CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7020 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-7020
21 Oct 2015 — The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7019. El controlador NVIDIA en el subsistema Graphics Drivers en Apple OS X en versiones anteriores a 10.11.1 permite a usuarios locales obtener información sensible de la memoria del kernel o provocar una denegación de servicio ... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7021 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-7021
21 Oct 2015 — The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or cause a denial of service (kernel memory corruption) via unspecified vectors. El subsistema Graphics Drivers en Apple OS X en versiones anteriores a 10.11.1 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria del kernel) a través de vectores no especificados. OS X El Capitan 10.11.1 and Security Update 2015-007 are now available and address memory corru... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7023 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-7023
21 Oct 2015 — CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. CFNetwork en Apple iOS en versiones anteriores a 9.1 y OS X en versiones anteriores a 10.11.1 no considera adecuadamente la distinción de mayúsculas frente a minúsculas durante el análisis de cookie, lo que permite a servidores web remotos sobrescribir cookies a través de vectores n... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html • CWE-17: DEPRECATED: Code •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7035 – Apple Security Advisory 2015-10-21-4
https://notcve.org/view.php?id=CVE-2015-7035
21 Oct 2015 — Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors. Apple Mac EFI en versiones anteriores a 2015-002, tal como se utiliza en OS X en versiones anteriores a 10.11.1 y otros productos, no maneja correctamente argumentos, lo que permite a atacantes llegar a las funciones 'unused' a través de vectores no especificados. OS X El Capitan 10.11.1 and Security Update 2015-007 are now availa... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7760
https://notcve.org/view.php?id=CVE-2015-7760
09 Oct 2015 — libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different vulnerability than CVE-2015-7761. libxpc en launchd en Apple OS X en versiones anteriores a 10.11 no restringe la creación de procesos para conexiones de red, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos) conectando r... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7761
https://notcve.org/view.php?id=CVE-2015-7761
09 Oct 2015 — Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760. Mail en Apple OS X en versiones anteriores a 10.11 no reconoce correctamente las preferencias de usuario, lo que permite a atacantes obtener información sensible a través de una acción no especificada durante la impresión de un mensaje de correo electrónico, una vu... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5830 – Apple Security Advisory 2015-09-30-03
https://notcve.org/view.php?id=CVE-2015-5830
01 Oct 2015 — The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877. El componente Intel Graphics Driver en Apple OS X en versiones anteriores 10.11 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-5877. OS X El Capitan 1... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5833 – Apple Security Advisory 2015-09-30-03
https://notcve.org/view.php?id=CVE-2015-5833
01 Oct 2015 — The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation. El componente Login Window en Apple OS X en versiones anteriores a 10.11 no asegura que la pantalla esté bloqueada el tiempo previsto, lo que permite a atacantes físicamente próximos obtener acceso visitando una estación de trabajo desatendida. OS X El Capitan 10.11 is now available and addres... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-254: 7PK - Security Features •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5836 – Apple Security Advisory 2015-09-30-03
https://notcve.org/view.php?id=CVE-2015-5836
01 Oct 2015 — Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app. Apple Online Store Kit en Apple OS X en versiones anteriores a 10.11 valida de manera incorrecta el elemento ACLs del llavero, lo que permite a atacantes obtener acceso a elementos del llavero a través de una app manipulada. OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releas... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5849 – Apple Security Advisory 2015-09-30-03
https://notcve.org/view.php?id=CVE-2015-5849
01 Oct 2015 — The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection. La implementación de filtrado en AppleEvents en Apple OS X en versiones anterioes a 10.11 no maneja correctamente los intentos de enviar eventos a un usuario diferente, lo que permite a atacantes eludir las restricciones destinadas al acceso aprovechando una conexión de pantalla ... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-264: Permissions, Privileges, and Access Controls •