CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7067
https://notcve.org/view.php?id=CVE-2015-7067
IOThunderboltFamily in Apple OS X before 10.11.2 allows local users to cause a denial of service (NULL pointer dereference) via an unspecified userclient type. IOThunderboltFamily en Apple OS X en versiones anteriores a 10.11.2 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL) a través de un tipo userclient no especificado. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://www.securitytracker.com/id/1034344 https://support.apple.com/HT205637 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7081
https://notcve.org/view.php?id=CVE-2015-7081
iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. iBooks en Apple iOS en versiones anteriores a 9.2 y OS X en versiones anteriores a 10.11.2 permite a atacantes remotos leer archivos arbitrarios a través de un archivo de iBooks que contiene una declaración de entidad externa XML en conjunción con una referencia de entidad, relacionado con un problema XML External Entity (XXE). • http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://www.securitytracker.com/id/1034344 https://support.apple.com/HT205635 https://support.apple.com/HT205637 •
CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7094
https://notcve.org/view.php?id=CVE-2015-7094
CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL. CFNetwork HTTPProtocol en Apple iOS en versiones anteriores a 9.2 y OS X en versiones anteriores a 10.11.2 permite a atacantes man-in-the-middle eludir los mecanismos de protección HSTS a través de una URL manipulada. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://www.securitytracker.com/id/1034344 https://support.apple.com/HT205635 https://support.apple.com/HT205637 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7106 – Apple Mac OSX - 'IntelAccelerator::gstqConfigure' Kernel NULL Dereference
https://notcve.org/view.php?id=CVE-2015-7106
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. El componente Intel Graphics Driver en Apple OS X en versiones anteriores a 10.11.2 permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • https://www.exploit-db.com/exploits/39369 http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://www.securitytracker.com/id/1034344 https://support.apple.com/HT205637 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7108 – Apple Mac OSX - 'IOBluetoothHCIUserClient' Arbitrary Kernel Code Execution
https://notcve.org/view.php?id=CVE-2015-7108
The Bluetooth HCI interface in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. La interfaz Bluetooth HCI en Apple OS X en versiones anteriores a 10.11.2 permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. IOBluetoothHCIUserClient uses an IOCommandGate to dispatch external methods; it passes a pointer to the structInput of the external method as arg0 and ::SimpleDispatchWL as the Action. It neither passes nor checks the size of that structInput, and SimpleDispatchWL goes on to read the field at +0x70 of the structInput. • https://www.exploit-db.com/exploits/39372 http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://www.securitytracker.com/id/1034344 https://support.apple.com/HT205637 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •