CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3677 – Apple OS X LZVN DMG Information Disclosure Vulnerabillity
https://notcve.org/view.php?id=CVE-2015-3677
The LZVN compression feature in AppleFSCompression in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. La característica de compresión LZVN en AppleFSCompression en Apple OS X anterior a 10.10.4 permite a atacantes obtener información sensible de la estructura de la memoria para el kernel a través de una aplicación manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of DMG files. The issue lies in the handling of LZVN compressed streams. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032760 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 9%CPEs: 2EXPL: 0CVE-2015-3663 – Apple QuickTime GIF Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3663
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668. QT Media Foundation en Apple QuickTime anterior a 7.7.7, utilizado en OS X anterior a 10.10.4 y otros productos, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero manipulado, una vulnerabilidad diferente a CVE-2015-3661, CVE-2015-3662, CVE-2015-3666, CVE-2015-3667, y CVE-2015-3668. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of GIF images. By providing a GIF with a malformed image descriptor, an attacker can write data outside the bounds of the data structure. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00005.html http://support.apple.com/kb/HT204942 http://support.apple.com/kb/HT204947 http://www.securityfocus.com/bid/75493 http://www.securitytracker.com/id/1032756 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 0CVE-2015-3727 – WebKit WebSQL ALTER TABLE Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-3727
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site. WebKit en Apple Safari anterior a 6.2.7, 7.x anterior a 7.1.7, y 8.x anterior a 8.0.7, utilizado en Apple iOS anterior a 8.4 y otros productos, no restringe correctamente las operaciones de renombramiento en las tablas WebSQL, lo que permite a atacantes remotos acceder a la base de datos de un sitio web arbitrario a través de un sitio web manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of WebSQL. The issue lies in the failure to properly utilize SQLite's authorization code. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204950 http://www.securityfocus.com/bid/75492 http://www.securitytracker.com/id/1032754 http://www.ubuntu.com/usn/USN-2937-1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3690 – Apple OS X GZIP DMG Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-3690
The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. El subsistema DiskImages en Apple iOS anterior a 8.4 y OS X anterior a 10.10.4 permite a atacantes obtener información sensible de la estructura de la memoria para el kernel a través de una aplicación manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of DMG files. The issue lies in the handling of GZIP compressed streams. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75491 http://www.securitytracker.com/id/1032760 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.1EPSS: 74%CPEs: 61EXPL: 1CVE-2015-4021 – php: memory corruption in phar_parse_tarfile caused by empty entry file name
https://notcve.org/view.php?id=CVE-2015-4021
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive. La función phar_parse_tarfile en ext/phar/tar.c en PHP anterior a 5.4.41, 5.5.x anterior a 5.5.25, y 5.6.x anterior a 5.6.9 no verifica que el primer caracter de un nombre de fichero es diferente al caracter \0, lo que permite a atacantes remotos causar una denegación de servicio (desbordamientos de enteros y corrupción de memoria) a través de una entrada manipulada en un archivo tar. An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015&# • CWE-189: Numeric Errors CWE-787: Out-of-bounds Write •