CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3799 – Apple OS X iCloud Account Authentication Elevation Of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2015-3799
13 Aug 2015 — The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app. Vulnerabilidad en el plug-in de Apple ID OD en Apple OS X en versiones anteriores a 10.10.5, permite a atacantes cambiar las contraseñas de usuarios arbitrarios a través de una aplicación manipulada. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must have shell access to exploit this vulnerability, however Guest acc... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-255: Credentials Management Errors •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3802 – Apple Security Advisory 2016-02-25-1
https://notcve.org/view.php?id=CVE-2015-3802
13 Aug 2015 — Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805. Vulnerabilidad en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a usuarios locales eludir un mecanismo de protección de firma de código a través de un archivo Mach-O manipulado, una vulnerabilidad diferente a CVE-2015-3805. OS X Yosemite 10.10.5 and Security Update 2015-006 is now ... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3768 – Apple Security Advisory 2016-02-25-1
https://notcve.org/view.php?id=CVE-2015-3768
13 Aug 2015 — Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls. Desbordamiento de enteros en el kernel de Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de aplicaciones manipuladas que realizan llamadas no especificadas a la API IOKit. OS X Yosemite... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-189: Numeric Errors •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3774 – Apple Security Advisory 2015-08-13-2
https://notcve.org/view.php?id=CVE-2015-3774
13 Aug 2015 — The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream. Vulnerabilidad en la aplicación Diccionario de Apple OS X en versiones anteriores a 10.10.5, no utiliza HTTPS, lo que permite a atacantes man-in-the middle obtener información sensible rastreando la red o falsificar definiciones de palabras modificando el flujo de datos de cli... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3776 – Apple Security Advisory 2016-02-25-1
https://notcve.org/view.php?id=CVE-2015-3776
13 Aug 2015 — IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist. Vulnerabilidad en IOKit en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de una plist ma... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-3794 – Apple Security Advisory 2015-08-13-2
https://notcve.org/view.php?id=CVE-2015-3794
13 Aug 2015 — The Speech UI in Apple OS X before 10.10.5, when speech alerts are enabled, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Unicode string. Vulnerabilidad en la Speech UI en Apple OS X en versiones anteriores a 10.10.5, cuando las alertas de habla están habilitadas, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de una ca... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3777 – Apple Security Advisory 2015-08-13-2
https://notcve.org/view.php?id=CVE-2015-3777
13 Aug 2015 — Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow local users to gain privileges via XPC messages. Vulnerabilidad de desbordamiento de búfer múltiple en blued en el subsistema de Bluetooth en Apple OS X en versiones anteriores a 10.10.5, permite a usuarios locales obtener privilegios a través de mensajes XPC. OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache, the OD plug-in, IOBluetoothHCIController, and... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 36%CPEs: 2EXPL: 0CVE-2015-3792 – Apple Security Advisory 2015-08-20-1
https://notcve.org/view.php?id=CVE-2015-3792
13 Aug 2015 — QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. Vulnerabilidad en QuickTime 7 en Apple OS X en versiones anteriores a 10.10.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3803 – Apple Security Advisory 2016-02-25-1
https://notcve.org/view.php?id=CVE-2015-3803
13 Aug 2015 — Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file. Vulnerabilidad en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a usuarios locales eludir un mecanismo de protección de firma de código a través de un archivo de arquitectura múltiple ejecutable manipulado. OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities ... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3780 – Apple Security Advisory 2015-08-13-2
https://notcve.org/view.php?id=CVE-2015-3780
13 Aug 2015 — The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. Vulnerabilidad en el subsistema de Bluetooth en Apple OS X en versiones anteriores a 10.10.5, permite a atacantes obtener información sensible de la estructura de la memoria del kernel a través de una aplicación manipulada. OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache, the OD plug-in, IOBluetoothHCIControl... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •