CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2015-1156 – WebKitGTK+ 2.x Use-After-Free / DoS / Code Execution
https://notcve.org/view.php?id=CVE-2015-1156
07 May 2015 — The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site. La implementación de cargar páginas en WebKit, utilizado en Apple Safari anterior a 6.2.6, 7.x anterior a 7.1.6, y 8.x anterior a 8.0.6, no maneja correctamente el atributo rel en un elemento A... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 2%CPEs: 22EXPL: 0CVE-2015-1152 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2015-1152
07 May 2015 — WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154. WebKit, utilizado en Apple Safari anterior a 6.2.6, 7.x anterior a 7.1.6, y 8.x anterior a 8.0.6, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caí... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html •
CVSS: 8.8EPSS: 2%CPEs: 22EXPL: 0CVE-2015-1153 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2015-1153
07 May 2015 — WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154. WebKit, utilizado en Apple Safari anterior a 6.2.6, 7.x anterior a 7.1.6, y 8.x anterior a 8.0.6, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caí... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html •
CVSS: 8.8EPSS: 2%CPEs: 21EXPL: 0CVE-2015-1154 – Apple Security Advisory 2015-06-30-6
https://notcve.org/view.php?id=CVE-2015-1154
07 May 2015 — WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153. WebKit, utilizado en Apple Safari anterior a 6.2.6, 7.x anterior a 7.1.6, y 8.x anterior a 8.0.6, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de memoria (corrupción de memoria y caíd... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2015-1127 – Apple Security Advisory 2015-04-08-1
https://notcve.org/view.php?id=CVE-2015-1127
09 Apr 2015 — The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries. La implementación private-browsing en WebKit en Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5 coloca el historial de navegación en un indice, lo que podría permitir a usuarios locales obtener información sensible mediante la lectura de las ... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 19EXPL: 0CVE-2015-1112 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1112
09 Apr 2015 — Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file. Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, utilizado en iOS anterior a 8.3 y otras plataformas, no elimina correctamente los datos del historial de navegación del fichero history.plist, lo que permite a atacante... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2015-1129 – Apple Security Advisory 2015-04-08-1
https://notcve.org/view.php?id=CVE-2015-1129
09 Apr 2015 — Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site. Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5 no selecciona correctamente los certificados de clientes X.509, lo que facilita a atacantes remotos seguir usuarios a través de un sitio web manipulado. Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 are now available and address informat... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 18EXPL: 0CVE-2015-1128 – Apple Security Advisory 2015-04-08-1
https://notcve.org/view.php?id=CVE-2015-1128
09 Apr 2015 — The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests. La implementación private-browsing en Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5 permite a atacantes obtener información sensible del historial de navegación a través de vectores que involucran solicitudes 'push-notification'. Safari 8.0.5, Safari 7.1.5, and... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 89%CPEs: 19EXPL: 1CVE-2015-1126 – Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft
https://notcve.org/view.php?id=CVE-2015-1126
09 Apr 2015 — WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors. WebKit, utilizado en Apple iOS anterior a 8.3 y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, no maneja correctamente el campo userinfo en las URLs FTP, lo que permite a atacantes remotos provocar el acceso a recursos inc... • https://packetstorm.news/files/id/180601 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 21EXPL: 0CVE-2015-1119 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1119
09 Apr 2015 — WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. WebKit, utilizado en Apple iOS anterior a 8.3, Apple TV anterior a 7.2, y Apple Safari anterior a 6.2.... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html •