CVSS: 6.8EPSS: 2%CPEs: 2EXPL: 0CVE-2015-3689
https://notcve.org/view.php?id=CVE-2015-3689
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3688. CoreText en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de texto manipulado, una vulnerabilidad diferente a CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, y CVE-2015-3688. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75491 http://www.securitytracker.com/id/1032760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3722
https://notcve.org/view.php?id=CVE-2015-3722
Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal provisioning profile app. Application Store en Apple iOS anterior a 8.4 no asegura la singularidad de los identificadores de paquetes, lo que permite a atacantes causar una denegación de servicio (colisión de identificadores y interrupción de lanzamiento) a través de una aplicación de perfiles de provisionamiento manipulada. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://support.apple.com/kb/HT204941 http://www.securityfocus.com/bid/75490 http://www.securitytracker.com/id/1032761 • CWE-254: 7PK - Security Features •
CVSS: 6.8EPSS: 2%CPEs: 2EXPL: 0CVE-2015-3684
https://notcve.org/view.php?id=CVE-2015-3684
The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL. La implementación HTTPAuthentication en CFNetwork en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de credenciales manipuladas en una URL. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75491 http://www.securitytracker.com/id/1032760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 2%CPEs: 3EXPL: 0CVE-2015-3688
https://notcve.org/view.php?id=CVE-2015-3688
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689. CoreText en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de texto manipulado, una vulnerabilidad diferente a CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, y CVE-2015-3689. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75491 http://www.securitytracker.com/id/1032760 https://support.apple.com/HT205221 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 0CVE-2015-3659 – SQLite Default Value Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3659
The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. El autorizador SQLite en la funcionalidad Storage en WebKit en Apple Safari anterior a 6.2.7, 7.x anterior a 7.1.7, y 8.x anterior a 8.0.7, utilizado en Apple iOS anterior a 8.4 y otros productos, no restringe correctamente el acceso a las funciones SQL, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un sitio web manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SQLite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of DEFAULT expressions for column values. The issue lies in the ability to create a table that will execute privileged functions by specifying a DEFAULT value for a column and then inserting into the table. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204950 http://www.securityfocus.com/bid/75492 http://www.securitytracker.com/id/1032754 http://www.ubuntu.com/usn/USN-2937-1 • CWE-264: Permissions, Privileges, and Access Controls •