006 is now ... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-20: Improper Input Validation •