CVE-2015-5887
https://notcve.org/view.php?id=CVE-2015-5887
The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data. La implementación del Handshake Protocol de TLS en Secure Transport en Apple OS X en versiones anteriores a 10.11 acepta un mensaje Certificate Request en una sesión en la cual no ha sido enviado un mensaje Server Key Exchange, lo que permite a atacantes remotos tener un impacto no especificado a través de datos TLS manipulados. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/76908 http://www.securitytracker.com/id/1033703 https://support.apple.com/HT205267 • CWE-17: DEPRECATED: Code •
CVE-2015-5901
https://notcve.org/view.php?id=CVE-2015-5901
The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive. La funcionalidad Secure Empty Trash en Apple OS X en versiones anteriores a 10.11 no borra adecuadamente los archivos Trash, lo que podría permitir a usuarios locales obtener información sensible medainte la lectura del almacenamiento multimedia, según lo demostrado mediante la lectura de una unidad flash. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securitytracker.com/id/1033703 https://support.apple.com/HT205267 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-5902
https://notcve.org/view.php?id=CVE-2015-5902
The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors. La funcionalidad de depuración en el kernel en Apple OS X en versiones anteriores a 10.11 no gestiona correctamente el estado, lo que permite a usuarios locales provocar una denegación de servicio a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/76908 http://www.securitytracker.com/id/1033703 https://support.apple.com/HT205267 •
CVE-2015-5888
https://notcve.org/view.php?id=CVE-2015-5888
The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file. El componente Install Framework Legacy en Apple OS X en versiones anteriores a 10.11 permite a usuarios locales obtener privilegios de root a través de vectores que implican un archivo ejecutable privilegiado. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securitytracker.com/id/1033703 https://support.apple.com/HT205267 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-5915
https://notcve.org/view.php?id=CVE-2015-5915
Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors. Apple OS X en versiones anteriores a 10.11 no asegura que el estado de bloqueo del llavero se muestre correctamente, lo que tiene un impacto y vectores de ataque no especificados. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/76908 http://www.securitytracker.com/id/1033703 https://support.apple.com/HT205267 • CWE-17: DEPRECATED: Code •