CVSS: 9.8EPSS: 3%CPEs: 58EXPL: 1CVE-2015-2783 – php: buffer over-read in Phar metadata parsing
https://notcve.org/view.php?id=CVE-2015-2783
20 Apr 2015 — ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. ext/phar/phar.c en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8 permite a atacantes remotos obte... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1091 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1091
09 Apr 2015 — The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. El componente CFNetwork Session en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 no maneja correctamente las cabeceras de solicitudes durante el procesamiento de las redirecciones en respuestas HTTP, lo que permite a atacantes remotos ev... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1132 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1132
09 Apr 2015 — fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135. fontd en Apple Type Services (ATS) en Apple OS X anterior a 10.10.3permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, y CVE-2015-1135. OS X Yosemite 10.10.3 and Security Update 2015... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1135 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1135
09 Apr 2015 — fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134. fontd en Apple Type Services (ATS) en Apple OS X anterior a 10.10.3 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, y CVE-2015-1134. OS X Yosemite 10.10.3 and Security Update 201... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1143 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1143
09 Apr 2015 — LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue. LaunchServices en Apple OS X anterior a 10.10.3 permite a usuarios locales ganar privilegios a través de una cadena de texto localizada manipulada, relacionado con un problema de 'type confusion'. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various other vul... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1141 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1141
09 Apr 2015 — The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors. La funcionalidad mach_vm_read en el kernel en Apple OS X anterior a 10.10.3 permite a usuarios locales causar una denegación de servicio (caída del sistema) a través de vectores no especificados. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1095 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1095
09 Apr 2015 — IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device. IOHIDFamily en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes físicamente próximos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un dispositivo HID manipulado. OS X Yosemite 10... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •
CVSS: 7.1EPSS: 9%CPEs: 3EXPL: 0CVE-2015-1102 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1102
09 Apr 2015 — The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors. El kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 no maneja correctamente las cabeceras TCP, lo que permite a atacantes man-in-the-middle causar una denegación de servicio a través de vectores no especificados. OS X Yosemite 10.10.3 and Security ... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 7CVE-2015-1130 – Apple OS X Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-1130
09 Apr 2015 — The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors. La implementación XPC en Admin Framework en Apple OS X anterior a 10.10.3 permite a usuarios locales evadir la autenticación y obtener privilegios administrativos a través de vectores no especificados. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure,... • https://packetstorm.news/files/id/131381 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 0CVE-2015-1093 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1093
09 Apr 2015 — FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. FontParser en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero de fuentes manipulado. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege ... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •