CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5893
https://notcve.org/view.php?id=CVE-2015-5893
SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. SMBClient en SMB en Apple OS X en versiones anteriores a 10.11 permite a usuarios locales obtener información sensible de la estructura de memoria del kernel a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/76908 http://www.securitytracker.com/id/1033703 https://support.apple.com/HT205267 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2015-5889 – Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-5889
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables. rsh en el componente remote_cmds en Apple OS X en versiones anteriores a 10.11 permite a usuarios locales obtener privilegios de root a través de vectores que implican variables de entorno. • https://www.exploit-db.com/exploits/38371 https://www.exploit-db.com/exploits/38540 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://packetstormsecurity.com/files/133826/issetugid-rsh-libmalloc-OS-X-Local-Root.html http://packetstormsecurity.com/files/134087/Mac-OS-X-10.9.5-10.10.5-rsh-libmalloc-Privilege-Escalation.html http://seclists.org/fulldisclosure/2015/Oct/5 http://www.rapid7.com/db/modules/exploit/osx/local/rsh_libmalloc http://www.securityfoc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5824
https://notcve.org/view.php?id=CVE-2015-5824
The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Vulnerabilidad en la implementación de NSURL en el componente CFNetwork SSL en Apple iOS en versiones anteriores a 9, no verifica adecuadamente los certificados X.509 de los servidores SSL después un cambio en el certificado, lo que permite a atacantes man-in-the-middle suplantar los servidores y obtener información sensible a través de un certificado manipulado. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/76764 http://www.securitytracker.com/id/1033609 https://support.apple.com/HT205212 https://support.apple.com/HT205213 https://support.apple.com/HT205267 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5841
https://notcve.org/view.php?id=CVE-2015-5841
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. Vulnerabilidad en el componente CFNetwork Proxies en Apple iOS en versiones anteriores a 9, no maneja correctamente una cabecera Set-Cookie en una respuesta en una petición HTTP CONNECT, lo que permite a servidores proxy remotos realizar un ataque de cookie-injection a través de una respuesta manipulada. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/76764 http://www.securitytracker.com/id/1033609 https://support.apple.com/HT205212 https://support.apple.com/HT205213 https://support.apple.com/HT205267 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.3EPSS: 2%CPEs: 3EXPL: 0CVE-2015-5862
https://notcve.org/view.php?id=CVE-2015-5862
The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file. Vulnerabilidad en el componente Audio en Apple iOS en versiones anteriores a 9, permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un archivo de audio manipulado. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securityfocus.com/bid/76764 http://www.securitytracker.com/id/1033609 https://support.apple.com/HT205212 https://support.apple.com/HT205213 https://support.apple.com/HT205267 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •