CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 3CVE-2015-1130 – Apple OS X Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-1130
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors. La implementación XPC en Admin Framework en Apple OS X anterior a 10.10.3 permite a usuarios locales evadir la autenticación y obtener privilegios administrativos a través de vectores no especificados. The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges. • https://www.exploit-db.com/exploits/36745 https://www.exploit-db.com/exploits/36692 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://www.osvdb.org/120418 http://www.securityfocus.com/bid/73982 http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x • CWE-254: 7PK - Security Features •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1101 – Apple OS X XNU HFS_GETPATH Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2015-1101
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within XNU HFS_GETPATH. This does not check the length of an attacker-supplied string before copying it into a fixed length buffer. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https://support.apple.com/kb/HT204870 •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0CVE-2014-8128
https://notcve.org/view.php?id=CVE-2014-8128
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image. LibTIFF versiones anteriores a 4.0.4, como es usado en Apple iOS versiones anteriores a 8.4 y OS X versiones anteriores a 10.10.4 y otros productos, permite a atacantes remotos causar una denegación de servicio (escritura fuera de límites) por medio de una imagen TIFF diseñada. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://openwall.com/lists/oss-security/2015/01/24/15 http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204942 http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt https://bugzilla.redhat.com/show_bug.cgi?id=1185812 • CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 0%CPEs: 60EXPL: 1CVE-2015-2348 – php: move_uploaded_file() NUL byte injection in file name
https://notcve.org/view.php?id=CVE-2015-2348
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. La implementación move_uploaded_file en ext/standard/basic_functions.c en PHP anterior a 5.4.39, 5.5.x anterior a 5.5.23, y 5.6.x anterior a 5.6.7 trunca un nombre de ruta al encontrar un caracter \x00, lo que permite a atacantes remotos evadir las restricciones de extensiones y crear ficheros con nombres no esperados a través de un segundo argumento manipulado. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2006-7243. It was found that PHP move_uploaded_file() function did not properly handle file names with a NULL character. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1291d6bbee93b6109eb07e8f7916ff1b7fcc13e1 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00015.html http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1053.html • CWE-264: Permissions, Privileges, and Access Controls CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVSS: 7.5EPSS: 10%CPEs: 66EXPL: 1CVE-2015-2787 – php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
https://notcve.org/view.php?id=CVE-2015-2787
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. Vulnerabilidad de uso después de liberación en la función process_nested_data en ext/standard/var_unserializer.re en PHP anterior a 5.4.39, 5.5.x anterior a 5.5.23, y 5.6.x anterior a 5.6.7 permite a atacantes remotos ejecutar código arbitrario a través de una llamada no serializada manipulada que aprovecha el uso de la función unset dentro de una función __wakeup, un problema relacionado con CVE-2015-0231. A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00015.html http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1053.html http:// • CWE-416: Use After Free •