35 results (0.014 seconds)

CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Se abordó un problema de lógica con una administración de estados mejorada. Este problema es corregido en iOS versión 15.3 y iPadOS versión 15.3, watchOS versión 8.4, tvOS versión 15.3, Safari versión 15.3, macOS Monterey versión 12.2. • https://security.gentoo.org/glsa/202208-39 https://support.apple.com/en-us/HT213053 https://support.apple.com/en-us/HT213054 https://support.apple.com/en-us/HT213057 https://support.apple.com/en-us/HT213058 https://support.apple.com/en-us/HT213059 https://access.redhat.com/security/cve/CVE-2022-22592 https://bugzilla.redhat.com/show_bug.cgi?id=2053185 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 4.3EPSS: 0%CPEs: 91EXPL: 0

Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la app GoodReader v3.16 y anteriores para iOS en iPad, y v3.15.1 y anteriores para IOS en iPhone e iPod touch, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores que implican el uso de la aplicación junto a un navegador. • http://jvn.jp/en/jp/JVN01598734/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000073 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 93EXPL: 0

libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname. Libinfo en Apple iOS anterior a v5.0.1 no formula correctamente las preguntas de nombres de dominio, lo que permite a atacantes remotos obtener información sensible a través de un nombre de host DNS manipulado. • http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://support.apple.com/kb/HT5052 http://support.apple.com/kb/HT5130 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 1.2EPSS: 0%CPEs: 43EXPL: 0

The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. La función Passcode Lock en Apple iOS anterior a v5.0.1 en el iPad 2 no aplica correctamente el estado de bloqueo, lo que permite a atacantes físicamente próximos a acceder a los datos mediante la apertura de un Smart Cover durante el apagado de confirmación. • http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html http://support.apple.com/kb/HT5052 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 126EXPL: 0

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebKit, como se utiliza en Apple iOS antes de v5 y Safari antes de v5.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores que implican ventanas DOM inactivas. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76353 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50088 https://exchange.xforce.ibmcloud.com/vulnerabilities/70564 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •