CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5945
https://notcve.org/view.php?id=CVE-2015-5945
The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters. El subsistema Sandbox en Apple OS X en versiones anteriores a 10.11.1 permite a usuarios locales obtener privilegios a través de vectores que involucran parámetros NVRAM. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5943
https://notcve.org/view.php?id=CVE-2015-5943
SecurityAgent in Apple OS X before 10.11.1 does not prevent synthetic clicks from reaching keychain windows, which allows attackers to bypass intended access restrictions via a crafted app. SecurityAgent en Apple OS X en versiones anteriores a 10.11.1 no previene que clics sintéticos alcancen ventanas del llavero, lo que permite a atacantes eludir las restricciones destinadas al acceso a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 • CWE-254: 7PK - Security Features •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5938
https://notcve.org/view.php?id=CVE-2015-5938
ImageIO in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image. ImageIO en Apple OS X en versiones anteriores a 10.11.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de metadatos manipulados en una imagen. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5933
https://notcve.org/view.php?id=CVE-2015-5933
Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5934. Audio en Apple OS X en versiones anteriores a 10.11.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un archivo de audio manipulado, una vulnerabilidad diferente a CVE-2015-5934. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5932
https://notcve.org/view.php?id=CVE-2015-5932
The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing. El kernel en Apple OS X en versiones anteriores a 10.11.1 permite a usuarios locales obtener privilegios mediante el aprovechamiento de un 'type confusion' no especificado durante el procesamiento de tareas Mach. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 •