CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5837
https://notcve.org/view.php?id=CVE-2015-5837
PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app. Vulnerabilidad en PluginKit en Apple iOS en versiones anteriores a 9, permite a atacantes eludir un requisito destinado a app-trust e instalar extensiones arbitrarias a través de una aplicación empresarial manipulada. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://www.securityfocus.com/bid/76764 http://www.securitytracker.com/id/1033609 https://support.apple.com/HT205212 https://support.apple.com/HT205213 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5814
https://notcve.org/view.php?id=CVE-2015-5814
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. Vulnerabilidad en WebKit, tal como se utiliza en JavaScriptCore en Apple iOS en versiones anteriores a 9 y iTunes en versiones anteriores a 12.3, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a otras CVEs WebKit listadas en APPLE-SA-2015-09-16-1 y APPLE-SA-2015-09-16-3. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html http://www.securityfocus.com/bid/76763 http://www.securitytracker.com/id/1033609 https://support.apple.com/HT205212 https://support.apple.com/HT205221 https://support.apple.com/HT205265 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5824
https://notcve.org/view.php?id=CVE-2015-5824
The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Vulnerabilidad en la implementación de NSURL en el componente CFNetwork SSL en Apple iOS en versiones anteriores a 9, no verifica adecuadamente los certificados X.509 de los servidores SSL después un cambio en el certificado, lo que permite a atacantes man-in-the-middle suplantar los servidores y obtener información sensible a través de un certificado manipulado. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/76764 http://www.securitytracker.com/id/1033609 https://support.apple.com/HT205212 https://support.apple.com/HT205213 https://support.apple.com/HT205267 • CWE-310: Cryptographic Issues •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5843
https://notcve.org/view.php?id=CVE-2015-5843
IOMobileFrameBuffer in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. Vulnerabilidad en IOMobileFrameBuffer en Apple iOS en versiones anteriores a 9, permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://www.securityfocus.com/bid/76764 http://www.securitytracker.com/id/1033609 https://support.apple.com/HT205212 https://support.apple.com/HT205213 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5907
https://notcve.org/view.php?id=CVE-2015-5907
WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate. Vulnerabilidad en WebKit en Apple iOS en versiones anteriores a 9, permite a atacantes man-in-the-middle realizar ataques de redirección aprovechando el mal manejo de la caché de recursos de un sitio web SSL con un certificado X.509 no válido. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://www.securityfocus.com/bid/76766 http://www.securitytracker.com/id/1033609 https://support.apple.com/HT205212 • CWE-310: Cryptographic Issues •