CVE-2015-5938
https://notcve.org/view.php?id=CVE-2015-5938
ImageIO in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image. ImageIO en Apple OS X en versiones anteriores a 10.11.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de metadatos manipulados en una imagen. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-5932
https://notcve.org/view.php?id=CVE-2015-5932
The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing. El kernel en Apple OS X en versiones anteriores a 10.11.1 permite a usuarios locales obtener privilegios mediante el aprovechamiento de un 'type confusion' no especificado durante el procesamiento de tareas Mach. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 •
CVE-2015-5944
https://notcve.org/view.php?id=CVE-2015-5944
CoreText in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. CoreText en Apple OS X en versiones anteriores a 10.11.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un archivo de fuente manipulado. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-5945
https://notcve.org/view.php?id=CVE-2015-5945
The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters. El subsistema Sandbox en Apple OS X en versiones anteriores a 10.11.1 permite a usuarios locales obtener privilegios a través de vectores que involucran parámetros NVRAM. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-7013
https://notcve.org/view.php?id=CVE-2015-7013
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5. WebKit, como se utiliza en Apple Safari en versiones anteriores a 9.0.1 y iTunes en versiones anteriores a 12.3.1, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a los CVEs WebKit listados en APPLE-SA-2015-10-21-3 y APPLE-SA-2015-10-21-5. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html http://www.securityfocus.com/bid/77264 http://www.securitytracker.com/id/1033939 https://support.apple.com/HT205372 https://support.apple.com/HT205377 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •