CVE-2015-1139 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1139
09 Apr 2015 — ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file. ImageIO en Apple OS X anterior a 10.10.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero .sgi manipulado. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various ... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVE-2015-1103 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1103
09 Apr 2015 — The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet. kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 hace cambios de rutas en respuesta a mensajes ICMP_REDIRECT, lo que permite a atacantes remotos causar una denegación de ... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVE-2015-1145 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1145
09 Apr 2015 — The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146. La implementación Firma de Código (Code Signing) en Apple OS X anterior a 10.10.3 no valida correctamente firmas, lo que permite a usuarios locales evadir las restricciones de acceso a través de un paquete manipulado, una vulnerabilidad diferente a CVE-2015-1146. OS X Yosemite 10... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-310: Cryptographic Issues •
CVE-2015-1099 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1099
09 Apr 2015 — Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app. Condición de carrera en la implementación de llamadas al sistema setreuid en el kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes causar una denegación de servicio a través de una aplicación manipulada. OS X Yosemite 10.10.3 and Securit... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2015-1096 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1096
09 Apr 2015 — IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. IOHIDFamily en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes obtener información sensible sobre la memoria del kernel a través de una aplicación manipulada. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, inf... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-1100 – Apple Mac OSX - Local Denial of Service
https://notcve.org/view.php?id=CVE-2015-1100
09 Apr 2015 — The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app. El kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes causar una denegación de servicio (acceso a memoria fuera de rango) u obtener información sensible del contenido de la memoria a través de una aplicación manipulada. O... • https://packetstorm.news/files/id/131508 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-1148 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1148
09 Apr 2015 — Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file. Screen Sharing en Apple OS X anterior a 10.10.3 almacena la contraseña de un usuario en un fichero del registro, lo que podría permitir a atacantes dependientes de contexto obtener información sensible mediante la lectura de este fichero. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address pri... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-1147 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1147
09 Apr 2015 — Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network. Open Directory Client en Apple OS X anterior a 10.10.3 envía solicitudes de cambio de contraseñas no codificadas en ciertas circunstancias que involucran certificados perdidos, lo que permite a atacantes remotos obtener información sensible mediante la captura de trafico de... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-1098 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1098
09 Apr 2015 — iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. iWork en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero iWork manipulado. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, co... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-1088 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1088
09 Apr 2015 — CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site. CFURL en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 no valida correctamente las URLs, lo que permite a atacantes remotos ejecutar código arbitrario a través de un sitio web maniuplado. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosur... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •