CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1135 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1135
09 Apr 2015 — fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134. fontd en Apple Type Services (ATS) en Apple OS X anterior a 10.10.3 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, y CVE-2015-1134. OS X Yosemite 10.10.3 and Security Update 201... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1104 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1104
09 Apr 2015 — The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet. El kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 no determina correctamente si un paquete tenía un origen local, lo que permite a atacantes remotos evadir el mecanismo de protección del filtrado... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 1CVE-2015-1140 – Apple OS X IOHIDSecurePromptClient Untrusted Pointer Dereference Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1140
09 Apr 2015 — Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors. Desbordamiento de buffer en IOHIDFamily en Apple OS X anterior a 10.10.3 permite a usuarios locales ganar privilegios a través de vectores no especificados. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f... • https://github.com/kpwn/vpwn • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2015-1139 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1139
09 Apr 2015 — ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file. ImageIO en Apple OS X anterior a 10.10.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero .sgi manipulado. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various ... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 6%CPEs: 3EXPL: 0CVE-2015-1103 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1103
09 Apr 2015 — The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet. kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 hace cambios de rutas en respuesta a mensajes ICMP_REDIRECT, lo que permite a atacantes remotos causar una denegación de ... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1145 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1145
09 Apr 2015 — The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146. La implementación Firma de Código (Code Signing) en Apple OS X anterior a 10.10.3 no valida correctamente firmas, lo que permite a usuarios locales evadir las restricciones de acceso a través de un paquete manipulado, una vulnerabilidad diferente a CVE-2015-1146. OS X Yosemite 10... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-310: Cryptographic Issues •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1099 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1099
09 Apr 2015 — Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app. Condición de carrera en la implementación de llamadas al sistema setreuid en el kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes causar una denegación de servicio a través de una aplicación manipulada. OS X Yosemite 10.10.3 and Securit... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1096 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1096
09 Apr 2015 — IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. IOHIDFamily en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes obtener información sensible sobre la memoria del kernel a través de una aplicación manipulada. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, inf... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 3CVE-2015-1100 – Apple Mac OSX - Local Denial of Service
https://notcve.org/view.php?id=CVE-2015-1100
09 Apr 2015 — The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app. El kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes causar una denegación de servicio (acceso a memoria fuera de rango) u obtener información sensible del contenido de la memoria a través de una aplicación manipulada. O... • https://packetstorm.news/files/id/131508 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1148 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1148
09 Apr 2015 — Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file. Screen Sharing en Apple OS X anterior a 10.10.3 almacena la contraseña de un usuario en un fichero del registro, lo que podría permitir a atacantes dependientes de contexto obtener información sensible mediante la lectura de este fichero. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address pri... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •