CVSS: 7.8EPSS: 9%CPEs: 1EXPL: 2CVE-2015-3673 – Apple Mac OSX Entitlements - 'Rootpipe' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-3673
01 Jul 2015 — Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility. Admin Framework en Apple OS X anterior a 10.10.4 no restringe correctamente la localización de los clientes writeconfig, lo que permite a usuarios locales obtener privilegios root mediante el traslado y posterior modificación de Directory Utility. OS X Yosemite 10.10.4 and Security Update 2015-005 are n... • https://packetstorm.news/files/id/133361 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-3674 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3674
01 Jul 2015 — afpserver in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. afpserver en Apple OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary code execution, access bypass, and vari... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3675 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3675
01 Jul 2015 — The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL. La configuración por defecto en Apache HTTP Server en Apple OS X anterior a 10.10.4 no habilita el módulo mod_hfs_apple, lo que permite a atacantes remotos evadir la autenticación HTTP a través de una URL manipulada. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege es... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3676 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3676
01 Jul 2015 — AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information via a crafted app. AppleGraphicsControl en Apple OS X anterior a 10.10.4 permite a atacantes obtener información sensible de la estructura de la memoria a través de una aplicación manipulada. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary code execution, access bypass, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3677 – Apple OS X LZVN DMG Information Disclosure Vulnerabillity
https://notcve.org/view.php?id=CVE-2015-3677
01 Jul 2015 — The LZVN compression feature in AppleFSCompression in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. La característica de compresión LZVN en AppleFSCompression en Apple OS X anterior a 10.10.4 permite a atacantes obtener información sensible de la estructura de la memoria para el kernel a través de una aplicación manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS ... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3678 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3678
01 Jul 2015 — AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified Thunderbolt commands. AppleThunderboltEDMService en Apple OS X anterior a 10.10.4 permite a usuarios locales ganar privilegios o causar una denegación de servicio (corrupción de memoria) a través de comandos Thunderbolt no especificados. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary co... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-3679 – Apple OS X morx nSubtables Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3679
01 Jul 2015 — Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3680, CVE-2015-3681, and CVE-2015-3682. Apple Type Services (ATS) en Apple OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado, una vulnerabilidad diferente a CVE-2015-3680... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-3680 – Apple OS X DFont FOND Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3680
01 Jul 2015 — Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3681, and CVE-2015-3682. Apple Type Services (ATS) en Apple OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado, una vulnerabilidad diferente a CVE-2015-3679... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-3681 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3681
01 Jul 2015 — Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3680, and CVE-2015-3682. Apple Type Services (ATS) en Apple OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de fuentes manipulado, una vulnerabilidad diferente a CV... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-3682 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3682
01 Jul 2015 — Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3680, and CVE-2015-3681. Apple Type Services (ATS) en Apple OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un ficheros de fuentes manipulado, una vulnerabilidad diferente a C... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •