CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3722 – Apple Security Advisory 2015-06-30-1
https://notcve.org/view.php?id=CVE-2015-3722
01 Jul 2015 — Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal provisioning profile app. Application Store en Apple iOS anterior a 8.4 no asegura la singularidad de los identificadores de paquetes, lo que permite a atacantes causar una denegación de servicio (colisión de identificadores y interrupción de lanzamiento) a través de una aplicación de perfiles de provisionamiento ... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 2%CPEs: 24EXPL: 0CVE-2015-3659 – SQLite Default Value Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3659
01 Jul 2015 — The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. El autorizador SQLite en la funcionalidad Storage en WebKit en Apple Safari anterior a 6.2.7, 7.x anterior a 7.1.7, y 8.x anterior a 8.0.7, utilizad... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 0CVE-2015-3658 – Ubuntu Security Notice USN-2937-1
https://notcve.org/view.php?id=CVE-2015-3658
01 Jul 2015 — The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site. La funcionalidad Page Loading en WebKit en Apple Safari anterior a 6.2.7, 7.x anterior a 7.1.7, y 8.x anterior a 8.0.7, utilizado en Apple iOS anterior a 8.4 y... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 5%CPEs: 2EXPL: 0CVE-2015-3684 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3684
01 Jul 2015 — The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL. La implementación HTTPAuthentication en CFNetwork en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de credenciales manipuladas en una URL. OS X Yosemit... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 5%CPEs: 2EXPL: 0CVE-2015-3685 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3685
01 Jul 2015 — CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689. CoreText en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de texto manipulado, una vulnerabil... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 5%CPEs: 2EXPL: 0CVE-2015-3689 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3689
01 Jul 2015 — CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3688. CoreText en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de texto manipulado, una vulnerabil... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 1%CPEs: 2EXPL: 0CVE-2015-3690 – Apple OS X GZIP DMG Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-3690
01 Jul 2015 — The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. El subsistema DiskImages en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes obtener información sensible de la estructura de la memoria para el kernel a través de una aplicación manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction ... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 5%CPEs: 2EXPL: 0CVE-2015-3694 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3694
01 Jul 2015 — FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719. FontParser en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción memoria) a través de un fichero de fuentes manipulado, una vulnerabilidad diferente a CVE-2015-3719. OS X Yosemite ... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 0CVE-2015-3703 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3703
01 Jul 2015 — ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image. ImageIO en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una imagen TIFF manipulada. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary c... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3710 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3710
01 Jul 2015 — Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message. Mail en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos provocar una operación de actualización, y como consecuencia causar una visita a un sitio web arbitrario, a través de un mensaje de email HTML manipulado. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available ... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-254: 7PK - Security Features •