CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5746 – Apple Security Advisory 2015-08-13-3
https://notcve.org/view.php?id=CVE-2015-5746
13 Aug 2015 — AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling. Vulnerabilidad en AppleFileConduit en Apple iOS en versiones anteriores a 8.4.1, permite a atacantes eludir las restricciones destinadas al acceso a los archivos de sistema a través de un comando afc que aprovecha el manejo incorrecto de enlaces simbólicos. iOS 8.4.1 is now available and addresses vulnerabilities in the afc command, AirTraffi... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5748 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2015-5748
13 Aug 2015 — The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume. Vulnerabilidad en el kernel en Apple OS X en versiones anteriores a 10.10.5, no monta adecuadamente volúmenes HFS, lo que permite a usuarios locales causar una denegación de servicio a través de un volumen manipulado. OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache, the OD plug-in, IOBluetoothHCICo... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-17: DEPRECATED: Code •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5749 – Apple Security Advisory 2016-02-25-1
https://notcve.org/view.php?id=CVE-2015-5749
13 Aug 2015 — The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. Vulnerabilidad en el componente Sandbox_profiles en Apple iOS en versiones anteriores a 8.4.1, permite a atacantes eludir el mecanismo de protección de la aplicación sandbox de un tercero y leer preferencias gestionadas arbitrariamente a través de una aplicación manipulada. Apple TV 7.2.1 is now available and addresses ... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5752 – Apple Security Advisory 2015-08-13-3
https://notcve.org/view.php?id=CVE-2015-5752
13 Aug 2015 — Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink. Vulnerabilidad en el Backup en Apple iOS en versiones anteriores a 8.4.1, permite a atacantes eludir las restricciones destinadas al acceso a los archivos de sistema a través de una aplicación manipulada que crea un enlace simbólico. iOS 8.4.1 is now available and addresses vulnerabilities in the afc command, AirTraffic, symlinks, and more. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 5%CPEs: 3EXPL: 0CVE-2015-5755 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2015-5755
13 Aug 2015 — CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761. Vulnerabilidad en CoreText en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a travé... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 0CVE-2015-5756 – Apple Security Advisory 2016-02-25-1
https://notcve.org/view.php?id=CVE-2015-5756
13 Aug 2015 — FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775. Vulnerabilidad en FontParser en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de ... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5757 – Apple Security Advisory 2016-02-25-1
https://notcve.org/view.php?id=CVE-2015-5757
13 Aug 2015 — libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking. Vulnerabilidad en libpthread en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una ap... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5759 – Apple Security Advisory 2015-08-13-3
https://notcve.org/view.php?id=CVE-2015-5759
13 Aug 2015 — WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. Vulnerabilidad en WebKit en Apple iOS en versiones anteriores a 8.4.1, permite a atacantes remotos suplantar clics a través de una página web manipulada que aprovecha acciones de pulsación de teclas. iOS 8.4.1 is now available and addresses vulnerabilities in the afc command, AirTraffic, symlinks, and more. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html • CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 5%CPEs: 3EXPL: 0CVE-2015-5761 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2015-5761
13 Aug 2015 — CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755. Vulnerabilidad en CoreText en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a travé... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5766 – Apple Security Advisory 2015-08-13-3
https://notcve.org/view.php?id=CVE-2015-5766
13 Aug 2015 — Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling. Vulnerabilidad de salto de directorio en Air Traffic en Apple iOS en versiones anteriores a 8.4.1, permite a atacantes acceder a ubicaciones arbitrarias de archivos de sistema a través de vectores relacionados con el manejo de los activos. iOS 8.4.1 is now available and addresses vulnerabilities in the afc command, AirTraffic, symlinks, a... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •