CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1137 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1137
09 Apr 2015 — The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type. El controlador gráfico de NVIDIA en Apple OS X anterior a 10.10.3 permite a usuarios locales ganar privilegios o causar una denegación de servicio (referencia a puntero NULO) a través de un tipo IOService userclient no especificado. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address pr... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1143 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1143
09 Apr 2015 — LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue. LaunchServices en Apple OS X anterior a 10.10.3 permite a usuarios locales ganar privilegios a través de una cadena de texto localizada manipulada, relacionado con un problema de 'type confusion'. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various other vul... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1146 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1146
09 Apr 2015 — The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145. La implentación Code Signing en Apple OS X anterior a 10.10.3 no valida correctamente las firmas, lo que permite a usuarios locales evadir las restricciones de acceso a través de un paquete manipulado, una vulnerabilidad diferente a CVE-2015-1145. OS X Yosemite 10.10.3 and Securi... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 7CVE-2015-1130 – Apple OS X Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-1130
09 Apr 2015 — The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors. La implementación XPC en Admin Framework en Apple OS X anterior a 10.10.3 permite a usuarios locales evadir la autenticación y obtener privilegios administrativos a través de vectores no especificados. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure,... • https://packetstorm.news/files/id/131381 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2015-1088 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1088
09 Apr 2015 — CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site. CFURL en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 no valida correctamente las URLs, lo que permite a atacantes remotos ejecutar código arbitrario a través de un sitio web maniuplado. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosur... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1089 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1089
09 Apr 2015 — CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. CFNetwork en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 no maneja correctamente las cookies durante el procesamiento de las redirecciones en respuestas HTTP, lo que permite a atacantes remotos evadir Same Origin Policy a través de un sitio web manipulado. OS X Yos... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1091 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1091
09 Apr 2015 — The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. El componente CFNetwork Session en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 no maneja correctamente las cabeceras de solicitudes durante el procesamiento de las redirecciones en respuestas HTTP, lo que permite a atacantes remotos ev... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1104 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1104
09 Apr 2015 — The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet. El kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 no determina correctamente si un paquete tenía un origen local, lo que permite a atacantes remotos evadir el mecanismo de protección del filtrado... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 1CVE-2015-1140 – Apple OS X IOHIDSecurePromptClient Untrusted Pointer Dereference Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1140
09 Apr 2015 — Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors. Desbordamiento de buffer en IOHIDFamily en Apple OS X anterior a 10.10.3 permite a usuarios locales ganar privilegios a través de vectores no especificados. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f... • https://github.com/kpwn/vpwn • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1101 – Apple OS X XNU HFS_GETPATH Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2015-1101
08 Apr 2015 — The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada. This vulnerability a... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •