cvelistv5 - cve-2015-6990

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:36:34.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2015-10-21-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
          },
          {
            "name": "APPLE-SA-2015-10-21-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205375"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205370"
          },
          {
            "name": "77263",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/77263"
          },
          {
            "name": "1033929",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033929"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-22T18:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "APPLE-SA-2015-10-21-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
        },
        {
          "name": "APPLE-SA-2015-10-21-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205375"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205370"
        },
        {
          "name": "77263",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/77263"
        },
        {
          "name": "1033929",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033929"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-6990",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2015-10-21-4",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
            },
            {
              "name": "APPLE-SA-2015-10-21-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html"
            },
            {
              "name": "https://support.apple.com/HT205375",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205375"
            },
            {
              "name": "https://support.apple.com/HT205370",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205370"
            },
            {
              "name": "77263",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/77263"
            },
            {
              "name": "1033929",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033929"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2015-6990",
    "datePublished": "2015-10-23T21:00:00",
    "dateReserved": "2015-09-16T00:00:00",
    "dateUpdated": "2024-08-06T07:36:34.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.0.2\", \"matchCriteriaId\": \"80183356-E606-44CE-A2FB-584154EA6B7E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.11.0\", \"matchCriteriaId\": \"82D0EE4D-4866-43A3-89B5-6C9BBD839493\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.\"}, {\"lang\": \"es\", \"value\": \"FontParser en Apple iOS en versiones anteriores a 9.1 y OS X en versiones anteriores a 10.11.1 permite a atacantes remotos ejecutar c\\u00f3digo arbitrario o provocar una denegaci\\u00f3n de servicio (corrupci\\u00f3n de memoria) a trav\\u00e9s de un archivo de fuente manipulado, una vulnerabilidad diferente a CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010 y CVE-2015-7018.\"}]",
      "id": "CVE-2015-6990",
      "lastModified": "2024-11-21T02:36:00.300",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2015-10-23T21:59:32.467",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/77263\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.securitytracker.com/id/1033929\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/HT205370\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT205375\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/77263\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1033929\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT205370\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT205375\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-6990\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2015-10-23T21:59:32.467\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.\"},{\"lang\":\"es\",\"value\":\"FontParser en Apple iOS en versiones anteriores a 9.1 y OS X en versiones anteriores a 10.11.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un archivo de fuente manipulado, una vulnerabilidad diferente a CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010 y CVE-2015-7018.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.0.2\",\"matchCriteriaId\":\"80183356-E606-44CE-A2FB-584154EA6B7E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.11.0\",\"matchCriteriaId\":\"82D0EE4D-4866-43A3-89B5-6C9BBD839493\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/77263\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.securitytracker.com/id/1033929\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT205370\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT205375\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/77263\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1033929\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT205370\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT205375\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

VAR-201510-0155

Vulnerability from variot - Updated: 2023-12-18 11:48

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, overwrite arbitrary files and cause denial-of-service conditions. in the United States. FontParser is a font parsing component. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2015-10-21-1 iOS 9.1

iOS 9.1 is now available and addresses the following:

Accelerate Framework Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking. CVE-ID CVE-2015-5940 : Apple

Bom Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd at Azimuth Security

CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC

configd Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients. CVE-ID CVE-2015-7015 : PanguTeam

CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team

Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6995 : Ian Beer of Google Project Zero

FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team

GasGauge Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6979 : PanguTeam

Grand Central Dispatch Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed when handling dispatch calls. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple

Graphics Driver Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: A type confusion issue existed in AppleVXD393. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6986 : Proteas of Qihoo 360 Nirvan Team

ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues was addressed through improved metadata validation. CVE-ID CVE-2015-5935 : Apple CVE-2015-5936 : Apple CVE-2015-5937 : Apple CVE-2015-5939 : Apple

IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero

IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop)

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE-ID CVE-2015-7004 : Sergi Alvarez (pancake) of NowSecure Research Team

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: An uninitialized memory issue existed in the kernel. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-6988 : The Brainy Code Scanner (m00nbsd)

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An issue existed when reusing virtual memory. This issue was addressed through improved validation. CVE-ID CVE-2015-6994 : Mark Mentovai of Google Inc.

Notification Center Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Phone and Messages notifications may appear on the lock screen even when disabled Description: When "Show on Lock Screen" was turned off for Phone or Messages, configuration changes were not immediately applied. This issue was addressed through improved state management. CVE-ID CVE-2015-7000 : William Redwood of Hampton School

OpenGL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in OpenGL. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5924 : Apple

Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to overwrite arbitrary files Description: A double free issue existed in the handling of AtomicBufferedFile descriptors. This issue was addressed through improved validation of AtomicBufferedFile descriptors. CVE-ID CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey Ulanov from the Chrome Team

Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to make a revoked certificate appear valid Description: A validation issue existed in the OCSP client. This issue was addressed by checking the OCSP certificate's expiration time. CVE-ID CVE-2015-6999 : Apple

Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-6997 : Apple

Telephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the authorization checks for querying phone call status. This issue was addressed through additional authorization state queries. CVE-ID CVE-2015-7022 : Andreas Kurtz of NESO Security Labs

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5928 : Apple CVE-2015-5929 : Apple CVE-2015-5930 : Apple CVE-2015-6981 CVE-2015-6982 CVE-2015-7002 : Apple CVE-2015-7005 : Apple CVE-2015-7012 : Apple CVE-2015-7014

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "9.1".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWJuKaAAoJEBcWfLTuOo7tstUP/2wSpPm4N88k8i6mqMZLIp4q 8sat980JOOzTfG+ZNNyBGliULqhDAAamIo5wnonrEguy6Slr24fHz9CY969t5b9+ juzZu8QSrS5GGrK4WJL1klyJCPK65EPW+gqK97lntFcjeUPVOHCHCwuGUfOj4+AH fc7EjlWm7ED3QuKiY7hLD1DQq/y9WWNMNKGDxwkaVYAUQ7vccDNPppH4G+bdP4oz KRR58XlJZ2RGuuN6NR/TKVlbm8HM1i0pXpRo7yO4ZDd4p/QrGdY7UUndng6WZpQn txC00efGPSQA5WxHXwbDQeAI+rqYA0Bi0yJEuWdD9hfSgC0lZ8/G2qz8FrjfdEgJ FnugvjHMZ4vz461oo8+ee0Yfy62hgfilHL73KpPJcYoQQCeuNhiLpP61gUInhgqY uSRxO+EVtLk5hPIxRFcQbQmeJn2qS+04jXD8r05D9piUuyNmRf6FoLFs068SrRcQ LP2sppSl6aW46hAuXIaMwxsbz5vO0GatB5Y4MWDVsxUu5UNHuBPzkX5w2zjeVsZ5 lydJPTQvcfOihWBjJyVXhQWg+thT2h0tybKFfz9fnBqpOY+QjQr5TtQOs5bghp06 bp/CcN4S1GKkwkZ7zx69ZyIP48HTDcD5gxJKqFwdDmy1u939lXP0h3y9uQkBj5Pa 6gEixmcvOvkvoTisU8Gf =E3lA -----END PGP SIGNATURE-----

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201510-0155",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.0"
      },
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.1   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.1   (iphone 4s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.1   (ipod touch no.  5 after generation )"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.11.0"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "77263"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005554"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6990"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-539"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.11.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-6990"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Hu",
    "sources": [
      {
        "db": "BID",
        "id": "77263"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-6990",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-6990",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-84951",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-6990",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201510-539",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-84951",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84951"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005554"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6990"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-539"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. \nAttackers can exploit these  issues to execute arbitrary code, bypass  security  restrictions, overwrite arbitrary files and cause  denial-of-service conditions. in the United States. FontParser is a font parsing component. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-10-21-1 iOS 9.1\n\niOS 9.1 is now available and addresses the following:\n\nAccelerate Framework\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue existed in the Accelerate\nFramework in multi-threading mode. This issue was addressed through\nimproved accessor element validation and improved object locking. \nCVE-ID\nCVE-2015-5940 : Apple\n\nBom\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Unpacking a maliciously crafted archive may lead to\narbitrary code execution\nDescription:  A file traversal vulnerability existed in the handling\nof CPIO archives. This issue was addressed through improved\nvalidation of metadata. \nCVE-ID\nCVE-2015-7006 : Mark Dowd at Azimuth Security\n\nCFNetwork\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to cookies\nbeing overwritten\nDescription:  A parsing issue existed when handling cookies with\ndifferent letter casing. This issue was addressed through improved\nparsing. \nCVE-ID\nCVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of\nTsinghua University, Jian Jiang of University of California,\nBerkeley, Haixin Duan of Tsinghua University and International\nComputer Science Institute, Shuo Chen of Microsoft Research Redmond,\nTao Wan of Huawei Canada, Nicholas Weaver of International Computer\nScience Institute and University of California, Berkeley, coordinated\nvia CERT/CC\n\nconfigd\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to elevate privileges\nDescription:  A heap based buffer overflow issue existed in the DNS\nclient library. A malicious application with the ability to spoof\nresponses from the local configd service may have been able to cause\narbitrary code execution in DNS clients. \nCVE-ID\nCVE-2015-7015 : PanguTeam\n\nCoreGraphics\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Multiple memory corruption issues existed in\nCoreGraphics. These issues were addressed through improved memory\nhandling. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team\n\nDisk Images\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in the parsing of\ndisk images. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-6995 : Ian Beer of Google Project Zero\n\nFontParser\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-5927 : Apple\nCVE-2015-5942\nCVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP\u0027s Zero\nDay Initiative\nCVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team\n\nGasGauge\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-6979 : PanguTeam\n\nGrand Central Dispatch\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Processing a maliciously crafted package may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed when handling\ndispatch calls. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-6989 : Apple\n\nGraphics Driver\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Executing a malicious application may result in arbitrary\ncode execution within the kernel\nDescription:  A type confusion issue existed in AppleVXD393. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-6986 : Proteas of Qihoo 360 Nirvan Team\n\nImageIO\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Viewing a maliciously crafted image file may lead to\narbitrary code execution\nDescription:  Multiple memory corruption issues existed in the\nparsing of image metadata. These issues was addressed through\nimproved metadata validation. \nCVE-ID\nCVE-2015-5935 : Apple\nCVE-2015-5936 : Apple\nCVE-2015-5937 : Apple\nCVE-2015-5939 : Apple\n\nIOAcceleratorFamily\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in\nIOAcceleratorFamily. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-6996 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-6974 : Luca Todesco (@qwertyoruiop)\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local application may be able to cause a denial of service\nDescription:  An input validation issue existed in the kernel. This\nissue was addressed through improved input validation. \nCVE-ID\nCVE-2015-7004 : Sergi Alvarez (pancake) of NowSecure Research Team\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription:  An uninitialized memory issue existed in the kernel. \nThis issue was addressed through improved memory initialization. \nCVE-ID\nCVE-2015-6988 : The Brainy Code Scanner (m00nbsd)\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local application may be able to cause a denial of service\nDescription:  An issue existed when reusing virtual memory. This\nissue was addressed through improved validation. \nCVE-ID\nCVE-2015-6994 : Mark Mentovai of Google Inc. \n\nNotification Center\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Phone and Messages notifications may appear on the lock\nscreen even when disabled\nDescription:  When \"Show on Lock Screen\" was turned off for Phone or\nMessages, configuration changes were not immediately applied. This\nissue was addressed through improved state management. \nCVE-ID\nCVE-2015-7000 : William Redwood of Hampton School\n\nOpenGL\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue existed in OpenGL. This issue\nwas addressed through improved memory handling. \nCVE-ID\nCVE-2015-5924 : Apple\n\nSecurity\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to overwrite arbitrary\nfiles\nDescription:  A double free issue existed in the handling of\nAtomicBufferedFile descriptors. This issue was addressed through\nimproved validation of AtomicBufferedFile descriptors. \nCVE-ID\nCVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey\nUlanov from the Chrome Team\n\nSecurity\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker may be able to make a revoked certificate appear\nvalid\nDescription:  A validation issue existed in the OCSP client. This\nissue was addressed by checking the OCSP certificate\u0027s expiration\ntime. \nCVE-ID\nCVE-2015-6999 : Apple\n\nSecurity\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A trust evaluation configured to require revocation checking\nmay succeed even if revocation checking fails\nDescription:  The kSecRevocationRequirePositiveResponse flag was\nspecified but not implemented. This issue was addressed by\nimplementing the flag. \nCVE-ID\nCVE-2015-6997 : Apple\n\nTelephony\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to leak sensitive user\ninformation\nDescription:  An issue existed in the authorization checks for\nquerying phone call status. This issue was addressed through\nadditional authorization state queries. \nCVE-ID\nCVE-2015-7022 : Andreas Kurtz of NESO Security Labs\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5928 : Apple\nCVE-2015-5929 : Apple\nCVE-2015-5930 : Apple\nCVE-2015-6981\nCVE-2015-6982\nCVE-2015-7002 : Apple\nCVE-2015-7005 : Apple\nCVE-2015-7012 : Apple\nCVE-2015-7014\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"9.1\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJWJuKaAAoJEBcWfLTuOo7tstUP/2wSpPm4N88k8i6mqMZLIp4q\n8sat980JOOzTfG+ZNNyBGliULqhDAAamIo5wnonrEguy6Slr24fHz9CY969t5b9+\njuzZu8QSrS5GGrK4WJL1klyJCPK65EPW+gqK97lntFcjeUPVOHCHCwuGUfOj4+AH\nfc7EjlWm7ED3QuKiY7hLD1DQq/y9WWNMNKGDxwkaVYAUQ7vccDNPppH4G+bdP4oz\nKRR58XlJZ2RGuuN6NR/TKVlbm8HM1i0pXpRo7yO4ZDd4p/QrGdY7UUndng6WZpQn\ntxC00efGPSQA5WxHXwbDQeAI+rqYA0Bi0yJEuWdD9hfSgC0lZ8/G2qz8FrjfdEgJ\nFnugvjHMZ4vz461oo8+ee0Yfy62hgfilHL73KpPJcYoQQCeuNhiLpP61gUInhgqY\nuSRxO+EVtLk5hPIxRFcQbQmeJn2qS+04jXD8r05D9piUuyNmRf6FoLFs068SrRcQ\nLP2sppSl6aW46hAuXIaMwxsbz5vO0GatB5Y4MWDVsxUu5UNHuBPzkX5w2zjeVsZ5\nlydJPTQvcfOihWBjJyVXhQWg+thT2h0tybKFfz9fnBqpOY+QjQr5TtQOs5bghp06\nbp/CcN4S1GKkwkZ7zx69ZyIP48HTDcD5gxJKqFwdDmy1u939lXP0h3y9uQkBj5Pa\n6gEixmcvOvkvoTisU8Gf\n=E3lA\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-6990"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005554"
      },
      {
        "db": "BID",
        "id": "77263"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84951"
      },
      {
        "db": "PACKETSTORM",
        "id": "134044"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-6990",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "77263",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1033929",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU92655282",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005554",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-539",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-84951",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134044",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84951"
      },
      {
        "db": "BID",
        "id": "77263"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005554"
      },
      {
        "db": "PACKETSTORM",
        "id": "134044"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6990"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-539"
      }
    ]
  },
  "id": "VAR-201510-0155",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84951"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:48:44.080000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht201222"
      },
      {
        "title": "APPLE-SA-2015-10-21-1 iOS 9.1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00002.html"
      },
      {
        "title": "APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00005.html"
      },
      {
        "title": "HT205375",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205375"
      },
      {
        "title": "HT205370",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205370"
      },
      {
        "title": "HT205370",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205370"
      },
      {
        "title": "HT205375",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205375"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005554"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84951"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005554"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6990"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00005.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht205370"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht205375"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/77263"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1033929"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6990"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu92655282/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6990"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipad/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/iphone/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipodtouch/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5925"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6991"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5936"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6979"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6982"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6977"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6983"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5924"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6978"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6986"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5935"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6975"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5942"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6981"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5940"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5927"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6992"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6989"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5939"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6990"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5930"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5928"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6988"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6974"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5929"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6976"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5926"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5937"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84951"
      },
      {
        "db": "BID",
        "id": "77263"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005554"
      },
      {
        "db": "PACKETSTORM",
        "id": "134044"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6990"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-539"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-84951"
      },
      {
        "db": "BID",
        "id": "77263"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005554"
      },
      {
        "db": "PACKETSTORM",
        "id": "134044"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6990"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-539"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-10-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-84951"
      },
      {
        "date": "2015-10-21T00:00:00",
        "db": "BID",
        "id": "77263"
      },
      {
        "date": "2015-10-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005554"
      },
      {
        "date": "2015-10-21T14:44:44",
        "db": "PACKETSTORM",
        "id": "134044"
      },
      {
        "date": "2015-10-23T21:59:32.467000",
        "db": "NVD",
        "id": "CVE-2015-6990"
      },
      {
        "date": "2015-10-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201510-539"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-84951"
      },
      {
        "date": "2016-01-12T02:01:00",
        "db": "BID",
        "id": "77263"
      },
      {
        "date": "2015-10-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005554"
      },
      {
        "date": "2016-12-24T02:59:34.777000",
        "db": "NVD",
        "id": "CVE-2015-6990"
      },
      {
        "date": "2015-10-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201510-539"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-539"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS and  OS X of  FontParser Vulnerabilities in arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005554"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-539"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2015-6990

Vulnerability from fkie_nvd - Published: 2015-10-23 21:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html	Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/77263
product-security@apple.com	http://www.securitytracker.com/id/1033929
product-security@apple.com	https://support.apple.com/HT205370	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT205375	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/77263
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033929
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205370	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205375	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	iphone_os	*
	apple	mac_os_x	*

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "80183356-E606-44CE-A2FB-584154EA6B7E",
              "versionEndIncluding": "9.0.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82D0EE4D-4866-43A3-89B5-6C9BBD839493",
              "versionEndIncluding": "10.11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018."
    },
    {
      "lang": "es",
      "value": "FontParser en Apple iOS en versiones anteriores a 9.1 y OS X en versiones anteriores a 10.11.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un archivo de fuente manipulado, una vulnerabilidad diferente a CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010 y CVE-2015-7018."
    }
  ],
  "id": "CVE-2015-6990",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-10-23T21:59:32.467",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securityfocus.com/bid/77263"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1033929"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205370"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205375"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/77263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033929"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205375"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2015-6990

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-6990

Aliases

CVE-2015-6990

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-6990",
    "description": "FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.",
    "id": "GSD-2015-6990"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-6990"
      ],
      "details": "FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.",
      "id": "GSD-2015-6990",
      "modified": "2023-12-13T01:20:04.110315Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2015-6990",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2015-10-21-4",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
          },
          {
            "name": "APPLE-SA-2015-10-21-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html"
          },
          {
            "name": "https://support.apple.com/HT205375",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT205375"
          },
          {
            "name": "https://support.apple.com/HT205370",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT205370"
          },
          {
            "name": "77263",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/77263"
          },
          {
            "name": "1033929",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1033929"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.11.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-6990"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2015-10-21-1",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html"
            },
            {
              "name": "https://support.apple.com/HT205370",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT205370"
            },
            {
              "name": "https://support.apple.com/HT205375",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT205375"
            },
            {
              "name": "APPLE-SA-2015-10-21-4",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
            },
            {
              "name": "77263",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/77263"
            },
            {
              "name": "1033929",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1033929"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2016-12-24T02:59Z",
      "publishedDate": "2015-10-23T21:59Z"
    }
  }
}

CERTFR-2015-AVI-453

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Apple OSX. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et une exécution de code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	OS X Mavericks versions antérieures à 10.9.5
Apple	N/A	OS X El Capitan versions antérieures à 10.11
Apple	N/A	OS X Yosemite versions antérieures à 10.10.5

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OS X Mavericks versions ant\u00e9rieures \u00e0 10.9.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X El Capitan versions ant\u00e9rieures \u00e0 10.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Yosemite versions ant\u00e9rieures \u00e0 10.10.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-7008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7008"
    },
    {
      "name": "CVE-2015-5943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5943"
    },
    {
      "name": "CVE-2015-6977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6977"
    },
    {
      "name": "CVE-2015-5939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5939"
    },
    {
      "name": "CVE-2015-7010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7010"
    },
    {
      "name": "CVE-2015-7035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7035"
    },
    {
      "name": "CVE-2015-6563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6563"
    },
    {
      "name": "CVE-2015-6996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6996"
    },
    {
      "name": "CVE-2015-7006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7006"
    },
    {
      "name": "CVE-2015-6835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6835"
    },
    {
      "name": "CVE-2015-6983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6983"
    },
    {
      "name": "CVE-2015-6991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6991"
    },
    {
      "name": "CVE-2015-6836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6836"
    },
    {
      "name": "CVE-2015-5933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5933"
    },
    {
      "name": "CVE-2015-5936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5936"
    },
    {
      "name": "CVE-2015-5925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5925"
    },
    {
      "name": "CVE-2015-7021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7021"
    },
    {
      "name": "CVE-2015-5944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5944"
    },
    {
      "name": "CVE-2015-5937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5937"
    },
    {
      "name": "CVE-2015-5942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5942"
    },
    {
      "name": "CVE-2015-6834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6834"
    },
    {
      "name": "CVE-2015-5927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5927"
    },
    {
      "name": "CVE-2015-6995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6995"
    },
    {
      "name": "CVE-2015-5945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5945"
    },
    {
      "name": "CVE-2015-7007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7007"
    },
    {
      "name": "CVE-2015-5935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5935"
    },
    {
      "name": "CVE-2015-6976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6976"
    },
    {
      "name": "CVE-2015-7003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7003"
    },
    {
      "name": "CVE-2015-6978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6978"
    },
    {
      "name": "CVE-2015-6984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6984"
    },
    {
      "name": "CVE-2015-0273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0273"
    },
    {
      "name": "CVE-2015-7018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7018"
    },
    {
      "name": "CVE-2015-5924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5924"
    },
    {
      "name": "CVE-2015-6838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6838"
    },
    {
      "name": "CVE-2015-6974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6974"
    },
    {
      "name": "CVE-2015-6985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6985"
    },
    {
      "name": "CVE-2015-7016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7016"
    },
    {
      "name": "CVE-2015-6994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6994"
    },
    {
      "name": "CVE-2015-6990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6990"
    },
    {
      "name": "CVE-2015-7017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7017"
    },
    {
      "name": "CVE-2015-5926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5926"
    },
    {
      "name": "CVE-2015-7020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7020"
    },
    {
      "name": "CVE-2015-5938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5938"
    },
    {
      "name": "CVE-2015-6988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6988"
    },
    {
      "name": "CVE-2012-6151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
    },
    {
      "name": "CVE-2015-7009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7009"
    },
    {
      "name": "CVE-2015-5932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5932"
    },
    {
      "name": "CVE-2015-6975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6975"
    },
    {
      "name": "CVE-2015-6987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6987"
    },
    {
      "name": "CVE-2015-5940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5940"
    },
    {
      "name": "CVE-2015-7015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7015"
    },
    {
      "name": "CVE-2015-6989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6989"
    },
    {
      "name": "CVE-2015-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
    },
    {
      "name": "CVE-2015-6837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6837"
    },
    {
      "name": "CVE-2015-6992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6992"
    },
    {
      "name": "CVE-2014-3565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3565"
    },
    {
      "name": "CVE-2015-5934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5934"
    },
    {
      "name": "CVE-2015-7023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7023"
    },
    {
      "name": "CVE-2015-6993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6993"
    },
    {
      "name": "CVE-2015-7019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7019"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-453",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-10-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OSX\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0 distance et une ex\u00e9cution\nde code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OSX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 21 octobre 2015",
      "url": "https://support.apple.com/fr-fr/HT205375"
    }
  ]
}

CERTFR-2015-AVI-452

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Apple iOS. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

IOS 9.x versions antérieures à 9.1

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eIOS 9.x versions ant\u00e9rieures \u00e0 9.1\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-5929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5929"
    },
    {
      "name": "CVE-2015-7008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7008"
    },
    {
      "name": "CVE-2015-6977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6977"
    },
    {
      "name": "CVE-2015-5939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5939"
    },
    {
      "name": "CVE-2015-7010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7010"
    },
    {
      "name": "CVE-2015-6997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6997"
    },
    {
      "name": "CVE-2015-6996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6996"
    },
    {
      "name": "CVE-2015-7006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7006"
    },
    {
      "name": "CVE-2015-6983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6983"
    },
    {
      "name": "CVE-2015-5928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5928"
    },
    {
      "name": "CVE-2015-6991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6991"
    },
    {
      "name": "CVE-2015-7004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7004"
    },
    {
      "name": "CVE-2015-6981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6981"
    },
    {
      "name": "CVE-2015-5936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5936"
    },
    {
      "name": "CVE-2015-5925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5925"
    },
    {
      "name": "CVE-2015-5937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5937"
    },
    {
      "name": "CVE-2015-6986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6986"
    },
    {
      "name": "CVE-2015-5942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5942"
    },
    {
      "name": "CVE-2015-7005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7005"
    },
    {
      "name": "CVE-2015-5927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5927"
    },
    {
      "name": "CVE-2015-6995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6995"
    },
    {
      "name": "CVE-2015-5935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5935"
    },
    {
      "name": "CVE-2015-6976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6976"
    },
    {
      "name": "CVE-2015-6978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6978"
    },
    {
      "name": "CVE-2015-7018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7018"
    },
    {
      "name": "CVE-2015-5924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5924"
    },
    {
      "name": "CVE-2015-6974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6974"
    },
    {
      "name": "CVE-2015-6994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6994"
    },
    {
      "name": "CVE-2015-6990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6990"
    },
    {
      "name": "CVE-2015-7017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7017"
    },
    {
      "name": "CVE-2015-5926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5926"
    },
    {
      "name": "CVE-2015-7014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7014"
    },
    {
      "name": "CVE-2015-6988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6988"
    },
    {
      "name": "CVE-2015-7009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7009"
    },
    {
      "name": "CVE-2015-6999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6999"
    },
    {
      "name": "CVE-2015-7002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7002"
    },
    {
      "name": "CVE-2015-6975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6975"
    },
    {
      "name": "CVE-2015-5940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5940"
    },
    {
      "name": "CVE-2015-7015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7015"
    },
    {
      "name": "CVE-2015-6989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6989"
    },
    {
      "name": "CVE-2015-7022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7022"
    },
    {
      "name": "CVE-2015-6979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6979"
    },
    {
      "name": "CVE-2015-6992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6992"
    },
    {
      "name": "CVE-2015-6982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6982"
    },
    {
      "name": "CVE-2015-7000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7000"
    },
    {
      "name": "CVE-2015-7023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7023"
    },
    {
      "name": "CVE-2015-7012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7012"
    },
    {
      "name": "CVE-2015-5930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5930"
    },
    {
      "name": "CVE-2015-6993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6993"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-452",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-10-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple iOS\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 21 octobre 2015",
      "url": "https://support.apple.com/fr-fr/HT205370"
    }
  ]
}

CERTFR-2015-AVI-452

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

IOS 9.x versions antérieures à 9.1

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eIOS 9.x versions ant\u00e9rieures \u00e0 9.1\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-5929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5929"
    },
    {
      "name": "CVE-2015-7008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7008"
    },
    {
      "name": "CVE-2015-6977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6977"
    },
    {
      "name": "CVE-2015-5939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5939"
    },
    {
      "name": "CVE-2015-7010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7010"
    },
    {
      "name": "CVE-2015-6997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6997"
    },
    {
      "name": "CVE-2015-6996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6996"
    },
    {
      "name": "CVE-2015-7006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7006"
    },
    {
      "name": "CVE-2015-6983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6983"
    },
    {
      "name": "CVE-2015-5928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5928"
    },
    {
      "name": "CVE-2015-6991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6991"
    },
    {
      "name": "CVE-2015-7004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7004"
    },
    {
      "name": "CVE-2015-6981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6981"
    },
    {
      "name": "CVE-2015-5936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5936"
    },
    {
      "name": "CVE-2015-5925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5925"
    },
    {
      "name": "CVE-2015-5937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5937"
    },
    {
      "name": "CVE-2015-6986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6986"
    },
    {
      "name": "CVE-2015-5942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5942"
    },
    {
      "name": "CVE-2015-7005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7005"
    },
    {
      "name": "CVE-2015-5927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5927"
    },
    {
      "name": "CVE-2015-6995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6995"
    },
    {
      "name": "CVE-2015-5935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5935"
    },
    {
      "name": "CVE-2015-6976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6976"
    },
    {
      "name": "CVE-2015-6978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6978"
    },
    {
      "name": "CVE-2015-7018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7018"
    },
    {
      "name": "CVE-2015-5924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5924"
    },
    {
      "name": "CVE-2015-6974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6974"
    },
    {
      "name": "CVE-2015-6994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6994"
    },
    {
      "name": "CVE-2015-6990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6990"
    },
    {
      "name": "CVE-2015-7017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7017"
    },
    {
      "name": "CVE-2015-5926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5926"
    },
    {
      "name": "CVE-2015-7014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7014"
    },
    {
      "name": "CVE-2015-6988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6988"
    },
    {
      "name": "CVE-2015-7009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7009"
    },
    {
      "name": "CVE-2015-6999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6999"
    },
    {
      "name": "CVE-2015-7002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7002"
    },
    {
      "name": "CVE-2015-6975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6975"
    },
    {
      "name": "CVE-2015-5940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5940"
    },
    {
      "name": "CVE-2015-7015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7015"
    },
    {
      "name": "CVE-2015-6989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6989"
    },
    {
      "name": "CVE-2015-7022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7022"
    },
    {
      "name": "CVE-2015-6979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6979"
    },
    {
      "name": "CVE-2015-6992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6992"
    },
    {
      "name": "CVE-2015-6982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6982"
    },
    {
      "name": "CVE-2015-7000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7000"
    },
    {
      "name": "CVE-2015-7023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7023"
    },
    {
      "name": "CVE-2015-7012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7012"
    },
    {
      "name": "CVE-2015-5930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5930"
    },
    {
      "name": "CVE-2015-6993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6993"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-452",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-10-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple iOS\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 21 octobre 2015",
      "url": "https://support.apple.com/fr-fr/HT205370"
    }
  ]
}

CERTFR-2015-AVI-453

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	OS X Mavericks versions antérieures à 10.9.5
Apple	N/A	OS X El Capitan versions antérieures à 10.11
Apple	N/A	OS X Yosemite versions antérieures à 10.10.5

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OS X Mavericks versions ant\u00e9rieures \u00e0 10.9.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X El Capitan versions ant\u00e9rieures \u00e0 10.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Yosemite versions ant\u00e9rieures \u00e0 10.10.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-7008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7008"
    },
    {
      "name": "CVE-2015-5943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5943"
    },
    {
      "name": "CVE-2015-6977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6977"
    },
    {
      "name": "CVE-2015-5939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5939"
    },
    {
      "name": "CVE-2015-7010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7010"
    },
    {
      "name": "CVE-2015-7035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7035"
    },
    {
      "name": "CVE-2015-6563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6563"
    },
    {
      "name": "CVE-2015-6996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6996"
    },
    {
      "name": "CVE-2015-7006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7006"
    },
    {
      "name": "CVE-2015-6835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6835"
    },
    {
      "name": "CVE-2015-6983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6983"
    },
    {
      "name": "CVE-2015-6991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6991"
    },
    {
      "name": "CVE-2015-6836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6836"
    },
    {
      "name": "CVE-2015-5933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5933"
    },
    {
      "name": "CVE-2015-5936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5936"
    },
    {
      "name": "CVE-2015-5925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5925"
    },
    {
      "name": "CVE-2015-7021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7021"
    },
    {
      "name": "CVE-2015-5944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5944"
    },
    {
      "name": "CVE-2015-5937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5937"
    },
    {
      "name": "CVE-2015-5942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5942"
    },
    {
      "name": "CVE-2015-6834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6834"
    },
    {
      "name": "CVE-2015-5927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5927"
    },
    {
      "name": "CVE-2015-6995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6995"
    },
    {
      "name": "CVE-2015-5945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5945"
    },
    {
      "name": "CVE-2015-7007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7007"
    },
    {
      "name": "CVE-2015-5935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5935"
    },
    {
      "name": "CVE-2015-6976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6976"
    },
    {
      "name": "CVE-2015-7003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7003"
    },
    {
      "name": "CVE-2015-6978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6978"
    },
    {
      "name": "CVE-2015-6984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6984"
    },
    {
      "name": "CVE-2015-0273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0273"
    },
    {
      "name": "CVE-2015-7018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7018"
    },
    {
      "name": "CVE-2015-5924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5924"
    },
    {
      "name": "CVE-2015-6838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6838"
    },
    {
      "name": "CVE-2015-6974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6974"
    },
    {
      "name": "CVE-2015-6985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6985"
    },
    {
      "name": "CVE-2015-7016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7016"
    },
    {
      "name": "CVE-2015-6994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6994"
    },
    {
      "name": "CVE-2015-6990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6990"
    },
    {
      "name": "CVE-2015-7017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7017"
    },
    {
      "name": "CVE-2015-5926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5926"
    },
    {
      "name": "CVE-2015-7020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7020"
    },
    {
      "name": "CVE-2015-5938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5938"
    },
    {
      "name": "CVE-2015-6988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6988"
    },
    {
      "name": "CVE-2012-6151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
    },
    {
      "name": "CVE-2015-7009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7009"
    },
    {
      "name": "CVE-2015-5932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5932"
    },
    {
      "name": "CVE-2015-6975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6975"
    },
    {
      "name": "CVE-2015-6987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6987"
    },
    {
      "name": "CVE-2015-5940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5940"
    },
    {
      "name": "CVE-2015-7015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7015"
    },
    {
      "name": "CVE-2015-6989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6989"
    },
    {
      "name": "CVE-2015-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
    },
    {
      "name": "CVE-2015-6837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6837"
    },
    {
      "name": "CVE-2015-6992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6992"
    },
    {
      "name": "CVE-2014-3565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3565"
    },
    {
      "name": "CVE-2015-5934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5934"
    },
    {
      "name": "CVE-2015-7023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7023"
    },
    {
      "name": "CVE-2015-6993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6993"
    },
    {
      "name": "CVE-2015-7019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7019"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-453",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-10-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OSX\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0 distance et une ex\u00e9cution\nde code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OSX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 21 octobre 2015",
      "url": "https://support.apple.com/fr-fr/HT205375"
    }
  ]
}

GHSA-VPG8-3H42-CFGH

Vulnerability from github – Published: 2022-05-17 03:15 – Updated: 2022-05-17 03:15

Details

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-6990"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-10-23T21:59:00Z",
    "severity": "MODERATE"
  },
  "details": "FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.",
  "id": "GHSA-vpg8-3h42-cfgh",
  "modified": "2022-05-17T03:15:41Z",
  "published": "2022-05-17T03:15:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6990"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT205370"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT205375"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/77263"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033929"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2015-07147

Vulnerability from cnvd - Published: 2015-11-03

Title

Apple iOS拒绝服务漏洞（CNVD-2015-07147）

Description

Apple iOS是由苹果公司开发的手持设备操作系统。 Apple iOS 9.1之前的版本，OS X 10.11.1之前的版本，存在拒绝服务漏洞。允许远程攻击者通过制作的字体文件执行任意代码或导致拒绝服务。

Severity

中

Patch Name

Apple iOS拒绝服务漏洞（CNVD-2015-07147）的补丁

Patch Description

Apple iOS是由苹果公司开发的手持设备操作系统。 Apple iOS 9.1之前的版本，OS X 10.11.1之前的版本，存在拒绝服务漏洞。允许远程攻击者通过制作的字体文件，执行任意代码或导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： https://support.apple.com/HT205370

Reference

https://support.apple.com/HT205370

Impacted products

Name
['Apple IOS <9.1', 'Apple OS X <10.11.1']

Show details on source website