Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain. Rated low severity (CVSS 3.3). Public exploit code available and no vendor patch available.
The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.