CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 1CVE-2015-1140 – Apple OS X IOHIDSecurePromptClient Untrusted Pointer Dereference Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1140
09 Apr 2015 — Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors. Desbordamiento de buffer en IOHIDFamily en Apple OS X anterior a 10.10.3 permite a usuarios locales ganar privilegios a través de vectores no especificados. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f... • https://github.com/kpwn/vpwn • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1137 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1137
09 Apr 2015 — The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type. El controlador gráfico de NVIDIA en Apple OS X anterior a 10.10.3 permite a usuarios locales ganar privilegios o causar una denegación de servicio (referencia a puntero NULO) a través de un tipo IOService userclient no especificado. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address pr... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1089 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1089
09 Apr 2015 — CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. CFNetwork en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 no maneja correctamente las cookies durante el procesamiento de las redirecciones en respuestas HTTP, lo que permite a atacantes remotos evadir Same Origin Policy a través de un sitio web manipulado. OS X Yos... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 3CVE-2015-1100 – Apple Mac OSX - Local Denial of Service
https://notcve.org/view.php?id=CVE-2015-1100
09 Apr 2015 — The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app. El kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes causar una denegación de servicio (acceso a memoria fuera de rango) u obtener información sensible del contenido de la memoria a través de una aplicación manipulada. O... • https://packetstorm.news/files/id/131508 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 23%CPEs: 3EXPL: 0CVE-2015-1105 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1105
09 Apr 2015 — The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets. La implementación TCP en el kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 no implementa correctamente el mecanismo Urgent (también conocido como datos fuera de banda), lo que permite a atacantes remo... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2015-1088 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1088
09 Apr 2015 — CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site. CFURL en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 no valida correctamente las URLs, lo que permite a atacantes remotos ejecutar código arbitrario a través de un sitio web maniuplado. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosur... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1131 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1131
09 Apr 2015 — fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135. fontd en Apple Type Services (ATS) en Apple OS X anterior a 10.10.3 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, y CVE-2015-1135. OS X Yosemite 10.10.3 and Security Update 201... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1096 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1096
09 Apr 2015 — IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. IOHIDFamily en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes obtener información sensible sobre la memoria del kernel a través de una aplicación manipulada. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, inf... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1118 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1118
09 Apr 2015 — libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile. libnetcore en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un perfil de configuración manipulado. OS X Yosemite 10.10.3 and Security Update 2015-004 a... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1142 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1142
09 Apr 2015 — LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data. LaunchServices en Apple OS X anterior a 10.10.3 permite a usuarios locales causar una denegación de servicio (caída de Finder) a través de datos de localización manipulados. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •