CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1104
https://notcve.org/view.php?id=CVE-2015-1104
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet. El kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 no determina correctamente si un paquete tenía un origen local, lo que permite a atacantes remotos evadir el mecanismo de protección del filtrado de la red a través de un paquete manipulado. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https://support.apple.com/kb/HT204870 • CWE-20: Improper Input Validation •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1099
https://notcve.org/view.php?id=CVE-2015-1099
Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app. Condición de carrera en la implementación de llamadas al sistema setreuid en el kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes causar una denegación de servicio a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https://support.apple.com/kb/HT204870 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 18%CPEs: 3EXPL: 0CVE-2015-1102
https://notcve.org/view.php?id=CVE-2015-1102
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors. El kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 no maneja correctamente las cabeceras TCP, lo que permite a atacantes man-in-the-middle causar una denegación de servicio a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https://support.apple.com/kb/HT204870 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-1088
https://notcve.org/view.php?id=CVE-2015-1088
CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site. CFURL en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 no valida correctamente las URLs, lo que permite a atacantes remotos ejecutar código arbitrario a través de un sitio web maniuplado. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://www.securityfocus.com/bid/73984 http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://support.apple.com/HT204661 • CWE-20: Improper Input Validation •
CVSS: 1.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1096
https://notcve.org/view.php?id=CVE-2015-1096
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. IOHIDFamily en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes obtener información sensible sobre la memoria del kernel a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https://support.apple.com/kb/HT204870 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •