var-201512-0112
Vulnerability from variot
Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlBy local users VM Depending on the problem with the object, you may be able to get permission. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions and perform unauthorized actions. This may aid in other attacks. Hypervisor (also known as virtual machine monitor, VMM) is an intermediate software layer running between the physical server and the operating system, which allows multiple operating systems and applications to share a set of underlying physical hardware. A local attacker could exploit this vulnerability to gain privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0112",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.4,
"vendor": "apple",
"version": "10.11.1"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.11.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.2"
},
{
"model": "mac os security update",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x2015"
}
],
"sources": [
{
"db": "BID",
"id": "78721"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006372"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-366"
},
{
"db": "NVD",
"id": "CVE-2015-7078"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006372"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ian Beer of Google Project Zero,Apple,Juwei Lin of TrendMicro, beist and ABH of BoB, JeongHoon Shin@A.D.D, and MacDefender",
"sources": [
{
"db": "BID",
"id": "78721"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7078",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-7078",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-85039",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7078",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-7078",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-366",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-85039",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85039"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006372"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-366"
},
{
"db": "NVD",
"id": "CVE-2015-7078"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlBy local users VM Depending on the problem with the object, you may be able to get permission. \nAttackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions and perform unauthorized actions. This may aid in other attacks. Hypervisor (also known as virtual machine monitor, VMM) is an intermediate software layer running between the physical server and the operating system, which allows multiple operating systems and applications to share a set of underlying physical hardware. A local attacker could exploit this vulnerability to gain privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7078"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006372"
},
{
"db": "BID",
"id": "78721"
},
{
"db": "VULHUB",
"id": "VHN-85039"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-85039",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85039"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7078",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "39370",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1034344",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU97526033",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006372",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-366",
"trust": 0.7
},
{
"db": "BID",
"id": "78721",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "135432",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-85039",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85039"
},
{
"db": "BID",
"id": "78721"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006372"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-366"
},
{
"db": "NVD",
"id": "CVE-2015-7078"
}
]
},
"id": "VAR-201512-0112",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85039"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:23:49.167000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
},
{
"title": "HT205637",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT205637"
},
{
"title": "HT205637",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT205637"
},
{
"title": "Apple OS X Hypervisor Remediation measures for reusing vulnerabilities after release",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59184"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006372"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-366"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006372"
},
{
"db": "NVD",
"id": "CVE-2015-7078"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00005.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht205637"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/39370/"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034344"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7078"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97526033/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7078"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85039"
},
{
"db": "BID",
"id": "78721"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006372"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-366"
},
{
"db": "NVD",
"id": "CVE-2015-7078"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-85039"
},
{
"db": "BID",
"id": "78721"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006372"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-366"
},
{
"db": "NVD",
"id": "CVE-2015-7078"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-11T00:00:00",
"db": "VULHUB",
"id": "VHN-85039"
},
{
"date": "2015-12-08T00:00:00",
"db": "BID",
"id": "78721"
},
{
"date": "2015-12-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006372"
},
{
"date": "2015-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-366"
},
{
"date": "2015-12-11T11:59:43.610000",
"db": "NVD",
"id": "CVE-2015-7078"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-85039"
},
{
"date": "2015-12-08T00:00:00",
"db": "BID",
"id": "78721"
},
{
"date": "2015-12-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006372"
},
{
"date": "2015-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-366"
},
{
"date": "2024-11-21T02:36:10.977000",
"db": "NVD",
"id": "CVE-2015-7078"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-366"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple OS X Hypervisor vulnerabilities that can be granted privileges",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006372"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-366"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.