CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1135 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1135
09 Apr 2015 — fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134. fontd en Apple Type Services (ATS) en Apple OS X anterior a 10.10.3 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, y CVE-2015-1134. OS X Yosemite 10.10.3 and Security Update 201... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1142 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1142
09 Apr 2015 — LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data. LaunchServices en Apple OS X anterior a 10.10.3 permite a usuarios locales causar una denegación de servicio (caída de Finder) a través de datos de localización manipulados. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1117 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1117
09 Apr 2015 — The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app. Las implementaciones de llamadas a sistemas (1) setreuid y (2) setregid en el kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 no realizan correctamente la elimina... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 23%CPEs: 3EXPL: 0CVE-2015-1105 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1105
09 Apr 2015 — The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets. La implementación TCP en el kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 no implementa correctamente el mecanismo Urgent (también conocido como datos fuera de banda), lo que permite a atacantes remo... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1141 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1141
09 Apr 2015 — The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors. La funcionalidad mach_vm_read en el kernel en Apple OS X anterior a 10.10.3 permite a usuarios locales causar una denegación de servicio (caída del sistema) a través de vectores no especificados. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 0CVE-2015-1093 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1093
09 Apr 2015 — FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. FontParser en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de fuentes manipulado. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege ... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1144 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1144
09 Apr 2015 — Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier. Desbordamiento de buffer en el componente UniformTypeIdentifiers en Apple OS X anterior a 10.10.3 permite a usuarios locales ganar privilegios a través de un Uniform Type Identifier manipulado. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various o... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1133 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1133
09 Apr 2015 — fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135. fontd en Apple Type Services (ATS) en Apple OS X anterior a 10.10.3 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, y CVE-2015-1135. OS X Yosemite 10.10.3 and Security Update 201... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2015-1139 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1139
09 Apr 2015 — ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file. ImageIO en Apple OS X anterior a 10.10.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero .sgi manipulado. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various ... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 6%CPEs: 3EXPL: 0CVE-2015-1103 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1103
09 Apr 2015 — The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet. kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 hace cambios de rutas en respuesta a mensajes ICMP_REDIRECT, lo que permite a atacantes remotos causar una denegación de ... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •