CVE-2015-3699
https://notcve.org/view.php?id=CVE-2015-3699
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702. Desbordamiento de buffer en Intel Graphics Driver en Apple OS X anterior a 10.10.4 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3700, CVE-2015-3701, y CVE-2015-3702. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3706
https://notcve.org/view.php?id=CVE-2015-3706
IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3705. IOAcceleratorFamily en Apple OS X anterior a 10.10.4 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada, una vulnerabilidad diferente a CVE-2015-3705. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3678
https://notcve.org/view.php?id=CVE-2015-3678
AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified Thunderbolt commands. AppleThunderboltEDMService en Apple OS X anterior a 10.10.4 permite a usuarios locales ganar privilegios o causar una denegación de servicio (corrupción de memoria) a través de comandos Thunderbolt no especificados. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032760 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2015-3692
https://notcve.org/view.php?id=CVE-2015-3692
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges. Apple Mac EFI anterior a 2015-001, utilizado en OS X anterior a 10.10.4 y otros productos, no refuerza un mecanismo de protección de bloqueo cuando se reactiva el ordenador después de un descanso, lo que permite a usuarios locales realizar ataques de Flash EFI mediante el aprovechamiento de privilegios root. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00003.html http://support.apple.com/kb/HT204934 http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75495 http://www.securitytracker.com/id/1032444 • CWE-284: Improper Access Control •
CVE-2015-3693 – Rowhammer - NaCl Sandbox Escape
https://notcve.org/view.php?id=CVE-2015-3693
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations. Apple Mac EFI anterior a 2015-001, utilizado en OS X anterior a 10.10.4 y otros productos, no configura correctamente los indices actualizados para DDR3 RAM, lo que podría facilitar a atacantes remotos realizar ataques 'row-hammer', y como consecuencia gnar privilegios o causar una denegación de servicio (corrupción de memoria), mediante la provocación de ciertas pautas de acceso a localizaciones de memoria. • https://www.exploit-db.com/exploits/36311 http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00003.html http://support.apple.com/kb/HT204934 http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75495 http://www.securitytracker.com/id/1032444 http://www.securitytracker.com/id/1032755 • CWE-254: 7PK - Security Features •