CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2015-6995 – Apple Mac OSX - 'IOHDIXControllerUserClient::convertClient' Buffer Integer Overflow
https://notcve.org/view.php?id=CVE-2015-6995
The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. El componente Disk Images en Apple iOS en versiones anteriores a 9.1 y OS X en versiones anteriores a 10.11.1 no analiza correctamente imágenes, lo que permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada. Method 5 of the IOHDIXController user client is createDrive64. This takes a 0x10 0 byte structure input from which it reads a userspace pointer and a size which it passes to IOHDIXController::convertClientBuffer. This wraps the memory pointed to by the userspace pointer in an IOMemoryDescriptor then takes the user-provided size, casts it to a 32-bit type and adds one. • https://www.exploit-db.com/exploits/39381 http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html http://www.securityfocus.com/bid/77263 http://www.securitytracker.com/id/1033929 https://support.apple.com/HT205370 https://support.apple.com/HT205375 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7003 – OS X Coreaudiod Calls Uninitialized Function Pointer
https://notcve.org/view.php?id=CVE-2015-7003
coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app. coreaudiod en Audio en Apple OS X en versiones anteriores a 10.11.1 no inicializa una estructura de datos sin especificar, lo que permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. com.apple.audio.coreaudiod is reachable from various sandboxes including the Safari renderer. coreaudiod is sandboxed and runs as its own user, nevertheless it has access to various other interesting attack surfaces which safari doesn't, allowing this bug to potentially form part of a full sandbox escape chain. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7019 – OS X Kernel Panic Due To Bad Patch For CVE-2015-3712
https://notcve.org/view.php?id=CVE-2015-7019
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7020. El controlador NVIDIA en el subsistema Graphics Drivers en Apple OS X en versiones anteriores a 10.11.1 permite a usuarios locales obtener información sensible de la memoria del kernel o provocar una denegación de servicio (lectura fuera de rangos y caída del sistema) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-7020. A bad patch for CVE-2015-3712 allows for code execution due to insufficient bounds checking in nvidia GeForce command buffer processing. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 97%CPEs: 1EXPL: 1CVE-2015-7007 – Apple Safari - User-Assisted Applescript Exec Attack
https://notcve.org/view.php?id=CVE-2015-7007
Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors. Script Editor en Apple OS X en versiones anteriores a 10.11.1 permite a atacantes remotos eludir un requisito destinado a la confirmación de usuario para la ejecución de AppleScript a través de vectores no especificados. In versions of Mac OS X before 10.11.1, the applescript:// URL scheme is provided, which opens the provided script in the Applescript Editor. Pressing cmd-R in the Editor executes the code without any additional confirmation from the user. By getting the user to press cmd-R in Safari, and by hooking the cmd-key keypress event, a user can be tricked into running arbitrary Applescript code. • https://www.exploit-db.com/exploits/38535 http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html http://packetstormsecurity.com/files/134072/Safari-User-Assisted-Applescript-Exec-Attack.html http://www.rapid7.com/db/modules/exploit/osx/browser/safari_user_assisted_applescript_exec https://support.apple.com/HT205375 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7035
https://notcve.org/view.php?id=CVE-2015-7035
Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors. Apple Mac EFI en versiones anteriores a 2015-002, tal como se utiliza en OS X en versiones anteriores a 10.11.1 y otros productos, no maneja correctamente argumentos, lo que permite a atacantes llegar a las funciones 'unused' a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00007.html http://www.securityfocus.com/bid/74971 http://www.securitytracker.com/id/1033921 https://support.apple.com/HT205317 https://support.apple.com/HT205375 • CWE-17: DEPRECATED: Code •