CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2015-3704 – Apple Mac OSX - Install.framework suid Helper Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-3704
runner in Install.framework in the Install Framework Legacy subsystem in Apple OS X before 10.10.4 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app. runner en Install.framework en el subsistema Install Framework Legacy en Apple OS X anterior a 10.10.4 no elimina correctamente los privilegios, lo que permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada. • https://www.exploit-db.com/exploits/38138 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://packetstormsecurity.com/files/133547/OS-X-Privilege-Escalation.html http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032760 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3698
https://notcve.org/view.php?id=CVE-2015-3698
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702. Desbordamiento de buffer en Intel Graphics Driver en Apple OS X anterior a 10.10.4 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, y CVE-2015-3702. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3676
https://notcve.org/view.php?id=CVE-2015-3676
AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information via a crafted app. AppleGraphicsControl en Apple OS X anterior a 10.10.4 permite a atacantes obtener información sensible de la estructura de la memoria a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032760 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3720
https://notcve.org/view.php?id=CVE-2015-3720
The kernel in Apple OS X before 10.10.4 does not properly manage memory in kernel-extension APIs, which allows attackers to obtain sensitive memory-layout information via a crafted app. El kernel en Apple OS X anterior a 10.10.4 no maneja correctamente la memoria en las APIs de extensión del kernel, lo que permite a atacantes obtener información sensible de la estructura de la memoria a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75493 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3708
https://notcve.org/view.php?id=CVE-2015-3708
kextd in kext tools in Apple OS X before 10.10.4 allows attackers to write to arbitrary files via a crafted app that conducts a symlink attack. kextd en kext tools en Apple OS X anterior a 10.10.4 permite a atacantes escribir en ficheros arbitrarios a través de una aplicación manipulada que realiza un ataque de enlace simbólico. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032760 •