Page 5 of 161 results (0.004 seconds)

CVSS: 6.8EPSS: 1%CPEs: 52EXPL: 0

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. WebKit, usado en Apple iOS anterior a v7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado. Vulnerabilidad distinta de otros CVEs listados en APPLE-SA-2013-09-18-2. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://support.apple.com/kb/HT6001 http://www.securitytracker.com/id/1029054 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 0%CPEs: 48EXPL: 0

The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application. El driver IOSerialFamily de Apple iOS en versiones anteriores a 7 permite a atacantes ejecutar código arbitrario o causar denegación de servicio (acceso fuera de rango a array) a través de una aplicacion manipulada • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://support.apple.com/kb/HT6150 http://www.securitytracker.com/id/1029054 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 48EXPL: 0

The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon. El subsistema de Twitter en Apple iOS anteriores a v7 no requiere conformidad de la API para acceder a las interfaces demonio de Twitter, lo cual permite a atacantes publicar Tweets a través de aplicaciones manipuladas que envían peticiones directas al demonio. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 1.9EPSS: 0%CPEs: 48EXPL: 0

The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. La funcionalidad para limpieza del historial en Safari en Apple iOS anterior 7 no limpia el histórico atrás/adelante en una pestaña abierta, lo que permite a atacantes físicamente próximos obtener información sensible mediante el aprovechamiento de una equipo de trabajo sin supervisión. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 https://support.apple.com/kb/HT6535 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 0

Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. Vulnerabilidad en Mobile Safari de Apple iOS anterior a la versión 7 permite a atacantes remotos falsificar la barra de direcciones a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-20: Improper Input Validation •