CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-3747 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2015-3747
13 Aug 2015 — WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Vulnerabilidad en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 8.4.1 y en Safari en versiones anteriores a 6.2.8, 7.x versiones an... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-3748 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2015-3748
13 Aug 2015 — WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Vulnerabilidad en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 8.4.1 y en Safari en versiones anteriores a 6.2.8, 7.x versiones an... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-3749 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2015-3749
13 Aug 2015 — WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Vulnerabilidad en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 8.4.1 y en Safari en versiones anteriores a 6.2.8, 7.x en versiones... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.3EPSS: 0%CPEs: 5EXPL: 0CVE-2015-3750 – WebKitGTK+ 2.x Use-After-Free / DoS / Code Execution
https://notcve.org/view.php?id=CVE-2015-3750
13 Aug 2015 — WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream. Vulnerabilidad en WebKit en Apple Safari en versiones anteriores a 6.2.8, 7.x en versiones anteri... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html • CWE-254: 7PK - Security Features •
CVSS: 8.3EPSS: 2%CPEs: 4EXPL: 0CVE-2015-3751 – WebKitGTK+ 2.x Use-After-Free / DoS / Code Execution
https://notcve.org/view.php?id=CVE-2015-3751
13 Aug 2015 — WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element. Vulnerabilidad en WebKit en Apple Safari en versiones anteriores a 6.2.8, 7.x en versiones anteriores a 7.1.8 y 8.x en versiones anteriores a 8.0.8, tal como se utiliza en iOS en versiones anteriores a 8.4.1 y otros prod... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html • CWE-254: 7PK - Security Features •
CVSS: 5.3EPSS: 1%CPEs: 6EXPL: 0CVE-2015-3752 – Ubuntu Security Notice USN-2937-1
https://notcve.org/view.php?id=CVE-2015-3752
13 Aug 2015 — The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request. Vulnerabilidad en la implementación de Content Security Policy en WebKit en Apple Safari en versiones anteriores a 6.2.8, 7.x e... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0CVE-2015-3660 – Apple Security Advisory 2015-06-30-4
https://notcve.org/view.php?id=CVE-2015-3660
01 Jul 2015 — Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content. Vulnerabilidad de XSS en la funcionalidad PDF en WebKit en Apple Safari anterior a 6.2.7, 7.x anterior a 7.1.7, y 8.x anterior a 8.0.7 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada en contenido... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 0CVE-2015-3658 – Ubuntu Security Notice USN-2937-1
https://notcve.org/view.php?id=CVE-2015-3658
01 Jul 2015 — The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site. La funcionalidad Page Loading en WebKit en Apple Safari anterior a 6.2.7, 7.x anterior a 7.1.7, y 8.x anterior a 8.0.7, utilizado en Apple iOS anterior a 8.4 y... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 0CVE-2015-3659 – SQLite Default Value Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3659
01 Jul 2015 — The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. El autorizador SQLite en la funcionalidad Storage en WebKit en Apple Safari anterior a 6.2.7, 7.x anterior a 7.1.7, y 8.x anterior a 8.0.7, utilizad... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 0CVE-2015-3727 – WebKit WebSQL ALTER TABLE Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3727
01 Jul 2015 — WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site. WebKit en Apple Safari anterior a 6.2.7, 7.x anterior a 7.1.7, y 8.x anterior a 8.0.7, utilizado en Apple iOS anterior a 8.4 y otros productos, no restringe correctamente las operaciones de renombramiento en las tablas WebS... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •