CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5747
https://notcve.org/view.php?id=CVE-2015-5747
The fasttrap driver in the kernel in Apple OS X before 10.10.5 allows local users to cause a denial of service (resource consumption) via unspecified vectors. Vulnerabilidad en el driver fasttrap en el kernel de Apple OS X en versiones anteriores a 10.10.5, permite a usuarios locales causar una denegación de servicio (consumo de recursos) a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://www.securityfocus.com/bid/76340 http://www.securitytracker.com/id/1033276 https://support.apple.com/kb/HT205031 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2015-3798 – Apple Mac OSX Regex Engine (TRE) - Integer Signedness / Overflow
https://notcve.org/view.php?id=CVE-2015-3798
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3797. Vulnerabilidad en la librería TRE en Libc en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes dependientes del contexto ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de una expresión regular manipulada, una vulnerabilidad diferente a CVE-2015-3796 y CVE-2015-3797. OS X Regex Engine (TRE) suffers from integer signedness and overflow issues. • https://www.exploit-db.com/exploits/38262 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://www.securityfocus.com/bid/76343 http://www.securitytracker.com/id/1033275 https://code.google.com/p/google-security-research/issues/detail?id=429 https://support.apple.com/kb/HT205030 https://support.apple.com/kb/HT205031 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5757
https://notcve.org/view.php?id=CVE-2015-5757
libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking. Vulnerabilidad en libpthread en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una aplicación que utiliza un syscall manipulado para interferir con el bloqueo. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://www.securityfocus.com/bid/76343 http://www.securitytracker.com/id/1033275 https://support.apple.com/kb/HT205030 https://support.apple.com/kb/HT205031 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3778
https://notcve.org/view.php?id=CVE-2015-3778
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. Vulnerabilidad en bootp en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes remotos obtener información potencialmente sensible sobre direcciones MAC vistas en sesiones Wi-Fi previas rastreando una red 802.11 en busca de tráfico de difusión DNAv4. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://www.securityfocus.com/bid/76337 http://www.securityfocus.com/bid/76340 http://www.securitytracker.com/id/1033275 https://support.apple.com/kb/HT205030 https://support.apple.com/kb/HT205031 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3799 – Apple OS X iCloud Account Authentication Elevation Of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2015-3799
The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app. Vulnerabilidad en el plug-in de Apple ID OD en Apple OS X en versiones anteriores a 10.10.5, permite a atacantes cambiar las contraseñas de usuarios arbitrarios a través de una aplicación manipulada. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must have shell access to exploit this vulnerability, however Guest access is sufficient. The specific flaw exists within the authentication of users who use their iCloud account and password to log in to OS X. Any user is able to change the password of these users without knowing the previous password. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://www.securityfocus.com/bid/76340 http://www.securitytracker.com/id/1033276 http://www.zerodayinitiative.com/advisories/ZDI-15-390 https://support.apple.com/kb/HT205031 • CWE-255: Credentials Management Errors •