CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5868 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5868
18 Sep 2015 — The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903. Vulnerabilidad en el kernel en Apple iOS en versiones anteriores a 9, permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-5896 y CVE-2015-5903. OS X El Capitan 10.11 is ... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2015-5869 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5869
18 Sep 2015 — The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. Vulnerabilidad en la implementación del protocolo Neighbor Discovery (ND) en la pila IPv6 en Apple iOS en versiones anteriores a 9, permite a atacantes remotos reconfigurar un ajuste de límite de salto a través de un valor hop_limit pequeño en un mensaje Router Advertisement (RA). OS X El Cap... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 4%CPEs: 4EXPL: 0CVE-2015-5874 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2015-5874
18 Sep 2015 — CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. Vulnerabilidad en CoreText en Apple iOS en versiones anteriores a 9 y iTunes en versiones anteriores a 12.3, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo de fuente manipulado. iTunes 12.3 is now available and addresses code execution, applic... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5876 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5876
18 Sep 2015 — dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Vulnerabilidad en dyld en Dev Tools en Apple iOS en versiones anteriores a 9, permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada. OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities tha... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 0CVE-2015-5879 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5879
18 Sep 2015 — XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header. Vulnerabilidad en XNU en el kernel en Apple iOS en versiones anteriores a 9, no valida adecuadamente las cabeceras de los paquetes TCP, lo que permite a atacantes remotos eludir el mecanismo de protección de secuencia numérica y causar una denegación de se... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5912 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5912
18 Sep 2015 — The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. Vulnerabilidad en el componente CFNetwork FTPProtocol en Apple iOS en versiones anteriores a 9, permite a los servidores proxy FTP remotos activar los intentos de conexión TCP a los hosts de la intranet a través de respuestas manipuladas. OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior r... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-17: DEPRECATED: Code •
CVSS: 5.3EPSS: 94%CPEs: 2EXPL: 2CVE-2015-6908 – OpenLDAP 2.4.42 - ber_get_next Denial of Service
https://notcve.org/view.php?id=CVE-2015-6908
11 Sep 2015 — The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. Vulnerabilidad en la función ber_get_next en libraries/liblber/io.c en OpenLDAP 2.4.42 y versiones anteriores, permite a atacantes remotos causar una denegación de servicio (aserción accesible y caída de la aplicación) a través de datos BER manipulados, según lo dem... • https://www.exploit-db.com/exploits/38145 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6563 – openssh: Privilege separation weakness related to PAM support
https://notcve.org/view.php?id=CVE-2015-6563
24 Aug 2015 — The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. Vulnerabilidad en el componente monitor en sshd en OpenSSH en versiones anteriores a 7.0 en plataformas no OpenBSD, acepta datos de nombre de... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html • CWE-20: Improper Input Validation CWE-266: Incorrect Privilege Assignment •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2015-3807 – Apple Security Advisory 2015-12-08-1
https://notcve.org/view.php?id=CVE-2015-3807
13 Aug 2015 — libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document. Vulnerabilidad en libxml2 en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes remotos obtener información sensible de la memoria del proceso o causar una denegación de servicio (corrupción de memoria) a través de un documento XML manipulado. OS X... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3775 – Apple Security Advisory 2015-08-13-2
https://notcve.org/view.php?id=CVE-2015-3775
13 Aug 2015 — Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors. Vulnerabilidad en Apple OS X en versiones anteriores a 10.10.5, no implementa adecuadamente la autenticación, lo que permite a usuarios locales obtener privilegios de administrador a través de vectores no especificados. OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache, the OD plug-in, IOBluetoothHCIContro... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-287: Improper Authentication •