var-201512-0136
Vulnerability from variot
The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image. Apple Mac OS X and tvOS are prone to multiple security bypass and memory corruption vulnerabilities. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. Both Apple iOS and tvOS are products of Apple Inc. in the United States. The former is an operating system developed for mobile devices. The latter is a smart TV operating system. Disk Images is one of the disk image format components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0136",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.4,
"vendor": "apple",
"version": "10.11.1"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.11.1"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.11"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.1 (apple tv first 4 generation )"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "9.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11"
},
{
"model": "tvos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.2"
},
{
"model": "mac os security update",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x2015"
}
],
"sources": [
{
"db": "BID",
"id": "78733"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006320"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-390"
},
{
"db": "NVD",
"id": "CVE-2015-7110"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006320"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luyi Xing and XiaoFeng Wang of Indiana University Bloomington, Xiaolong Bai of Indiana University Bloomington and Tsinghua University, Tongxin Li of Peking University, Kai Chen of Indiana University Bloomington and Institute of Information Engineering, Xia",
"sources": [
{
"db": "BID",
"id": "78733"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7110",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2015-7110",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-85071",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7110",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-7110",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-390",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85071",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85071"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006320"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-390"
},
{
"db": "NVD",
"id": "CVE-2015-7110"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image. Apple Mac OS X and tvOS are prone to multiple security bypass and memory corruption vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code, bypass security restrictions and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. Both Apple iOS and tvOS are products of Apple Inc. in the United States. The former is an operating system developed for mobile devices. The latter is a smart TV operating system. Disk Images is one of the disk image format components",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7110"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006320"
},
{
"db": "BID",
"id": "78733"
},
{
"db": "VULHUB",
"id": "VHN-85071"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-85071",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85071"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7110",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1034344",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "39365",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU97526033",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006320",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-390",
"trust": 0.7
},
{
"db": "BID",
"id": "78733",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "135437",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-85071",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85071"
},
{
"db": "BID",
"id": "78733"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006320"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-390"
},
{
"db": "NVD",
"id": "CVE-2015-7110"
}
]
},
"id": "VAR-201512-0136",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85071"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:32:12.960000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
},
{
"title": "APPLE-SA-2015-12-08-2 tvOS 9.1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
},
{
"title": "HT205640",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT205640"
},
{
"title": "HT205637",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT205637"
},
{
"title": "HT205640",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT205640"
},
{
"title": "HT205637",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT205637"
},
{
"title": "Apple iOS and tvOS Disk Images Fixes for component buffer overflow vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59208"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006320"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-390"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85071"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006320"
},
{
"db": "NVD",
"id": "CVE-2015-7110"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00005.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht205637"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht205640"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/39365/"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034344"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7110"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97526033/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7110"
},
{
"trust": 0.3,
"url": "http://www.apple.com/accessibility/tvos/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85071"
},
{
"db": "BID",
"id": "78733"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006320"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-390"
},
{
"db": "NVD",
"id": "CVE-2015-7110"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-85071"
},
{
"db": "BID",
"id": "78733"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006320"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-390"
},
{
"db": "NVD",
"id": "CVE-2015-7110"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-11T00:00:00",
"db": "VULHUB",
"id": "VHN-85071"
},
{
"date": "2015-12-08T00:00:00",
"db": "BID",
"id": "78733"
},
{
"date": "2015-12-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006320"
},
{
"date": "2015-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-390"
},
{
"date": "2015-12-11T12:00:07.167000",
"db": "NVD",
"id": "CVE-2015-7110"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-85071"
},
{
"date": "2015-12-08T00:00:00",
"db": "BID",
"id": "78733"
},
{
"date": "2015-12-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006320"
},
{
"date": "2015-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-390"
},
{
"date": "2024-11-21T02:36:14.717000",
"db": "NVD",
"id": "CVE-2015-7110"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-390"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple OS X and tvOS of Disk Images Vulnerability gained privileges in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006320"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-390"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…