CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5902
https://notcve.org/view.php?id=CVE-2015-5902
The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors. La funcionalidad de depuración en el kernel en Apple OS X en versiones anteriores a 10.11 no gestiona correctamente el estado, lo que permite a usuarios locales provocar una denegación de servicio a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/76908 http://www.securitytracker.com/id/1033703 https://support.apple.com/HT205267 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 3CVE-2015-5889 – Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-5889
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables. rsh en el componente remote_cmds en Apple OS X en versiones anteriores a 10.11 permite a usuarios locales obtener privilegios de root a través de vectores que implican variables de entorno. • https://www.exploit-db.com/exploits/38371 https://www.exploit-db.com/exploits/38540 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://packetstormsecurity.com/files/133826/issetugid-rsh-libmalloc-OS-X-Local-Root.html http://packetstormsecurity.com/files/134087/Mac-OS-X-10.9.5-10.10.5-rsh-libmalloc-Privilege-Escalation.html http://seclists.org/fulldisclosure/2015/Oct/5 http://www.rapid7.com/db/modules/exploit/osx/local/rsh_libmalloc http://www.securityfoc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5912
https://notcve.org/view.php?id=CVE-2015-5912
The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. Vulnerabilidad en el componente CFNetwork FTPProtocol en Apple iOS en versiones anteriores a 9, permite a los servidores proxy FTP remotos activar los intentos de conexión TCP a los hosts de la intranet a través de respuestas manipuladas. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/archive/1/536488/100/0/threaded http://www.securityfocus.com/bid/76764 http://www.securitytracker.com/id/1033609 https://support.apple.com/HT205212 https://support.apple.com/HT205267 • CWE-17: DEPRECATED: Code •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5831
https://notcve.org/view.php?id=CVE-2015-5831
NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app. Vulnerabilidad en NetworkExtension en el kernel en Apple iOS en versiones anteriores a 9, no inicializa adecuadamente una estructura de datos no especificada, lo que permite a atacantes obtener información sensible del memory-layout a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/76764 http://www.securitytracker.com/id/1033609 https://support.apple.com/HT205212 https://support.apple.com/HT205267 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 5%CPEs: 2EXPL: 0CVE-2015-5879
https://notcve.org/view.php?id=CVE-2015-5879
XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header. Vulnerabilidad en XNU en el kernel en Apple iOS en versiones anteriores a 9, no valida adecuadamente las cabeceras de los paquetes TCP, lo que permite a atacantes remotos eludir el mecanismo de protección de secuencia numérica y causar una denegación de servicio (Interrupción de la conexión TCP) a través de una cabecera manipulada. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/76764 http://www.securitytracker.com/id/1033609 https://support.apple.com/HT205212 https://support.apple.com/HT205267 • CWE-20: Improper Input Validation •