CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5783 – Apple Security Advisory 2015-08-13-2
https://notcve.org/view.php?id=CVE-2015-5783
13 Aug 2015 — IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3770. Vulnerabilidad en IOGraphics en Apple OS X en versiones anteriores a 10.10.5, permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada, una vulnerabilidad diferente a CVE-2015-3770. OS X Yosemite 10.10.5 and Security Update 201... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2015-5784 – Apple Mac OSX Install.Framework - Arbitrary mkdir / unlink and chown to Admin Group
https://notcve.org/view.php?id=CVE-2015-5784
13 Aug 2015 — runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app. Vulnerabilidad en runner en Install.framework en el componente Install Framework Legacy en Apple OS X en versiones anteriores a 10.10.5, no elimina correctamente los privilegios, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicació... • https://packetstorm.news/files/id/133549 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 4CVE-2015-5522 – Debian Security Advisory 3309-1
https://notcve.org/view.php?id=CVE-2015-5522
20 Jul 2015 — Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. Desbordamiento de buffer basado en memoria dinámica en la función ParseValue en lexer.c en tidy en versiones anteriores a 4.9.31, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores implicando un carácter de comando en un href. Fernando Munoz discovered that HTML Tidy ... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 3CVE-2015-5523 – Debian Security Advisory 3309-1
https://notcve.org/view.php?id=CVE-2015-5523
20 Jul 2015 — The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. Vulnerabilidad en la función ParseValue en lexer.c en tidy en versiones anteriores a 4.9.31, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores implicando múltiples espacios en blanco antes de un href vacío, lo que desencadena una asig... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-7422 – Gentoo Linux Security Advisory 201507-11
https://notcve.org/view.php?id=CVE-2013-7422
10 Jul 2015 — Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. Desbordamiento inferior de enteros en regcomp.c en Perl en versiones anteriores a 5.20, tal como se utiliza en Apple OS X en versiones anteriores a 10.10.5 y otros productos, permite a atacantes depe... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-189: Numeric Errors •
CVSS: 5.3EPSS: 3%CPEs: 17EXPL: 0CVE-2015-1819 – libxml2: denial of service processing a crafted XML document
https://notcve.org/view.php?id=CVE-2015-1819
07 Jul 2015 — The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Vulnerabilidad en el xmlreader en libxml, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de datos XML manipulados, relacionada con un ataque XML Entity Expansión (XEE). A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3705 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3705
01 Jul 2015 — IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3706. IOAcceleratorFamily en Apple OS X anterior a 10.10.4 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada, una vulnerabilidad diferente a CVE-2015-3706. OS X Yosemite 10.10.4 and Security Up... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3676 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3676
01 Jul 2015 — AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information via a crafted app. AppleGraphicsControl en Apple OS X anterior a 10.10.4 permite a atacantes obtener información sensible de la estructura de la memoria a través de una aplicación manipulada. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary code execution, access bypass, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3677 – Apple OS X LZVN DMG Information Disclosure Vulnerabillity
https://notcve.org/view.php?id=CVE-2015-3677
01 Jul 2015 — The LZVN compression feature in AppleFSCompression in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. La característica de compresión LZVN en AppleFSCompression en Apple OS X anterior a 10.10.4 permite a atacantes obtener información sensible de la estructura de la memoria para el kernel a través de una aplicación manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS ... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 5%CPEs: 3EXPL: 0CVE-2015-3688 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3688
01 Jul 2015 — CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689. CoreText en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de texto manipulado, una vulnerabil... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •