CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1145 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1145
09 Apr 2015 — The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146. La implementación Firma de Código (Code Signing) en Apple OS X anterior a 10.10.3 no valida correctamente firmas, lo que permite a usuarios locales evadir las restricciones de acceso a través de un paquete manipulado, una vulnerabilidad diferente a CVE-2015-1146. OS X Yosemite 10... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-310: Cryptographic Issues •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1146 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1146
09 Apr 2015 — The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145. La implentación Code Signing en Apple OS X anterior a 10.10.3 no valida correctamente las firmas, lo que permite a usuarios locales evadir las restricciones de acceso a través de un paquete manipulado, una vulnerabilidad diferente a CVE-2015-1145. OS X Yosemite 10.10.3 and Securi... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1147 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1147
09 Apr 2015 — Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network. Open Directory Client en Apple OS X anterior a 10.10.3 envía solicitudes de cambio de contraseñas no codificadas en ciertas circunstancias que involucran certificados perdidos, lo que permite a atacantes remotos obtener información sensible mediante la captura de trafico de... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1148 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1148
09 Apr 2015 — Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file. Screen Sharing en Apple OS X anterior a 10.10.3 almacena la contraseña de un usuario en un fichero del registro, lo que podría permitir a atacantes dependientes de contexto obtener información sensible mediante la lectura de este fichero. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address pri... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1134 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1134
09 Apr 2015 — fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135. fontd en Apple Type Services (ATS) en Apple OS X anterior a 10.10.3 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, y CVE-2015-1135. OS X Yosemite 10.10.3 and Security Update 201... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1132 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1132
09 Apr 2015 — fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135. fontd en Apple Type Services (ATS) en Apple OS X anterior a 10.10.3permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, y CVE-2015-1135. OS X Yosemite 10.10.3 and Security Update 2015... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1135 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1135
09 Apr 2015 — fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134. fontd en Apple Type Services (ATS) en Apple OS X anterior a 10.10.3 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, y CVE-2015-1134. OS X Yosemite 10.10.3 and Security Update 201... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1131 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1131
09 Apr 2015 — fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135. fontd en Apple Type Services (ATS) en Apple OS X anterior a 10.10.3 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, y CVE-2015-1135. OS X Yosemite 10.10.3 and Security Update 201... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1101 – Apple OS X XNU HFS_GETPATH Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2015-1101
08 Apr 2015 — The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada. This vulnerability a... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •
CVSS: 9.8EPSS: 9%CPEs: 60EXPL: 1CVE-2015-2348 – php: move_uploaded_file() NUL byte injection in file name
https://notcve.org/view.php?id=CVE-2015-2348
30 Mar 2015 — The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. La implementación move_uploaded_file en ext/standard/basic_functions.c en PHP anterior a 5.4.39... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1291d6bbee93b6109eb07e8f7916ff1b7fcc13e1 • CWE-264: Permissions, Privileges, and Access Controls CWE-626: Null Byte Interaction Error (Poison Null Byte) •