CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5893
https://notcve.org/view.php?id=CVE-2015-5893
SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. SMBClient en SMB en Apple OS X en versiones anteriores a 10.11 permite a usuarios locales obtener información sensible de la estructura de memoria del kernel a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/76908 http://www.securitytracker.com/id/1033703 https://support.apple.com/HT205267 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5870
https://notcve.org/view.php?id=CVE-2015-5870
The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors. Las interfaces de depuración en el kernel en Apple OS X en versiones anteriores a 10.11 permiten a usuarios locales obtener información sensible de la estructura de memoria a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/76908 http://www.securitytracker.com/id/1033703 https://support.apple.com/HT205267 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5894
https://notcve.org/view.php?id=CVE-2015-5894
The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. La implementación del certificado de confianza X.509 en Apple OS X en versiones anteriores a 10.11 no reconoce que el indicador kSecRevocationRequirePositiveResponse implica un requerimiento de control de revocación, lo que hace más fácil para atacantes man-in-the-middle falsificar terminales mediante el aprovechamiento de acceso a un certificado revocado. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/76908 http://www.securitytracker.com/id/1033703 https://support.apple.com/HT205267 • CWE-17: DEPRECATED: Code •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5849
https://notcve.org/view.php?id=CVE-2015-5849
The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection. La implementación de filtrado en AppleEvents en Apple OS X en versiones anterioes a 10.11 no maneja correctamente los intentos de enviar eventos a un usuario diferente, lo que permite a atacantes eludir las restricciones destinadas al acceso aprovechando una conexión de pantalla compartida. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securitytracker.com/id/1033703 https://support.apple.com/HT205267 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5901
https://notcve.org/view.php?id=CVE-2015-5901
The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive. La funcionalidad Secure Empty Trash en Apple OS X en versiones anteriores a 10.11 no borra adecuadamente los archivos Trash, lo que podría permitir a usuarios locales obtener información sensible medainte la lectura del almacenamiento multimedia, según lo demostrado mediante la lectura de una unidad flash. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securitytracker.com/id/1033703 https://support.apple.com/HT205267 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •