CVE-2015-6985
https://notcve.org/view.php?id=CVE-2015-6985
Apple Type Services (ATS) in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web page. Apple Type Services (ATS) en Apple OS X en versiones anteriores a 10.11.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de una página web manipulada. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-7023
https://notcve.org/view.php?id=CVE-2015-7023
CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. CFNetwork en Apple iOS en versiones anteriores a 9.1 y OS X en versiones anteriores a 10.11.1 no considera adecuadamente la distinción de mayúsculas frente a minúsculas durante el análisis de cookie, lo que permite a servidores web remotos sobrescribir cookies a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html http://www.securityfocus.com/bid/77263 http://www.securitytracker.com/id/1033929 https://support.apple.com/HT205370 https://support.apple.com/HT205375 • CWE-17: DEPRECATED: Code •
CVE-2015-7019 – OS X Kernel Panic Due To Bad Patch For CVE-2015-3712
https://notcve.org/view.php?id=CVE-2015-7019
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7020. El controlador NVIDIA en el subsistema Graphics Drivers en Apple OS X en versiones anteriores a 10.11.1 permite a usuarios locales obtener información sensible de la memoria del kernel o provocar una denegación de servicio (lectura fuera de rangos y caída del sistema) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-7020. A bad patch for CVE-2015-3712 allows for code execution due to insufficient bounds checking in nvidia GeForce command buffer processing. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-6994
https://notcve.org/view.php?id=CVE-2015-6994
The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app. El kernel en Apple iOS en versiones anteriores a 9.1 y OS X en versiones anteriores a 10.11.1 no maneja correctamente la reutilización de la memoria virtual, lo que permite a atacantes provocar una denegación de servicio a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html http://www.securityfocus.com/bid/77263 http://www.securitytracker.com/id/1033929 https://support.apple.com/HT205370 https://support.apple.com/HT205375 • CWE-399: Resource Management Errors •
CVE-2015-6987
https://notcve.org/view.php?id=CVE-2015-6987
The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of service (application crash) via crafted bookmark metadata in a folder. El componente File Bookmark en Apple OS X en versiones anteriores a 10.11.1 permite a usuarios locales provocar una denegación de servicio (caída de aplicación) a través de metadatos de marcador manipulados en una carpeta. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 • CWE-20: Improper Input Validation •