CVSS: 1.9EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1145
https://notcve.org/view.php?id=CVE-2015-1145
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146. La implementación Firma de Código (Code Signing) en Apple OS X anterior a 10.10.3 no valida correctamente firmas, lo que permite a usuarios locales evadir las restricciones de acceso a través de un paquete manipulado, una vulnerabilidad diferente a CVE-2015-1146. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://www.securityfocus.com/bid/73982 http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 • CWE-310: Cryptographic Issues •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1098
https://notcve.org/view.php?id=CVE-2015-1098
iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. iWork en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero iWork manipulado. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://www.securityfocus.com/bid/73984 http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://support.apple.com/HT204661 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 36%CPEs: 3EXPL: 0CVE-2015-1105
https://notcve.org/view.php?id=CVE-2015-1105
The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets. La implementación TCP en el kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 no implementa correctamente el mecanismo Urgent (también conocido como datos fuera de banda), lo que permite a atacantes remotos causar una denegación de servicio a través de paquetes manipulados. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https://support.apple.com/kb/HT204870 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 7%CPEs: 3EXPL: 0CVE-2015-1103
https://notcve.org/view.php?id=CVE-2015-1103
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet. kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 hace cambios de rutas en respuesta a mensajes ICMP_REDIRECT, lo que permite a atacantes remotos causar una denegación de servicio (interrupción de red) u obtener información sensible del contenido de paquetes a través de un paquete ICMP manipulado. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https://support.apple.com/kb/HT204870 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 2CVE-2015-1100 – Apple Mac OSX - Local Denial of Service
https://notcve.org/view.php?id=CVE-2015-1100
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app. El kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes causar una denegación de servicio (acceso a memoria fuera de rango) u obtener información sensible del contenido de la memoria a través de una aplicación manipulada. • https://www.exploit-db.com/exploits/36814 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://m00nbsd.net/garbage/Mac-OS-X_Fat-DoS.txt http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https://support.apple.co • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •