CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 0CVE-2015-8659
https://notcve.org/view.php?id=CVE-2015-8659
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug. El manejo de flujo de datos en reposo en nghttp2 en versiones anteriores a 1.6.0 permite atacantes tener un impacto no especificado a través de vectores desconocidos, también conocido como error de uso después de liberación de memoria dinámica. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175085.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175423.html http://www.openwall.com/lists/oss-security/2015&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7024
https://notcve.org/view.php?id=CVE-2015-7024
Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature. Vulnerabilidad de búsqueda de ruta no confiable en Apple OS X en versiones anteriores a 10.11.1 permite a usuarios locales eludir las restricciones de Gatekeeper previstas y obtener privilegios a través de un programa Troyano que se carga desde un directorio no esperado por una aplicación que tiene una firma digital Apple válida. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6980
https://notcve.org/view.php?id=CVE-2015-6980
Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors. Directory Utility en Apple OS X en versiones anteriores a 10.11.1 no maneja adecuadamente la autenticación para sesiones nuevas, lo que permite a usuarios locales obtener privilegios a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2015-7116
https://notcve.org/view.php?id=CVE-2015-7116
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115. libxml2 en Apple iOS en versiones anteriores a 9.2, OS X en versiones anteriores a 10.11.2 y tvOS en versiones anteriores a 9.1 permite a atacantes remotos obtener información sensible o provocar una denegación de servicio (corrupción de memoria) a través de un documento XML manipulado, una vulnerabilidad diferente a CVE-2015-7115. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html https://support.apple.com/HT205635 https://support.apple.com/HT205637 https://support.apple.com/HT205640 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2015-7115
https://notcve.org/view.php?id=CVE-2015-7115
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116. libxml2 en Apple iOS en versiones anteriores a 9.2, OS X en versiones anteriores a 10.11.2 y tvOS en versiones anteriores a 9.1 permite a atacantes remotos obtener información sensible o provocar una denegación de servicio (corrupción de memoria) a través de un documento XML manipulado, una vulnerabilidad diferente a CVE-2015-7116. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html https://support.apple.com/HT205635 https://support.apple.com/HT205637 https://support.apple.com/HT205640 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •