CVSS: 8.8EPSS: 5%CPEs: 3EXPL: 0CVE-2015-3688 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3688
01 Jul 2015 — CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689. CoreText en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de texto manipulado, una vulnerabil... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3720 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3720
01 Jul 2015 — The kernel in Apple OS X before 10.10.4 does not properly manage memory in kernel-extension APIs, which allows attackers to obtain sensitive memory-layout information via a crafted app. El kernel en Apple OS X anterior a 10.10.4 no maneja correctamente la memoria en las APIs de extensión del kernel, lo que permite a atacantes obtener información sensible de la estructura de la memoria a través de una aplicación manipulada. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address priv... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3675 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3675
01 Jul 2015 — The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL. La configuración por defecto en Apache HTTP Server en Apple OS X anterior a 10.10.4 no habilita el módulo mod_hfs_apple, lo que permite a atacantes remotos evadir la autenticación HTTP a través de una URL manipulada. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege es... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 5%CPEs: 3EXPL: 0CVE-2015-3687 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3687
01 Jul 2015 — CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3688, and CVE-2015-3689. CoreText en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de texto manipulado, una vulnerabil... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3692 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3692
01 Jul 2015 — Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges. Apple Mac EFI anterior a 2015-001, utilizado en OS X anterior a 10.10.4 y otros productos, no refuerza un mecanismo de protección de bloqueo cuando se reactiva el ordenador después de un descanso, lo que permite a usuarios locales realizar ataques de Flash EFI mediant... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3683 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3683
01 Jul 2015 — The Bluetooth HCI interface implementation in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. La implementación de la interfaz Bluetooth HCI en Apple OS X anterior a 10.10.4 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada. OS X Yosemite 10.10.4 and Security Update 2015-005 ... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3712 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3712
01 Jul 2015 — The NVIDIA graphics driver in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds write) via a crafted app. El controlador de gráficos NVIDIA en Apple OS X anterior a 10.10.4 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (escritura fuera de rango) a través de una aplicación manipulada. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and ad... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 5%CPEs: 3EXPL: 0CVE-2015-3686 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3686
01 Jul 2015 — CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689. CoreText en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de texto manipulado, una vulnerabil... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2015-3704 – Apple Mac OSX - Install.framework suid Helper Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-3704
01 Jul 2015 — runner in Install.framework in the Install Framework Legacy subsystem in Apple OS X before 10.10.4 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app. runner en Install.framework en el subsistema Install Framework Legacy en Apple OS X anterior a 10.10.4 no elimina correctamente los privilegios, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. OS X Yosemite 10.10.... • https://packetstorm.news/files/id/133547 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 10%CPEs: 1EXPL: 0CVE-2015-3679 – Apple OS X morx nSubtables Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3679
01 Jul 2015 — Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3680, CVE-2015-3681, and CVE-2015-3682. Apple Type Services (ATS) en Apple OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado, una vulnerabilidad diferente a CVE-2015-3680... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •