CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3671 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3671
01 Jul 2015 — Admin Framework in Apple OS X before 10.10.4 does not properly verify XPC entitlements, which allows local users to bypass authentication and obtain admin privileges via unspecified vectors. Admin Framework en Apple OS X anterior a 10.10.4 no verifica correctamente los derechos XPC, lo que permite a usuarios locales evadir la autenticación y obtener privilegios de administración a través de vectores no especificados. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege ... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3700 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3700
01 Jul 2015 — Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3701, and CVE-2015-3702. Desbordamiento de buffer en Intel Graphics Driver en Apple OS X anterior a 10.10.4 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3695, CVE-2015-3696, CVE-201... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3711 – Apple OS X NTFS Compression Block Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-3711
01 Jul 2015 — The NTFS implementation in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. La implementación NTFS en Apple OS X anterior a 10.10.4 permite a atacantes obtener información sensible de la estructura de la memoria para el kernel a través de una aplicación manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability i... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3691 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3691
01 Jul 2015 — The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer. La extensión de kernel Monitor Control Command Set en el subsistema Display Drivers en Apple OS X anterior a 10.10.4 permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada que aprovecha el control del puntero de ... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-3681 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3681
01 Jul 2015 — Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3680, and CVE-2015-3682. Apple Type Services (ATS) en Apple OS X anterior a 10.10.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de fuentes manipulado, una vulnerabilidad diferente a CV... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3718 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3718
01 Jul 2015 — systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a "type confusion" issue. systemstatsd en el subsistema System Stats en Apple OS X anterior a 10.10.4 no interpreta correctamente los tipos de datos encontrados en la comunicación de interprocesos, lo que permite a atacantes ejecutar código arbitrari... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2015-3673 – Apple Mac OSX Entitlements - 'Rootpipe' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-3673
01 Jul 2015 — Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility. Admin Framework en Apple OS X anterior a 10.10.4 no restringe correctamente la localización de los clientes writeconfig, lo que permite a usuarios locales obtener privilegios root mediante el traslado y posterior modificación de Directory Utility. OS X Yosemite 10.10.4 and Security Update 2015-005 are n... • https://packetstorm.news/files/id/133361 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3701 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3701
01 Jul 2015 — Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, and CVE-2015-3702. Desbordamiento de buffer en Intel Graphics Driver en Apple OS X anterior a 10.10.4 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3695, CVE-2015-3696, CVE-201... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3678 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3678
01 Jul 2015 — AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified Thunderbolt commands. AppleThunderboltEDMService en Apple OS X anterior a 10.10.4 permite a usuarios locales ganar privilegios o causar una denegación de servicio (corrupción de memoria) a través de comandos Thunderbolt no especificados. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary co... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3672 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-3672
01 Jul 2015 — Admin Framework in Apple OS X before 10.10.4 does not properly handle authentication errors, which allows local users to obtain admin privileges via unspecified vectors. Admin Framework en Apple OS X anterior a 10.10.4 no maneja correctamente los errores de autenticación, lo que permite a usuarios locales obtener privilegios de la administración a través de vectores no especificados. OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary code executi... • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html • CWE-284: Improper Access Control •