CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1115 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1115
09 Apr 2015 — The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app. El componente Telephony en Apple iOS anterior a 8.3 permite a atacantes evadir un mecanismo de protección de sandbox y acceder a capacidades de teléfono a través de una aplicación manipulada. iOS 8.3 is now available and addresses code execution, access restriction, information disclosure, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 89%CPEs: 19EXPL: 1CVE-2015-1126 – Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft
https://notcve.org/view.php?id=CVE-2015-1126
09 Apr 2015 — WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors. WebKit, utilizado en Apple iOS anterior a 8.3 y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, no maneja correctamente el campo userinfo en las URLs FTP, lo que permite a atacantes remotos provocar el acceso a recursos inc... • https://packetstorm.news/files/id/180601 • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1114 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1114
09 Apr 2015 — The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app. El componente Sandbox Profiles en Apple iOS anterior a 8.3 y Apple TV anterior a 7.2 permite a atacantes descubrir los identificadores de hardware a través de una aplicación manipulada. Apple TV 7.2 is now available and addresses information disclosure, code execution, memory disclosure, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 6%CPEs: 3EXPL: 0CVE-2015-1103 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1103
09 Apr 2015 — The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet. kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 hace cambios de rutas en respuesta a mensajes ICMP_REDIRECT, lo que permite a atacantes remotos causar una denegación de ... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1099 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1099
09 Apr 2015 — Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app. Condición de carrera en la implementación de llamadas al sistema setreuid en el kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes causar una denegación de servicio a través de una aplicación manipulada. OS X Yosemite 10.10.3 and Securit... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1092 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1092
09 Apr 2015 — NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NSXMLParser en Foundation en Apple iOS anterior a 8.3 y Apple TV anterior a 7.2 permite a atacantes remotos leer ficheros arbitrarios a través de una declaración de entidad externa en conjunto con una referencia de entidad, relacionado con una problema de entidad ext... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1109 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1109
09 Apr 2015 — NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file. NetworkExtension en Apple iOS anterior a 8.3 almacena credenciales en los registros de configuración VPN, lo que facilita a atacantes físicamente próximos obtener información sensible mediante la lectura de un fichero del registro. iOS 8.3 is now available and addresses code execution, access restriction, inform... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1096 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1096
09 Apr 2015 — IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. IOHIDFamily en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes obtener información sensible sobre la memoria del kernel a través de una aplicación manipulada. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, inf... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1107 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1107
09 Apr 2015 — The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses. El componente Lock Screen en Apple iOS anterior a 8.3 no implementa correctamente la característica de erradicación para intentos de la autenticación de contraseñas incorrectos, lo que facilita a atacantes físicamente próximos obtener el acceso medinate la cr... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1095 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1095
09 Apr 2015 — IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device. IOHIDFamily en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes físicamente próximos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un dispositivo HID manipulado. OS X Yosemite 10... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •