CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3787
https://notcve.org/view.php?id=CVE-2015-3787
The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets. Vulnerabilidad en el subsistema de Bluetooth en Apple OS X en versiones anteriores a 10.10.5, permite a atacantes remotos causar una denegación de servicio a través de paquetes Bluetooth ACL mal formados. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://www.securityfocus.com/bid/76340 http://www.securitytracker.com/id/1033276 https://support.apple.com/kb/HT205031 • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5748
https://notcve.org/view.php?id=CVE-2015-5748
The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume. Vulnerabilidad en el kernel en Apple OS X en versiones anteriores a 10.10.5, no monta adecuadamente volúmenes HFS, lo que permite a usuarios locales causar una denegación de servicio a través de un volumen manipulado. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://www.securityfocus.com/bid/76340 http://www.securitytracker.com/id/1033276 https://support.apple.com/HT205212 https://support.apple.com/HT205213 https://support.apple.com/kb/HT205031 • CWE-17: DEPRECATED: Code •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2015-3784
https://notcve.org/view.php?id=CVE-2015-3784
Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Vulnerabilidad en Office Viewer en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes remotos leer archivos arbitrarios a través de un documento XML que contiene una declaración de entidad externa en conjunción con una referencia de entidad, relacionada con un problema de entidad externa XML (XXE). • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html http://www.securityfocus.com/bid/76343 http://www.securitytracker.com/id/1033275 https://support.apple.com/HT205373 https://support.apple.com/kb/HT205030 https://support.apple.com/kb/HT205031 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-5777
https://notcve.org/view.php?id=CVE-2015-5777
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778. Vulnerabilidad en CoreMedia Playback en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un archivo movie manipulado, una vulnerabilidad diferente a CVE-2015-5778. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://www.securityfocus.com/bid/76343 http://www.securitytracker.com/id/1033275 https://support.apple.com/kb/HT205030 https://support.apple.com/kb/HT205031 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2015-5784 – Apple Mac OSX Install.Framework - Arbitrary mkdir / unlink and chown to Admin Group
https://notcve.org/view.php?id=CVE-2015-5784
runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app. Vulnerabilidad en runner en Install.framework en el componente Install Framework Legacy en Apple OS X en versiones anteriores a 10.10.5, no elimina correctamente los privilegios, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. Install.framework has a suid root binary at /System/Library/PrivateFrameworks/Install.framework/Resources/runner that allows for arbitrary mkdir, unlink, and chown. • https://www.exploit-db.com/exploits/38137 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://www.securityfocus.com/bid/76340 http://www.securitytracker.com/id/1033276 https://support.apple.com/kb/HT205031 • CWE-264: Permissions, Privileges, and Access Controls •