CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2015-5903 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5903
18 Sep 2015 — The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896. Vulnerabilidad en el kernel en Apple iOS en versiones anteriores a 9, permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-5868 y CVE-2015-5896. OS X El Capitan 10.11 is ... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5912 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5912
18 Sep 2015 — The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. Vulnerabilidad en el componente CFNetwork FTPProtocol en Apple iOS en versiones anteriores a 9, permite a los servidores proxy FTP remotos activar los intentos de conexión TCP a los hosts de la intranet a través de respuestas manipuladas. OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior r... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-17: DEPRECATED: Code •
CVSS: 5.3EPSS: 61%CPEs: 2EXPL: 2CVE-2015-6908 – OpenLDAP 2.4.42 - ber_get_next Denial of Service
https://notcve.org/view.php?id=CVE-2015-6908
11 Sep 2015 — The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. Vulnerabilidad en la función ber_get_next en libraries/liblber/io.c en OpenLDAP 2.4.42 y versiones anteriores, permite a atacantes remotos causar una denegación de servicio (aserción accesible y caída de la aplicación) a través de datos BER manipulados, según lo dem... • https://www.exploit-db.com/exploits/38145 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6563 – openssh: Privilege separation weakness related to PAM support
https://notcve.org/view.php?id=CVE-2015-6563
24 Aug 2015 — The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. Vulnerabilidad en el componente monitor en sshd en OpenSSH en versiones anteriores a 7.0 en plataformas no OpenBSD, acepta datos de nombre de... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html • CWE-20: Improper Input Validation CWE-266: Incorrect Privilege Assignment •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5747 – Apple Security Advisory 2015-08-13-2
https://notcve.org/view.php?id=CVE-2015-5747
13 Aug 2015 — The fasttrap driver in the kernel in Apple OS X before 10.10.5 allows local users to cause a denial of service (resource consumption) via unspecified vectors. Vulnerabilidad en el driver fasttrap en el kernel de Apple OS X en versiones anteriores a 10.10.5, permite a usuarios locales causar una denegación de servicio (consumo de recursos) a través de vectores no especificados. OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache, the OD plug-in, IOBluet... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5748 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5748
13 Aug 2015 — The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume. Vulnerabilidad en el kernel en Apple OS X en versiones anteriores a 10.10.5, no monta adecuadamente volúmenes HFS, lo que permite a usuarios locales causar una denegación de servicio a través de un volumen manipulado. OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache, the OD plug-in, IOBluetoothHCICo... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-17: DEPRECATED: Code •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5750 – Apple Security Advisory 2015-08-13-2
https://notcve.org/view.php?id=CVE-2015-5750
13 Aug 2015 — Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode characters. Vulnerabilidad en Data Detectors Engine en Apple OS X en versiones anteriores a 10.10.5, permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de una serie de caracteres Unicode manipulados. OS X Yosemite 10.10.5 and... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-5751 – Apple Security Advisory 2015-08-20-1
https://notcve.org/view.php?id=CVE-2015-5751
13 Aug 2015 — QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5753, and CVE-2015-5779. Vulnerabilidad en QuickTime 7 en Apple OS X en versiones anteriores a 10.10.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-5753 – Apple Security Advisory 2015-08-13-2
https://notcve.org/view.php?id=CVE-2015-5753
13 Aug 2015 — QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5779. Vulnerabilidad en QuickTime 7 en Apple OS X en versiones anteriores a 10.10.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 23%CPEs: 1EXPL: 2CVE-2015-5754 – Apple Mac OSX Install.Framework - SUID Root Runner Binary Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-5754
13 Aug 2015 — Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error. Vulnerabilidad de condición de carrera en hilos corriendo en Install.framework en el componente Install Framework Legacy en Apple OS X en versiones anteriores a 10.10.5, permite a atacantes ejecutar código arbitrario en un contexto c... • https://packetstorm.news/files/id/133550 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •