CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-6989
https://notcve.org/view.php?id=CVE-2015-6989
Grand Central Dispatch in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted package that is mishandled during dispatch calls. Grand Central Dispatch en Apple iOS en versiones anteriores a 9.1, OS X en versiones anteriores a 10.11.1 y watchOS en versiones anteriores a 2.0.1 permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un paquete manipulado que no se maneja correctamente al despacharse llamadas. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00003.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html http://www.securitytracker.com/id/1033929 https://support.apple.com/HT205370 https://support.apple.com/HT205375 https://support.apple.com/HT205378 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 6%CPEs: 3EXPL: 0CVE-2015-6978 – Apple Safari TTF Out-Of-Bounds Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6978
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. FontParser en Apple iOS en versiones anteriores a 9.1 y OS X en versiones anteriores a 10.11.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un archivo de fuente manipulado, una vulnerabilidad diferente a CVE-2015-6976, CVE-2015-6977, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010 y CVE-2015-7018. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of fonts embedded in PDFs. An attacker could leverage this vulnerability to execute arbitrary code under the context of the current process. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html http://www.securityfocus.com/bid/77263 http://www.securitytracker.com/id/1033929 http://www.zerodayinitiative.com/advisories/ZDI-15-533 https://support.apple.com/HT205370 https://support.apple.com/HT205375 https://support.apple.com/HT205641 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5922
https://notcve.org/view.php?id=CVE-2015-5922
Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors. Vulnerabilidad no especificada en International Components para Unicode (ICU) en versiones anteriores a 53.1.0, tal como se utiliza en Apple OS X en versiones anteriores a 10.11 y watchOS en versiones anteriores a 2, tiene un impacto y vectores de ataque desconocidos. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/76911 http://www.securitytracker.com/id/1033703 https://support.apple.com/HT205213 https://support.apple.com/HT205267 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5834
https://notcve.org/view.php?id=CVE-2015-5834
IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. Vulnerabilidad en IOAcceleratorFamily en Apple iOS en versiones anteriores a 9, permite a atacantes obtener información sensible de la estructura de memoria del kernel a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://www.securityfocus.com/bid/76764 http://www.securitytracker.com/id/1033609 https://support.apple.com/HT205212 https://support.apple.com/HT205213 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5858
https://notcve.org/view.php?id=CVE-2015-5858
The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL. Vulnerabilidad en el componente CFNetwork HTTPProtocol en Apple iOS en versiones anteriores a 9, permite a atacantes remotos eludir el mecanismo de protección HSTS, y consecuentemente obtener información sensible, a través de una URL manipulada. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/76764 http://www.securitytracker.com/id/1033609 https://support.apple.com/HT205212 https://support.apple.com/HT205267 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •