CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 4CVE-2015-5889 – Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-5889
01 Oct 2015 — rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables. rsh en el componente remote_cmds en Apple OS X en versiones anteriores a 10.11 permite a usuarios locales obtener privilegios de root a través de vectores que implican variables de entorno. OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases. • https://packetstorm.news/files/id/133826 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5890 – Apple Security Advisory 2015-09-30-03
https://notcve.org/view.php?id=CVE-2015-5890
01 Oct 2015 — IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873. IOGraphics en Apple OS X en versiones anteriores a 10.11 permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-5871, CVE-2015-5872 y CVE-2015-5873. OS... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5891 – Apple Security Advisory 2015-09-30-03
https://notcve.org/view.php?id=CVE-2015-5891
01 Oct 2015 — The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. La implementación SMB en el kernel en Apple OS X en versiones anteriores a 10.11 permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior rel... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5893 – Apple Security Advisory 2015-09-30-03
https://notcve.org/view.php?id=CVE-2015-5893
01 Oct 2015 — SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. SMBClient en SMB en Apple OS X en versiones anteriores a 10.11 permite a usuarios locales obtener información sensible de la estructura de memoria del kernel a través de vectores no especificados. OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5894 – Apple Security Advisory 2015-09-30-03
https://notcve.org/view.php?id=CVE-2015-5894
01 Oct 2015 — The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. La implementación del certificado de confianza X.509 en Apple OS X en versiones anteriores a 10.11 no reconoce que el indicador kSecRevocationRequirePositiveResponse implica un requerimiento de control de rev... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-17: DEPRECATED: Code •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5897 – Apple Security Advisory 2015-09-30-03
https://notcve.org/view.php?id=CVE-2015-5897
01 Oct 2015 — The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework. El framework Address Book en Apple OS X en versiones anteriores a 10.11 permite a usuarios locales obtener privilegios utilizando una variable de entorno para inyectar código en procesos que dependen de este framework. OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior rel... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5900 – Apple Security Advisory 2015-09-30-03
https://notcve.org/view.php?id=CVE-2015-5900
01 Oct 2015 — The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address. El registro de rango protegido en el componente EFI en Apple OS X en versiones anteriores a 10.11 tiene un valor incorrecto, lo que permite a atacantes causar una denegación de servicio (fallo de arranque) a través de una aplicación manipulada que escribe a una dirección no intencionada.... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-254: 7PK - Security Features •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5901 – Apple Security Advisory 2015-09-30-03
https://notcve.org/view.php?id=CVE-2015-5901
01 Oct 2015 — The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive. La funcionalidad Secure Empty Trash en Apple OS X en versiones anteriores a 10.11 no borra adecuadamente los archivos Trash, lo que podría permitir a usuarios locales obtener información sensible medainte la lectura del almacenamiento multimedia, según lo demostrado mediante la lec... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5902 – Apple Security Advisory 2015-09-30-03
https://notcve.org/view.php?id=CVE-2015-5902
01 Oct 2015 — The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors. La funcionalidad de depuración en el kernel en Apple OS X en versiones anteriores a 10.11 no gestiona correctamente el estado, lo que permite a usuarios locales provocar una denegación de servicio a través de vectores no especificados. OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5870 – Apple Security Advisory 2015-09-30-03
https://notcve.org/view.php?id=CVE-2015-5870
01 Oct 2015 — The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors. Las interfaces de depuración en el kernel en Apple OS X en versiones anteriores a 10.11 permiten a usuarios locales obtener información sensible de la estructura de memoria a través de vectores no especificados. OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •