CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-3804 – Apple Security Advisory 2016-02-25-1
https://notcve.org/view.php?id=CVE-2015-3804
13 Aug 2015 — FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775. Vulnerabilidad en FontParser en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de ... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3805 – Apple Security Advisory 2016-02-25-1
https://notcve.org/view.php?id=CVE-2015-3805
13 Aug 2015 — Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802. Vulnerabilidad en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a usuarios locales eludir un mecanismo de protección de firma de código a través de un archivo Mach-O manipulado, una vulnerabilidad diferente a CVE-2015-3802. OS X Yosemite 10.10.5 and Security Update 2015-006 is now ... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3806 – Apple Security Advisory 2016-02-25-1
https://notcve.org/view.php?id=CVE-2015-3806
13 Aug 2015 — Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file. Vulnerabilidad en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a usuarios locales eludir un mecanismo de protección de firma de código añadiendo código a un archivo ejecutable manipulado. OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache, the OD pl... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2015-3807 – Apple Security Advisory 2015-12-08-1
https://notcve.org/view.php?id=CVE-2015-3807
13 Aug 2015 — libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document. Vulnerabilidad en libxml2 en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes remotos obtener información sensible de la memoria del proceso o causar una denegación de servicio (corrupción de memoria) a través de un documento XML manipulado. OS X... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 18%CPEs: 1EXPL: 1CVE-2015-3783 – Apple qlmanage - SceneKit::daeElement::setElementName Heap Overflow
https://notcve.org/view.php?id=CVE-2015-3783
13 Aug 2015 — SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. Vulnerabilidad en SceneKit en Apple OS X en versiones anteriores a 10.10.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores no especificados. OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and a... • https://www.exploit-db.com/exploits/38264 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 24%CPEs: 18EXPL: 0CVE-2015-3185 – httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4
https://notcve.org/view.php?id=CVE-2015-3185
20 Jul 2015 — The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. Vulnerabilidad en la función ap_some_auth_required en ap_some_auth_required del Servidor HTTP Apache en s... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 8%CPEs: 5EXPL: 0CVE-2015-0253 – httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path
https://notcve.org/view.php?id=CVE-2015-0253
20 Jul 2015 — The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI. La función read_request_line en server/protocol.c del Servidor HTTP Apache en su versión 2.4.12 no inicializa el pro... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 12%CPEs: 9EXPL: 4CVE-2015-5522 – Debian Security Advisory 3309-1
https://notcve.org/view.php?id=CVE-2015-5522
20 Jul 2015 — Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. Desbordamiento de buffer basado en memoria dinámica en la función ParseValue en lexer.c en tidy en versiones anteriores a 4.9.31, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores implicando un carácter de comando en un href. Fernando Munoz discovered that HTML Tidy ... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 9%CPEs: 9EXPL: 3CVE-2015-5523 – Debian Security Advisory 3309-1
https://notcve.org/view.php?id=CVE-2015-5523
20 Jul 2015 — The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. Vulnerabilidad en la función ParseValue en lexer.c en tidy en versiones anteriores a 4.9.31, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores implicando múltiples espacios en blanco antes de un href vacío, lo que desencadena una asig... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-7422 – Gentoo Linux Security Advisory 201507-11
https://notcve.org/view.php?id=CVE-2013-7422
10 Jul 2015 — Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. Desbordamiento inferior de enteros en regcomp.c en Perl en versiones anteriores a 5.20, tal como se utiliza en Apple OS X en versiones anteriores a 10.10.5 y otros productos, permite a atacantes depe... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-189: Numeric Errors •