CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3782
https://notcve.org/view.php?id=CVE-2015-3782
CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app. Vulnerabilidad en CloudKit en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes acceder a un registro de usuario de iCloud asociado a una sesión previa de login de usuario a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://www.securityfocus.com/bid/76343 http://www.securitytracker.com/id/1033275 https://support.apple.com/kb/HT205030 https://support.apple.com/kb/HT205031 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5748
https://notcve.org/view.php?id=CVE-2015-5748
The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume. Vulnerabilidad en el kernel en Apple OS X en versiones anteriores a 10.10.5, no monta adecuadamente volúmenes HFS, lo que permite a usuarios locales causar una denegación de servicio a través de un volumen manipulado. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://www.securityfocus.com/bid/76340 http://www.securitytracker.com/id/1033276 https://support.apple.com/HT205212 https://support.apple.com/HT205213 https://support.apple.com/kb/HT205031 • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2015-5775
https://notcve.org/view.php?id=CVE-2015-5775
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756. Vulnerabilidad en FontParser en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un archivo font manipulado, una vulnerabilidad diferente a CVE-2015-3804 y CVE-2015-5756. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://www.securityfocus.com/bid/76343 http://www.securitytracker.com/id/1033275 https://support.apple.com/kb/HT205030 https://support.apple.com/kb/HT205031 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3764
https://notcve.org/view.php?id=CVE-2015-3764
Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, which allows attackers to read arbitrary notifications via a crafted app. Vulnerabilidad en el Centro de Notificaciones de Apple OS X en versiones anteriores a 10.10.5, no elimina correctamente las notificaciones rechazadas, lo que permite a atacantes leer notificaciones arbitrarias a través de aplicaciones manipuladas. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://www.securityfocus.com/bid/76340 http://www.securitytracker.com/id/1033276 https://support.apple.com/kb/HT205031 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3799 – Apple OS X iCloud Account Authentication Elevation Of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2015-3799
The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app. Vulnerabilidad en el plug-in de Apple ID OD en Apple OS X en versiones anteriores a 10.10.5, permite a atacantes cambiar las contraseñas de usuarios arbitrarios a través de una aplicación manipulada. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must have shell access to exploit this vulnerability, however Guest access is sufficient. The specific flaw exists within the authentication of users who use their iCloud account and password to log in to OS X. Any user is able to change the password of these users without knowing the previous password. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://www.securityfocus.com/bid/76340 http://www.securitytracker.com/id/1033276 http://www.zerodayinitiative.com/advisories/ZDI-15-390 https://support.apple.com/kb/HT205031 • CWE-255: Credentials Management Errors •