CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5878
https://notcve.org/view.php?id=CVE-2015-5878
09 Oct 2015 — Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors. Notes en Apple OS X en versiones anteriores a 10.11 no analiza links, lo que permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5883
https://notcve.org/view.php?id=CVE-2015-5883
09 Oct 2015 — The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence. Las implementaciones de visualización de texto bidireccional y selección de texto en Terminal en Apple OS X en versiones anteriores 10.11 interpreta caracteres de formato de sobreescritura de dirección de manera distinta, lo que permite ... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5884
https://notcve.org/view.php?id=CVE-2015-5884
09 Oct 2015 — The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment. La funcionalidad de Mail Drop en Mail en Apple OS X en versiones anteriores a 10.11 no maneja correctamente los parámetros de cifrado para los documentos adjuntos, lo que hace más fácil para atacantes remotos obtener información sens... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5887
https://notcve.org/view.php?id=CVE-2015-5887
09 Oct 2015 — The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data. La implementación del Handshake Protocol de TLS en Secure Transport en Apple OS X en versiones anteriores a 10.11 acepta un mensaje Certificate Request en una sesión en la cual no ha sido enviado un mensaje Server Key Exchange, lo ... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-17: DEPRECATED: Code •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5888
https://notcve.org/view.php?id=CVE-2015-5888
09 Oct 2015 — The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file. El componente Install Framework Legacy en Apple OS X en versiones anteriores a 10.11 permite a usuarios locales obtener privilegios de root a través de vectores que implican un archivo ejecutable privilegiado. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5890
https://notcve.org/view.php?id=CVE-2015-5890
09 Oct 2015 — IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873. IOGraphics en Apple OS X en versiones anteriores a 10.11 permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-5871, CVE-2015-5872 y CVE-2015-5873. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5891
https://notcve.org/view.php?id=CVE-2015-5891
09 Oct 2015 — The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. La implementación SMB en el kernel en Apple OS X en versiones anteriores a 10.11 permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5893
https://notcve.org/view.php?id=CVE-2015-5893
09 Oct 2015 — SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. SMBClient en SMB en Apple OS X en versiones anteriores a 10.11 permite a usuarios locales obtener información sensible de la estructura de memoria del kernel a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5894
https://notcve.org/view.php?id=CVE-2015-5894
09 Oct 2015 — The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. La implementación del certificado de confianza X.509 en Apple OS X en versiones anteriores a 10.11 no reconoce que el indicador kSecRevocationRequirePositiveResponse implica un requerimiento de control de rev... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-17: DEPRECATED: Code •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5897
https://notcve.org/view.php?id=CVE-2015-5897
09 Oct 2015 — The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework. El framework Address Book en Apple OS X en versiones anteriores a 10.11 permite a usuarios locales obtener privilegios utilizando una variable de entorno para inyectar código en procesos que dependen de este framework. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-264: Permissions, Privileges, and Access Controls •