CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3709
https://notcve.org/view.php?id=CVE-2015-3709
Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation. Condición de carrera en kext tools en Apple OS X anterior a 10.10.4 permite a usuarios locales evadir los requerimientos de firmas para las extensiones del kernel mediante el aprovechamiento de la validación de nombres de ruta incorrecta. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032760 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3675
https://notcve.org/view.php?id=CVE-2015-3675
The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL. La configuración por defecto en Apache HTTP Server en Apple OS X anterior a 10.10.4 no habilita el módulo mod_hfs_apple, lo que permite a atacantes remotos evadir la autenticación HTTP a través de una URL manipulada. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032760 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3676
https://notcve.org/view.php?id=CVE-2015-3676
AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information via a crafted app. AppleGraphicsControl en Apple OS X anterior a 10.10.4 permite a atacantes obtener información sensible de la estructura de la memoria a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032760 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3696
https://notcve.org/view.php?id=CVE-2015-3696
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702. Desbordamiento de buffer en Intel Graphics Driver en Apple OS X anterior a 10.10.4 permite a usuarios locales ganar privilegios a través de vectores no especificados, un a vulnerabilidad diferente a CVE-2015-3695, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, y CVE-2015-3702. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3678
https://notcve.org/view.php?id=CVE-2015-3678
AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified Thunderbolt commands. AppleThunderboltEDMService en Apple OS X anterior a 10.10.4 permite a usuarios locales ganar privilegios o causar una denegación de servicio (corrupción de memoria) a través de comandos Thunderbolt no especificados. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032760 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •