VARIoT IoT vulnerabilities database

Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus 7000 devices 6.2(14)S1; Nexus 9000 devices 7.3(0)ZN(0.9); and MDS 9000 devices 6.2 (13) and 7.1(0)ZN(91.99) and MDS SAN-OS 7.1(0)ZN(91.99) allows remote attackers to cause a denial of service (device outage) via a crafted ARP packet, related to incorrect MTU validation, aka Bug IDs CSCuv71933, CSCuv61341, CSCuv61321, CSCuu78074, CSCut37060, CSCuv61266, CSCuv61351, CSCuv61358, and CSCuv61366. Vendors have confirmed this vulnerability Bug ID CSCuv71933 , CSCuv61341 , CSCuv61321 , CSCuu78074 , CSCut37060 , CSCuv61266 , CSCuv61351 , CSCuv61358 ,and CSCuv61366 It is released as.Skillfully crafted by a third party ARP Service disruption via packets ( Stop device ) There is a possibility of being put into a state. Cisco NX-OS is a data center-class operating system from Cisco Systems, Inc. that embodies modular design, resiliency, and maintainability. Multiple Cisco Nexus Devices are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial of service condition, denying service to legitimate users. This issue is being tracked by Cisco bug IDs CSCuv71933, CSCuv61341, CSCuv61321, CSCuu78074, CSCut37060, CSCuv61266, CSCuv61351, CSCuv61358 and CSCuv61366. Cisco Nexus 1000V Switch for VMware vSphere, etc. Cisco Nexus 1000V Switch is a virtual switch product running on the virtual machine platform (VMware vSphere), 3000, 4000, 7000 and 9000 series switches. Cisco MDS SAN-OS Software is an operating system running on fiber optic switches. The vulnerability is caused by the program not correctly validating the ARP packet and maximum transmission unit (MTU) size. The following products and versions are affected: Cisco Nexus 1000V Switch for VMware vSphere version 7.3(0)ZN(0.9); Nexus 1000V Switch for Nexus 3000 Series version 7.3(0)ZN(0.83), version 7.0(3)I2(0.373) , 6.0(2)U5(1.41) version; Nexus 1000V Switch for Nexus 4000 Series 4.1(2)E1(1b) version; Nexus 1000V Switch for Nexus 7000 Series 6.2(14)S1 version; Nexus 1000V Switch for Nexus 9000 Series 7.3 (0)ZN(0.9) version; Cisco MDS 9000 NX-OS Software 6.2 (13) version, 7.1(0)ZN(91.99) Base version; Cisco MDS SAN-OS Software 7.1(0)ZN(91.99) Base version

Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894. Cisco Content Security Management Appliance is prone to a privilege-escalation vulnerability. An attacker can leverage this issue to gain unauthorized access to an affected system with elevated privileges. This issue is being tracked by Cisco Bug ID CSCuv65894. This appliance is mainly used to manage all policies, reports, audit information, etc. of email and web security appliances. The following releases are affected: Cisco SMA Release 8.3.6-039, Release 9.1.0-31, Release 9.1.0-103

OSIsoft PI System is a system based on the enterprise infrastructure of the United States OSIsoft for managing real-time data and events. PI AF Server is the core product of PI System. OSIsoft PI Data Archive is a highly efficient storage and archiving component of PI Server that implements high-performance data retrieval through client software. There are security vulnerabilities in OSIsoft PI Data Archive 2015 versions before 3.4.395.64. An attacker could use this vulnerability to execute arbitrary code with elevated privileges, obtain sensitive information, perform unauthorized operations, and cause a denial of service

Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors. Allen-Bradley MicroLogix 1100 and 1400 The device includes FRAME A vulnerability exists in which the contents of an arbitrary file are inserted into an element. Supplementary information : CWE Vulnerability type by CWE-434: Unrestricted Upload of File with Dangerous Type ( Unlimited upload of dangerous types of files ) Has been identified. http://cwe.mitre.org/data/definitions/434.htmlBy a remotely authenticated user FRAME Any file content may be inserted into the element. The Allen-Bradley MicroLogix 1100 has a file insertion vulnerability in versions prior to B FRN 15.000 and versions prior to 1400 in B FRN 15.003. Rockwell Automation 1766-L32 Series is a 1766-L32 series programmable logic controller (PLC) from Rockwell Automation. A remote file inclusion vulnerability exists in the Rockwell Automation 1766-L32 Series product, which is caused by the program's insufficient filtering of user-submitted input. An attacker could use this vulnerability to obtain sensitive information or execute arbitrary script code in the context of a Web process to control the application. This may allow the attacker to compromise the application; other attacks are also possible

XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485. Vendors have confirmed this vulnerability SAP Security Note 2168485 It is released as. Supplementary information : CWE Vulnerability type by CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (XML Inappropriate restrictions on external entity references ) Has been identified. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks

SAP NetWeaver is prone to an arbitrary file-download vulnerability. An attacker can exploit this issue to download arbitrary files. Information obtained may aid in further attacks.

HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5407. plural HP CentralView There are vulnerabilities in products that can capture important information. This vulnerability CVE-2015-5406 and CVE-2015-5407 Is a different vulnerability.Important information may be obtained by a third party. HP CentralView Fraud Risk Management is a product that prevents the exploitation of network assets. HP CentralView Revenue Leakage Control is a product used to detect and prevent vulnerabilities in the communications service provider revenue stream. This may aid in further attacks. References: CVE-2015-5406 (SSRT101995) CVE-2015-5407 CVE-2015-5408 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. RESOLUTION Customers are recommended to use the latest product versions that provide a web client for secure access to HP CentralView systems. The windows client has been deprecated and replaced by the web client in the latest releases. The patch is addressing SQL Injection described in the associated patch documents. For this latest available security patch, customers will be required to update to latest product versions before applying this update. Please contact HP CentralView product support to request this update. HISTORY Version:1 (rev.1) - 12 August 2015 Initial release Version:2 (rev.2) - 2 November 2015 Patches available Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2015 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJWOPZaAAoJEGIGBBYqRO9/wKkH/3cT7uKX0UFsRpH+1T2w44Ld yfMvQ+tfpzJEMdSyhIxuO80cCFqA2RdVAgqJxD6aWVI4A+nG20xPxZrP9T7BRwdd ArslVTepsH8sNkYhtKad5GYA+Y+D5Dv0r6VALqKJfKr6YTMDT4ansNDiylkyfPgo fTAM6snzKf72TkN/qDI7CljrSTGdmGjo7ryO5HFr2tVUpEUFoUQJMoMrpHsUnHKl 3D5N5oZSlNRsDHLK2efC+KNjli3p60D1GXxCRqhUXTRaBR6XBO0BD9xOVm5URP/Z eGs2pDeVlf9irAbXKiGXTRi51srZRjWTxzw3owsXg3863NwNr1MEwni9zL/ws40= =E0Gy -----END PGP SIGNATURE----- . Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein

HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5408. plural HP CentralView There are vulnerabilities in products that can capture important information. This vulnerability CVE-2015-5406 and CVE-2015-5408 Is a different vulnerability.Important information may be obtained by a third party. HP CentralView Fraud Risk Management is a product that prevents the exploitation of network assets. HP CentralView Revenue Leakage Control is a product used to detect and prevent vulnerabilities in the communications service provider revenue stream. This may aid in further attacks. References: CVE-2015-5406 (SSRT101995) CVE-2015-5407 CVE-2015-5408 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. RESOLUTION Customers are recommended to use the latest product versions that provide a web client for secure access to HP CentralView systems. The windows client has been deprecated and replaced by the web client in the latest releases. The patch is addressing SQL Injection described in the associated patch documents. For this latest available security patch, customers will be required to update to latest product versions before applying this update. Please contact HP CentralView product support to request this update. HISTORY Version:1 (rev.1) - 12 August 2015 Initial release Version:2 (rev.2) - 2 November 2015 Patches available Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2015 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJWOPZaAAoJEGIGBBYqRO9/wKkH/3cT7uKX0UFsRpH+1T2w44Ld yfMvQ+tfpzJEMdSyhIxuO80cCFqA2RdVAgqJxD6aWVI4A+nG20xPxZrP9T7BRwdd ArslVTepsH8sNkYhtKad5GYA+Y+D5Dv0r6VALqKJfKr6YTMDT4ansNDiylkyfPgo fTAM6snzKf72TkN/qDI7CljrSTGdmGjo7ryO5HFr2tVUpEUFoUQJMoMrpHsUnHKl 3D5N5oZSlNRsDHLK2efC+KNjli3p60D1GXxCRqhUXTRaBR6XBO0BD9xOVm5URP/Z eGs2pDeVlf9irAbXKiGXTRi51srZRjWTxzw3owsXg3863NwNr1MEwni9zL/ws40= =E0Gy -----END PGP SIGNATURE----- . Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein

HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5407 and CVE-2015-5408. plural HP CentralView There are vulnerabilities in products that can capture important information. This vulnerability CVE-2015-5407 and CVE-2015-5408 Is a different vulnerability.Important information may be obtained by a third party. HP CentralView Fraud Risk Management is a product that prevents the exploitation of network assets. HP CentralView Revenue Leakage Control is a product used to detect and prevent vulnerabilities in the communications service provider revenue stream. References: CVE-2015-5406 (SSRT101995) CVE-2015-5407 CVE-2015-5408 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. RESOLUTION Customers are recommended to use the latest product versions that provide a web client for secure access to HP CentralView systems. The windows client has been deprecated and replaced by the web client in the latest releases. Remote access to information issues are addressed with a FRM12.0 (ERM6.0) Patch 4 and FRM11.1 (ERM5.0/ERM5.1) - patch 5. The patch is addressing SQL Injection described in the associated patch documents. For this latest available security patch, customers will be required to update to latest product versions before applying this update. Please contact HP CentralView product support to request this update. HISTORY Version:1 (rev.1) - 12 August 2015 Initial release Version:2 (rev.2) - 2 November 2015 Patches available Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2015 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJWOPZaAAoJEGIGBBYqRO9/wKkH/3cT7uKX0UFsRpH+1T2w44Ld yfMvQ+tfpzJEMdSyhIxuO80cCFqA2RdVAgqJxD6aWVI4A+nG20xPxZrP9T7BRwdd ArslVTepsH8sNkYhtKad5GYA+Y+D5Dv0r6VALqKJfKr6YTMDT4ansNDiylkyfPgo fTAM6snzKf72TkN/qDI7CljrSTGdmGjo7ryO5HFr2tVUpEUFoUQJMoMrpHsUnHKl 3D5N5oZSlNRsDHLK2efC+KNjli3p60D1GXxCRqhUXTRaBR6XBO0BD9xOVm5URP/Z eGs2pDeVlf9irAbXKiGXTRi51srZRjWTxzw3owsXg3863NwNr1MEwni9zL/ws40= =E0Gy -----END PGP SIGNATURE----- . Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein

The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853. Cisco TelePresence Video Communication Server Expressway is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial of service condition or read arbitrary files on an affected system. This issue is being tracked by Cisco bug ID CSCuv31853

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in a GET request, aka Bug ID CSCuv40528. An attacker can exploit this issue to cause a denial of service condition, denying service to legitimate users. This issue is being tracked by Cisco bug ID CSCuv40528 . The vulnerability is caused by the program not correctly handling the GET request message

The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, which allows remote authenticated users to conduct impersonation attacks via a crafted registration, aka Bug ID CSCuv40396. Vendors have confirmed this vulnerability Bug ID CSCuv40396 It is released as.Cleverly crafted registration by remotely authenticated users (registration) May be able to carry out spoofing attacks. Cisco TelePresence Video Communication Server Expressway is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuv40396. The vulnerability is caused by the program not correctly verifying the registered phone line. A remote attacker could exploit this vulnerability by sending a specially crafted Session Initiation Protocol (SIP) message to register the phone and impersonate a legitimate user

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469. An attacker can exploit this issue to cause a denial of service condition, denying service to legitimate users. This issue is being tracked by Cisco bug ID CSCuv40469 . The vulnerability is caused by the program not correctly handling malformed authentication messages

The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug Id CSCuv12340. The vulnerability is caused by sensitive information contained in the log file

Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors, aka Bug ID CSCuo89056. Vendors have confirmed this vulnerability Bug ID CSCuo89056 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlThe stored data may be read or written by a remotely authenticated user. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. Web Interaction Manager is a product that can help call center business representatives use websites and text chats or real-time Web collaboration to answer customer questions; E-mail Interaction Manager is a product used to manage a large number of customer emails submitted to corporate mailboxes or websites. A remote attacker could exploit this vulnerability to view, modify, or delete data stored on the device

Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vectors, aka Bug ID CSCuo89046. Vendors have confirmed this vulnerability Bug ID CSCuo89046 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlRemotely authenticated users could delete the default system folder in the messaging queue. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Web Interaction Manager is a product that can help call center business representatives use websites and text chats or real-time Web collaboration to answer customer questions; E-mail Interaction Manager is a product used to manage a large number of customer emails submitted to corporate mailboxes or websites

The webGUI configuration-export feature in Cisco Edge Bluebird Operating System 1.2 on Edge 340 devices allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuu43968. The Cisco Edge 340 Series Digital Media Player is a digital media playback application. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug Id CSCuu43968

The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows remote attackers to delete arbitrary system policies via modified parameters in a POST request, aka Bug ID CSCuu25390. Vendors have confirmed this vulnerability Bug ID CSCuu25390 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy a third party POST Arbitrary system policies may be removed via changed parameters in the request. The Cisco FireSIGHT Management Center centrally manages the network security and operational capabilities of Cisco ASA and Cisco FirePOWER Network Security appliances with FirePOWER Services. Cisco FireSIGHT System Software is prone to a remote security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to delete a system policy other than their own. This may result in a denial of service condition. A remote attacker could exploit this vulnerability to compromise the integrity of the application by incorrectly removing system policies

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Attackers can exploit these issues to obtain sensitive information, execute arbitrary code with system privileges, perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, and perform other attacks. Versions prior to iOS 8.4.1 and OS X 10.10.5 are vulnerable. in the United States

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802. Attackers can exploit these issues to obtain sensitive information, execute arbitrary code with system privileges, perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, and perform other attacks. Versions prior to iOS 8.4.1 and OS X 10.10.5 are vulnerable. in the United States