CVE-2015-5853
https://notcve.org/view.php?id=CVE-2015-5853
AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors. AirScan en Apple OS X en versiones anteriores a 10.11 permite a atacantes man-in-the-middle obtener los datos del payload del paquete eSCL a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securitytracker.com/id/1033703 https://support.apple.com/HT205267 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-5914
https://notcve.org/view.php?id=CVE-2015-5914
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498. El componente EFI en Apple OS X en versiones anteriores a 10.11 permite a atacantes físicamente próximos modificar el firmware durante el proceso de actualización de EFI insertando un adaptador Apple Ethernet Thunderbolt con código manipulado en una Option ROM, también conocido como un problema 'Thunderstrike'. NOTA: este problema existe debido a una solución incompleta de la vulnerabilidad CVE-2014-4498. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securitytracker.com/id/1033703 https://support.apple.com/HT205267 https://trmm.net/Thunderstrike_FAQ • CWE-17: DEPRECATED: Code •
CVE-2015-5922
https://notcve.org/view.php?id=CVE-2015-5922
Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors. Vulnerabilidad no especificada en International Components para Unicode (ICU) en versiones anteriores a 53.1.0, tal como se utiliza en Apple OS X en versiones anteriores a 10.11 y watchOS en versiones anteriores a 2, tiene un impacto y vectores de ataque desconocidos. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/76911 http://www.securitytracker.com/id/1033703 https://support.apple.com/HT205213 https://support.apple.com/HT205267 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html •
CVE-2015-5891
https://notcve.org/view.php?id=CVE-2015-5891
The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. La implementación SMB en el kernel en Apple OS X en versiones anteriores a 10.11 permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/76908 http://www.securitytracker.com/id/1033703 https://support.apple.com/HT205267 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-5900
https://notcve.org/view.php?id=CVE-2015-5900
The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address. El registro de rango protegido en el componente EFI en Apple OS X en versiones anteriores a 10.11 tiene un valor incorrecto, lo que permite a atacantes causar una denegación de servicio (fallo de arranque) a través de una aplicación manipulada que escribe a una dirección no intencionada. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securitytracker.com/id/1033703 https://support.apple.com/HT205267 • CWE-254: 7PK - Security Features •