CVSS: 7.8EPSS: 5%CPEs: 2EXPL: 0CVE-2015-3719 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3719
01 Jul 2015 — TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694. TrueTypeScaler en FontParser en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de fuentes manipulado, una vulnerabilidad di... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3721 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3721
01 Jul 2015 — The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app. El kernel en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 no maneja correctamente los parámetros HFS, lo que permite a atacantes obtener información sensible de la estructura de la memoria a través de una aplicación manipulada. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 0CVE-2015-3727 – WebKit WebSQL ALTER TABLE Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3727
01 Jul 2015 — WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site. WebKit en Apple Safari anterior a 6.2.7, 7.x anterior a 7.1.7, y 8.x anterior a 8.0.7, utilizado en Apple iOS anterior a 8.4 y otros productos, no restringe correctamente las operaciones de renombramiento en las tablas WebS... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 96%CPEs: 42EXPL: 1CVE-2015-4000 – LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
https://notcve.org/view.php?id=CVE-2015-4000
21 May 2015 — The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. El protocolo TLS 1.2 y anteriores, cuando una suite de cifrado DHE_EXPORT está habilitada en un servidor pero no en un cliente, no t... • https://github.com/fatlan/HAProxy-Keepalived-Sec-HighLoads • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.8EPSS: 1%CPEs: 21EXPL: 1CVE-2015-1155 – Apple Safari file:// Redirection Sandbox Escape Vulnerabliity
https://notcve.org/view.php?id=CVE-2015-1155
07 May 2015 — The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. La implementación de historial en WebKit, utilizado en Apple Safari anterior a 6.2.6, 7.x anterior a 7.1.6, y 8.x anterior a 8.0.6, permite a atacantes remotos evadir Same Origin Policy y leer ficheros arbitrarios a través de un sitio web manipulado. This vulnerability allows remote attack... • https://packetstorm.news/files/id/180685 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2015-1156 – WebKitGTK+ 2.x Use-After-Free / DoS / Code Execution
https://notcve.org/view.php?id=CVE-2015-1156
07 May 2015 — The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site. La implementación de cargar páginas en WebKit, utilizado en Apple Safari anterior a 6.2.6, 7.x anterior a 7.1.6, y 8.x anterior a 8.0.6, no maneja correctamente el atributo rel en un elemento A... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 2%CPEs: 22EXPL: 0CVE-2015-1152 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2015-1152
07 May 2015 — WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154. WebKit, utilizado en Apple Safari anterior a 6.2.6, 7.x anterior a 7.1.6, y 8.x anterior a 8.0.6, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caí... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html •
CVSS: 8.8EPSS: 2%CPEs: 22EXPL: 0CVE-2015-1153 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2015-1153
07 May 2015 — WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154. WebKit, utilizado en Apple Safari anterior a 6.2.6, 7.x anterior a 7.1.6, y 8.x anterior a 8.0.6, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caí... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html •
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 3CVE-2014-8146 – ICU library 52 < 54 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-8146
05 May 2015 — The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. La función resolveImplicitLevels en common/ubidi.c en la implementación Unicode Bidirectional Algorithm en ICU4C en International Comp... • https://www.exploit-db.com/exploits/43887 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1108 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1108
09 Apr 2015 — The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses. El componente Lock Screen en Apple iOS anterior a 8.3 no refuerza correctamente el límite en los intentos la autenticación de contraseñas incorrectos, lo que facilita a atacantes físicamente próximos obtener el acceso mediante la creación de muchas adivinaciones de contra... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •