CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1091
https://notcve.org/view.php?id=CVE-2015-1091
The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. El componente CFNetwork Session en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 no maneja correctamente las cabeceras de solicitudes durante el procesamiento de las redirecciones en respuestas HTTP, lo que permite a atacantes remotos evadir Same Origin Policy a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://www.securityfocus.com/bid/73984 http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://support.apple.com/HT204661 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-1093
https://notcve.org/view.php?id=CVE-2015-1093
FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. FontParser en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de fuentes manipulado. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://www.securityfocus.com/bid/73984 http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://support.apple.com/HT204661 https://support.apple.com/kb/HT204870 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1095
https://notcve.org/view.php?id=CVE-2015-1095
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device. IOHIDFamily en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes físicamente próximos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un dispositivo HID manipulado. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://support.apple.com/HT204661 https://support.apple.com/HT204662 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1089
https://notcve.org/view.php?id=CVE-2015-1089
CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. CFNetwork en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 no maneja correctamente las cookies durante el procesamiento de las redirecciones en respuestas HTTP, lo que permite a atacantes remotos evadir Same Origin Policy a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://www.securityfocus.com/bid/73984 http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://support.apple.com/HT204661 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 3CVE-2015-1130 – Apple OS X Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-1130
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors. La implementación XPC en Admin Framework en Apple OS X anterior a 10.10.3 permite a usuarios locales evadir la autenticación y obtener privilegios administrativos a través de vectores no especificados. The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges. • https://www.exploit-db.com/exploits/36745 https://www.exploit-db.com/exploits/36692 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://www.osvdb.org/120418 http://www.securityfocus.com/bid/73982 http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x • CWE-254: 7PK - Security Features •