CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1089
https://notcve.org/view.php?id=CVE-2015-1089
CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. CFNetwork en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 no maneja correctamente las cookies durante el procesamiento de las redirecciones en respuestas HTTP, lo que permite a atacantes remotos evadir Same Origin Policy a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://www.securityfocus.com/bid/73984 http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://support.apple.com/HT204661 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 3CVE-2015-1130 – Apple OS X Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-1130
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors. La implementación XPC en Admin Framework en Apple OS X anterior a 10.10.3 permite a usuarios locales evadir la autenticación y obtener privilegios administrativos a través de vectores no especificados. The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges. • https://www.exploit-db.com/exploits/36745 https://www.exploit-db.com/exploits/36692 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://www.osvdb.org/120418 http://www.securityfocus.com/bid/73982 http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x • CWE-254: 7PK - Security Features •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1101 – Apple OS X XNU HFS_GETPATH Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2015-1101
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within XNU HFS_GETPATH. This does not check the length of an attacker-supplied string before copying it into a fixed length buffer. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https://support.apple.com/kb/HT204870 •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 1CVE-2014-8130 – libtiff: divide by zero in the tiffdither tool
https://notcve.org/view.php?id=CVE-2014-8130
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. La función _TIFFmalloc en tif_unix.c en LibTIFF 4.0.3 no rechaza un tamaño cero, lo que permite que atacantes remotos provoquen una denegación de servicio (error de división entre cero y cierre inesperado de la aplicación) mediante una imagen TIFF manipulada que es gestionada incorrectamente por la función TIFFWriteScanline en tif_write.c, tal y como demuestra tiffdither. • http://bugzilla.maptools.org/show_bug.cgi?id=2483 http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://openwall.com/lists/oss-security/2015/01/24/15 http://rhn.redhat.com/errata/RHSA-2016-1546.html http://rhn.redhat.com/errata/RHSA-2016-1547.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204942 http://www.conostix.com/pub/adv/CVE-2014-8130 • CWE-369: Divide By Zero •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 2CVE-2014-8129 – libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf
https://notcve.org/view.php?id=CVE-2014-8129
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c. LibTIFF 4.0.3 permite que atacantes remotos provoquen una denegación de servicio (escritura fuera de límites) u otro tipo de impacto sin especificar mediante una imagen TIFF manipulada. Esto se demuestra por el fracaso de tif_next.c a la hora de verificar que el valor de BitsPerSample es 2 y la función t2p_sample_lab_signed_to_unsigned en tiff2pdf.c. • http://bugzilla.maptools.org/show_bug.cgi?id=2487 http://bugzilla.maptools.org/show_bug.cgi?id=2488 http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://openwall.com/lists/oss-security/2015/01/24/15 http://rhn.redhat.com/errata/RHSA-2016-1546.html http://rhn.redhat.com/errata/RHSA-2016-1547.html http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT2049 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •