CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1108
https://notcve.org/view.php?id=CVE-2015-1108
The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses. El componente Lock Screen en Apple iOS anterior a 8.3 no refuerza correctamente el límite en los intentos la autenticación de contraseñas incorrectos, lo que facilita a atacantes físicamente próximos obtener el acceso mediante la creación de muchas adivinaciones de contraseñas. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://www.securityfocus.com/bid/73978 http://www.securitytracker.com/id/1032050 https://support.apple.com/HT204661 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1109
https://notcve.org/view.php?id=CVE-2015-1109
NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file. NetworkExtension en Apple iOS anterior a 8.3 almacena credenciales en los registros de configuración VPN, lo que facilita a atacantes físicamente próximos obtener información sensible mediante la lectura de un fichero del registro. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://www.securityfocus.com/bid/73978 http://www.securitytracker.com/id/1032050 https://support.apple.com/HT204661 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1125
https://notcve.org/view.php?id=CVE-2015-1125
The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site. La implementación touch-events en WebKit en Apple iOS anterior a 8.3 permite a atacantes remotos provocar una asociación entre una pulsación y un recurso de web no intencionado a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://www.securitytracker.com/id/1032050 https://support.apple.com/HT204661 • CWE-17: DEPRECATED: Code •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1106
https://notcve.org/view.php?id=CVE-2015-1106
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard. La característica QuickType en el subsistema Keyboards en Apple iOS anterior a 8.3 permite a atacantes físicamente próximos descubrir contraseñas mediante la lectura de la pantalla de bloqueo durante el uso de un teclado Bluetooth. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://www.securityfocus.com/bid/73978 http://www.securitytracker.com/id/1032050 https://support.apple.com/HT204661 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1118
https://notcve.org/view.php?id=CVE-2015-1118
libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile. libnetcore en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un perfil de configuración manipulado. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://support.apple.com/HT204661 https://support.apple.com/HT204662 •