CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3709 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3709
01 Jul 2015 — Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation. Condición de carrera en kext tools en Apple OS X anterior a 10.10.4 permite a usuarios locales evadir los requerimientos de firmas para las extensiones del kernel mediante el aprovechamiento de la validación de nombres de ruta incorrecta. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privile... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3710 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3710
01 Jul 2015 — Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message. Mail en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos provocar una operación de actualización, y como consecuencia causar una visita a un sitio web arbitrario, a través de un mensaje de email HTML manipulado. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available ... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-254: 7PK - Security Features •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3711 – Apple OS X NTFS Compression Block Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-3711
01 Jul 2015 — The NTFS implementation in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. La implementación NTFS en Apple OS X anterior a 10.10.4 permite a atacantes obtener información sensible de la estructura de la memoria para el kernel a través de una aplicación manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability i... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-3713 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3713
01 Jul 2015 — QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file. QuickTime en Apple OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de película manipulado. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary code execution, access bypass,... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3714 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3714
01 Jul 2015 — Apple OS X before 10.10.4 does not properly consider custom resource rules during app signature verification, which allows attackers to bypass intended launch restrictions via a modified app. Apple OS X anterior a 10.10.4 no considera correctamente las reglas de recursos personalizadas durante la verificación de firmas de aplicaciones, lo que permite a atacantes evadir las restricciones de lanzamiento a través de una aplicación modificada. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-254: 7PK - Security Features •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3715 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3715
01 Jul 2015 — The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrictions via a crafted library. La implementación de firmas de código en Apple OS X anterior a 10.10.4 no considera correctamente las librerías que están externas al paquete de una aplicación, lo que permite a atacantes evadir las restricciones de lanzamiento a través de una librería manipulada. OS X Yosemite 10.10.... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3716 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3716
01 Jul 2015 — Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library. Spotlight en Apple OS X anterior a 10.10.4 permite a atacantes ejecutar comandos arbitrarios a través de un nombre manipulado de un fichero de fotos dentro de la librería de fotos local. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary code execution, access bypass, and various other vulnerabil... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2015-3717 – SQLite printf Format String Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3717
01 Jul 2015 — Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Múltiples desbordamientos de buffer en la funcionalidad printf en SQLite, utilizado en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4, permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de ve... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-3718 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3718
01 Jul 2015 — systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a "type confusion" issue. systemstatsd en el subsistema System Stats en Apple OS X anterior a 10.10.4 no interpreta correctamente los tipos de datos encontrados en la comunicación de interprocesos, lo que permite a atacantes ejecutar código arbitrari... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-3719 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3719
01 Jul 2015 — TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694. TrueTypeScaler en FontParser en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de fuentes manipulado, una vulnerabilidad di... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •