var-201504-0089
Vulnerability from variot
Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2015-004. The update addresses new vulnerabilities that affect the Admin Framework, ATS, CoreAnimation, Graphics Driver, Hypervisor, ImageIO, IOHIDFamily, Kernel, LaunchServices, UniformTypeIdentifiers, Security - Code Signing, Open Directory Client, and Screen Sharing components. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information and perform other attacks. These issues affect Mac OS X prior to 10.10.3. Hypervisor (also known as virtual machine monitor, VMM) is an intermediate software layer running between the physical server and the operating system, which allows multiple operating systems and applications to share a set of underlying physical hardware. A local attacker could exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0089",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.10.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002188"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-163"
},
{
"db": "NVD",
"id": "CVE-2015-1138"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002188"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple, Emil Kvarnhammar at TrueSec, Ian Beer of Google Project Zero, Frank Graziano and John Villamil of the Yahoo Pentest Team, Izik Eidus and Alex Fishman, lokihardt@ASRT working with HP\u0027s Zero Day Initiative, Luca Todesco, and Ole Andre Vadla Ravnas of",
"sources": [
{
"db": "BID",
"id": "73982"
}
],
"trust": 0.3
},
"cve": "CVE-2015-1138",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-1138",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-79098",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-1138",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-1138",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-163",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-79098",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79098"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002188"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-163"
},
{
"db": "NVD",
"id": "CVE-2015-1138"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2015-004. \nThe update addresses new vulnerabilities that affect the Admin Framework, ATS, CoreAnimation, Graphics Driver, Hypervisor, ImageIO, IOHIDFamily, Kernel, LaunchServices, UniformTypeIdentifiers, Security - Code Signing, Open Directory Client, and Screen Sharing components. \nAttackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information and perform other attacks. \nThese issues affect Mac OS X prior to 10.10.3. Hypervisor (also known as virtual machine monitor, VMM) is an intermediate software layer running between the physical server and the operating system, which allows multiple operating systems and applications to share a set of underlying physical hardware. A local attacker could exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1138"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002188"
},
{
"db": "BID",
"id": "73982"
},
{
"db": "VULHUB",
"id": "VHN-79098"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1138",
"trust": 2.8
},
{
"db": "BID",
"id": "73982",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1032048",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002188",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-163",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-15-121",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-15-165",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-79098",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79098"
},
{
"db": "BID",
"id": "73982"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002188"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-163"
},
{
"db": "NVD",
"id": "CVE-2015-1138"
}
]
},
"id": "VAR-201504-0089",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-79098"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:26:42.975000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"title": "HT204659",
"trust": 0.8,
"url": "http://support.apple.com/en-us/HT204659"
},
{
"title": "HT204659",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT204659"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002188"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79098"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002188"
},
{
"db": "NVD",
"id": "CVE-2015-1138"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht204659"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/73982"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032048"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1138"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1138"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht204659"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-165/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-121/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79098"
},
{
"db": "BID",
"id": "73982"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002188"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-163"
},
{
"db": "NVD",
"id": "CVE-2015-1138"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-79098"
},
{
"db": "BID",
"id": "73982"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002188"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-163"
},
{
"db": "NVD",
"id": "CVE-2015-1138"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-79098"
},
{
"date": "2015-04-08T00:00:00",
"db": "BID",
"id": "73982"
},
{
"date": "2015-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002188"
},
{
"date": "2015-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-163"
},
{
"date": "2015-04-10T14:59:49.573000",
"db": "NVD",
"id": "CVE-2015-1138"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-17T00:00:00",
"db": "VULHUB",
"id": "VHN-79098"
},
{
"date": "2015-05-12T19:47:00",
"db": "BID",
"id": "73982"
},
{
"date": "2015-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002188"
},
{
"date": "2015-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-163"
},
{
"date": "2024-11-21T02:24:45.490000",
"db": "NVD",
"id": "CVE-2015-1138"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-163"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple OS X Service disruption in Japanese hypervisors (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002188"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-163"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…