CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1085 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1085
09 Apr 2015 — AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app. AppleKeyStore en Apple iOS anterior a 8.3 no restringe correctamente cierta interfaz de la confirmación de contraseñas, lo que facilita a atacantes verificar adivinaciones de contraseñas correctas a través de una aplicación manipulada. iOS 8.3 is now available and addresses code execution, access restriction, inf... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1086 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1086
09 Apr 2015 — The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. El subsistema Audio Drivers en Apple iOS anterior a 8.3 y Apple TV anterior a 7.2 no valida correctamente los metadatos de objetos IOKit, lo que permite a atacantes remotos ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. Apple TV 7.2 is now availab... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 19EXPL: 0CVE-2015-1112 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1112
09 Apr 2015 — Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file. Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, utilizado en iOS anterior a 8.3 y otras plataformas, no elimina correctamente los datos del historial de navegación del fichero history.plist, lo que permite a atacante... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2015-1129 – Apple Security Advisory 2015-04-08-1
https://notcve.org/view.php?id=CVE-2015-1129
09 Apr 2015 — Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site. Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5 no selecciona correctamente los certificados de clientes X.509, lo que facilita a atacantes remotos seguir usuarios a través de un sitio web manipulado. Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 are now available and address informat... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html • CWE-310: Cryptographic Issues •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1117 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1117
09 Apr 2015 — The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app. Las implementaciones de llamadas a sistemas (1) setreuid y (2) setregid en el kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 no realizan correctamente la elimina... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 23%CPEs: 3EXPL: 0CVE-2015-1105 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1105
09 Apr 2015 — The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets. La implementación TCP en el kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 no implementa correctamente el mecanismo Urgent (también conocido como datos fuera de banda), lo que permite a atacantes remo... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1116 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1116
09 Apr 2015 — The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen. El componente UIKit View en Apple iOS anterior a 8.3 muestra instantáneas no borrosas de aplicaciones en Task Switcher, lo que facilita a atacantes físicamente próximos obtener información sensible mediante la lectura de la pantalla del sipositivo. iOS 8.3 is now available and add... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1113 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1113
09 Apr 2015 — The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app. El componente Sandbox Profiles en Apple iOS anterior a 8.3 permite a atacantes leer (1) el número de teléfono o (2) la dirección de e-mail de un contacto reciente a través de una aplicación manipulada. iOS 8.3 is now available and addresses code execution, access restriction, information disclosure, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 0CVE-2015-1093 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1093
09 Apr 2015 — FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. FontParser en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de fuentes manipulado. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege ... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1110 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1110
09 Apr 2015 — The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data. El componente Podcasts en Apple iOS anterior a 8.3 y Apple TV anterior a 7.2 permite a atacantes remotos descubrir identificadores únicos mediante la lectura de datos de solicitudes de la descarga de activos. Apple TV 7.2 is now available and addresses information disclosure, code execution, memory disclosure, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •