CVSS: 8.8EPSS: 4%CPEs: 21EXPL: 0CVE-2015-1120 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1120
09 Apr 2015 — WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. WebKit, utilizado en Apple iOS anterior a 8.3, Apple TV anterior a 7.2, y Apple Safari anterior a 6.2.... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2015-1129 – Apple Security Advisory 2015-04-08-1
https://notcve.org/view.php?id=CVE-2015-1129
09 Apr 2015 — Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site. Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5 no selecciona correctamente los certificados de clientes X.509, lo que facilita a atacantes remotos seguir usuarios a través de un sitio web manipulado. Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 are now available and address informat... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 18EXPL: 0CVE-2015-1128 – Apple Security Advisory 2015-04-08-1
https://notcve.org/view.php?id=CVE-2015-1128
09 Apr 2015 — The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests. La implementación private-browsing en Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5 permite a atacantes obtener información sensible del historial de navegación a través de vectores que involucran solicitudes 'push-notification'. Safari 8.0.5, Safari 7.1.5, and... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 2%CPEs: 21EXPL: 0CVE-2015-1121 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1121
09 Apr 2015 — WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. WebKit, utilizado en Apple iOS anterior a 8.3, Apple TV anterior a 7.2, y Apple Safari anterior a 6.2.... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html •
CVSS: 4.3EPSS: 89%CPEs: 19EXPL: 1CVE-2015-1126 – Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft
https://notcve.org/view.php?id=CVE-2015-1126
09 Apr 2015 — WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors. WebKit, utilizado en Apple iOS anterior a 8.3 y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, no maneja correctamente el campo userinfo en las URLs FTP, lo que permite a atacantes remotos provocar el acceso a recursos inc... • https://packetstorm.news/files/id/180601 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 21EXPL: 0CVE-2015-1124 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1124
09 Apr 2015 — WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. WebKit, utilizado en Apple iOS anterior a 8.3, Apple TV anterior a 7.2, y Apple Safari anterior a 6.2.... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html •
CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0CVE-2015-1084 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1084
18 Mar 2015 — The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. La interfaz de usuario en WebKit, usada en Apple Safari anterior a 6.2.4, 7.x anterior a 7.1.4, y 8.x anterior a 8.0.4, no muestra URL's de forma consistente, lo que hace más fácil para atacantes remotos llevar a cabo ataques de phishing a través de una URL modificada. Various ... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-17: DEPRECATED: Code •
CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0CVE-2015-1070 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1070
18 Mar 2015 — WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. WebKit, utilizado en Apple Safari anterior a 6.2.4, 7.x anterior a 7.1.4, y 8.x anterior a 8.0.4, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de me... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0CVE-2015-1071 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1071
18 Mar 2015 — WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. WebKit, utilizado en Apple Safari anterior a 6.2.4, 7.x anterior a 7.1.4, y 8.x anterior a 8.0.4, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de me... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0CVE-2015-1079 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1079
18 Mar 2015 — WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. WebKit, usado en Apple Safari anterior a 6.2.4, 7.x anterior a 7.1.4, y 8.x anterior a 8.0.4, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memori... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html • CWE-399: Resource Management Errors •