This issue was resolved through improved validation.
Impact: Malicious FTP servers may be able to cause the client to perform reconnaissance on other hostsĭescription: An issue existed in the handling of FTP packets when using the PASV command. The issue was address through improved restrictions of cookie creation.ĬVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
Impact: An attacker in a privileged network position can track a user's activityĭescription: A cross-domain cookie issue existed in the handling of top level domains. The complete list of certificates may be viewed at. Impact: Update to the certificate trust policyĭescription: The certificate trust policy was updated. These issues were addressed by updating bash version 3.2 to patch level 57. Taekyoung Kwon), Yonsei University, Seoul, Koreaĭescription: Multiple vulnerabilities existed in bash versions prior to 3.2 patch level 57. This issue issue was addressed through improved memory handling.ĬVE-2015-5862 : YoungJin Yoon of Information Security Lab. Impact: Playing a malicious audio file may lead to an unexpected application terminationĭescription: A memory corruption issue existed in the handling of audio files. This was addressed by improved Apple Event handling.ĬVE-2015-5849 : Jack Lawrence for: Mac OS X v10.6.8 and later Impact: A user connected through screen sharing can send Apple Events to a local user's sessionĭescription: An issue existed with Apple Event filtering that allowed some users to send events to other users. This issue was addressed through improved access control list checks.ĬVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of Indiana University, Tongxin Li of Peking University, Tongxin Li of Peking University, Xiaolong Bai of Tsinghua University Impact: A malicious application may gain access to a user's keychain itemsĭescription: An issue existed in validation of access control lists for iCloud keychain items. This issue was addressed by updating PHP to version 5.5.27. This issue was addressed through improved validation checks.ĭescription: Multiple vulnerabilities existed in PHP versions prior to 5.5.27, including one which may have led to remote code execution.
Impact: An attacker with a privileged network position may be able to extract payload from eSCL packets sent over a secure connectionĭescription: An issue existed in the processing of eSCL packets. This issue was addressed through improved environment variable handling.ĬVE-2015-5897 : Dan Bastone of Gotham Digital Science Impact: A local attacker may be able to inject arbitrary code to processes loading the Address Book frameworkĭescription: An issue existed in Address Book framework's handling of an environment variable. Available for: Mac OS X v10.6.8 and later
0 kommentar(er)
