CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5825
https://notcve.org/view.php?id=CVE-2015-5825
18 Sep 2015 — WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code. Vulnerabilidad en WebKit en Apple iOS en versiones anteriores a 9, no restringe adecuadamente la disponibilidad de tiempos en la Performance API, lo que permite a atacantes remotos obtener información sensible sobre el histórico del navegador, el movimiento de... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5826
https://notcve.org/view.php?id=CVE-2015-5826
18 Sep 2015 — WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Vulnerabilidad en WebKit en Apple iOS en versiones anteriores a 9, no selecciona adecuadamente los casos en los que se necesita un documento Cascading Style Sheets (CSS) para obtener el tipo de contenido text/css, lo que permite a atacantes remotos eludir la Same O... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-284: Improper Access Control •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5827
https://notcve.org/view.php?id=CVE-2015-5827
18 Sep 2015 — WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event. Vulnerabilidad en WebKit en Apple iOS en versiones anteriores a 9, permite a atacantes remotos eludir la Same Origin Policy y obtener una referencia de objeto a través de vectores que involucran un evento (1) custom , (2) message o (3) pop state. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3801
https://notcve.org/view.php?id=CVE-2015-3801
18 Sep 2015 — The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors. Vulnerabilidad en la implementación de la API document.cookie en el subsistema CFNetwork Cookies en WebKit en Apple iOS en versiones anteriores a la 9, permite a atacantes remotos eludir una restricción destinada a una única cookie a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5748
https://notcve.org/view.php?id=CVE-2015-5748
16 Aug 2015 — The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume. Vulnerabilidad en el kernel en Apple OS X en versiones anteriores a 10.10.5, no monta adecuadamente volúmenes HFS, lo que permite a usuarios locales causar una denegación de servicio a través de un volumen manipulado. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-17: DEPRECATED: Code •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-3729
https://notcve.org/view.php?id=CVE-2015-3729
13 Aug 2015 — Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site. Vulnerabilidad en Apple Safari en versiones anteriores a 6.2.8, 7.x en versiones anteriores a 7.1.8 y 8.x en versiones anteriores a 8.0.8, tal como se utiliza en iOS en versiones anteriores a 8.4.1 y otros productos, no indica el sitio web que originó el símb... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-3730
https://notcve.org/view.php?id=CVE-2015-3730
13 Aug 2015 — WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Vulnerabilidad en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 8.4.1 y en Safari en versiones anteriores a 6.2.8, 7.x en versiones... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-3731
https://notcve.org/view.php?id=CVE-2015-3731
13 Aug 2015 — WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Vulnerabilidad en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 8.4.1 y en Safari en versiones anteriores a 6.2.8, 7.x en versiones... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-3732
https://notcve.org/view.php?id=CVE-2015-3732
13 Aug 2015 — WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Vulnerabilidad en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 8.4.1 y en Safari en versiones anteriores a 6.2.8, 7.x en versiones... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2015-3733
https://notcve.org/view.php?id=CVE-2015-3733
13 Aug 2015 — WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Vulnerabilidad en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 8.4.1 y en Safari en versiones anteriores a 6.2.8, 7.x en versiones... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •