CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1108 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1108
09 Apr 2015 — The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses. El componente Lock Screen en Apple iOS anterior a 8.3 no refuerza correctamente el límite en los intentos la autenticación de contraseñas incorrectos, lo que facilita a atacantes físicamente próximos obtener el acceso mediante la creación de muchas adivinaciones de contra... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 3CVE-2015-1100 – Apple Mac OSX - Local Denial of Service
https://notcve.org/view.php?id=CVE-2015-1100
09 Apr 2015 — The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app. El kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes causar una denegación de servicio (acceso a memoria fuera de rango) u obtener información sensible del contenido de la memoria a través de una aplicación manipulada. O... • https://packetstorm.news/files/id/131508 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1094 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1094
09 Apr 2015 — IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. IOAcceleratorFamily en Apple iOS anterior a 8.3 y Apple TV anterior a 7.2 permite a atacantes obtener información sensible sobre la memoria del kernel a través de una aplicación manipulada. Watch OS 1.0.1 is now available and addresses certificate issues, arbitrary code execution, XML external entity, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1097 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1097
09 Apr 2015 — IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. IOMobileFramebuffer en Apple iOS anterior a 8.3 y Apple TV anterior a 7.2 permite a atacantes obtener información sensible sobre la memoria del kernel a través de una aplicación manipulada. Apple TV 7.2 is now available and addresses information disclosure, code execution, memory disclosure, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1098 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1098
09 Apr 2015 — iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. iWork en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero iWork manipulado. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, co... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2015-1088 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1088
09 Apr 2015 — CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site. CFURL en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 no valida correctamente las URLs, lo que permite a atacantes remotos ejecutar código arbitrario a través de un sitio web maniuplado. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosur... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 9%CPEs: 3EXPL: 0CVE-2015-1102 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1102
09 Apr 2015 — The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors. El kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 no maneja correctamente las cabeceras TCP, lo que permite a atacantes man-in-the-middle causar una denegación de servicio a través de vectores no especificados. OS X Yosemite 10.10.3 and Security ... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1118 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1118
09 Apr 2015 — libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile. libnetcore en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un perfil de configuración manipulado. OS X Yosemite 10.10.3 and Security Update 2015-004 a... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1125 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1125
09 Apr 2015 — The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site. La implementación touch-events en WebKit en Apple iOS anterior a 8.3 permite a atacantes remotos provocar una asociación entre una pulsación y un recurso de web no intencionado a través de un sitio web manipulado. iOS 8.3 is now available and addresses code execution, access restriction, information disclosure, and various ot... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-17: DEPRECATED: Code •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1090 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1090
09 Apr 2015 — CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file. CFNetwork en Apple iOS anterior a 8.3 no elimina la información de del estado de HTTP Strict Transport Security (HSTS) en respuesta a una acción de la limpieza del historial de Safari, lo que permite a atacantes obtener información sensible mediante la lectura de un fichero ... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •