Mac OS X
by Apple Inc.
CVEs (2,090)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5932 | 0.00 | — | 0.01 | Oct 23, 2015 | The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing. | |||
| CVE-2015-5927 | 0.00 | — | 0.03 | Oct 23, 2015 | FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5942. | |||
| CVE-2015-5926 | 0.00 | — | 0.02 | Oct 23, 2015 | The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5925. | |||
| CVE-2015-5925 | 0.00 | — | 0.02 | Oct 23, 2015 | The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926. | |||
| CVE-2015-5924 | 0.00 | — | 0.02 | Oct 23, 2015 | The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | |||
| CVE-2015-7035 | 0.00 | — | 0.02 | Oct 23, 2015 | Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors. | |||
| CVE-2015-7017 | 0.00 | — | 0.04 | Oct 23, 2015 | CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992. | |||
| CVE-2015-6992 | 0.00 | — | 0.04 | Oct 23, 2015 | CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017. | |||
| CVE-2015-6975 | 0.00 | — | 0.04 | Oct 23, 2015 | CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017. | |||
| CVE-2015-7761 | 0.00 | — | 0.01 | Oct 9, 2015 | Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760. | |||
| CVE-2015-7760 | 0.00 | — | 0.02 | Oct 9, 2015 | libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different vulnerability than… | |||
| CVE-2015-5922 | 0.00 | — | 0.03 | Oct 9, 2015 | Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors. | |||
| CVE-2015-5915 | 0.00 | — | 0.01 | Oct 9, 2015 | Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors. | |||
| CVE-2015-5914 | 0.00 | — | 0.00 | Oct 9, 2015 | The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists… | |||
| CVE-2015-5913 | 0.00 | — | 0.02 | Oct 9, 2015 | Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request. | |||
| CVE-2015-5902 | 0.00 | — | 0.00 | Oct 9, 2015 | The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors. | |||
| CVE-2015-5901 | 0.00 | — | 0.00 | Oct 9, 2015 | The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive. | |||
| CVE-2015-5900 | 0.00 | — | 0.02 | Oct 9, 2015 | The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address. | |||
| CVE-2015-5897 | 0.00 | — | 0.00 | Oct 9, 2015 | The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework. | |||
| CVE-2015-5894 | 0.00 | — | 0.01 | Oct 9, 2015 | The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access… |
- CVE-2015-5932Oct 23, 2015risk 0.00cvss —epss 0.01
The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing.
- CVE-2015-5927Oct 23, 2015risk 0.00cvss —epss 0.03
FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5942.
- CVE-2015-5926Oct 23, 2015risk 0.00cvss —epss 0.02
The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5925.
- CVE-2015-5925Oct 23, 2015risk 0.00cvss —epss 0.02
The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926.
- CVE-2015-5924Oct 23, 2015risk 0.00cvss —epss 0.02
The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
- CVE-2015-7035Oct 23, 2015risk 0.00cvss —epss 0.02
Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors.
- CVE-2015-7017Oct 23, 2015risk 0.00cvss —epss 0.04
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.
- CVE-2015-6992Oct 23, 2015risk 0.00cvss —epss 0.04
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.
- CVE-2015-6975Oct 23, 2015risk 0.00cvss —epss 0.04
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.
- CVE-2015-7761Oct 9, 2015risk 0.00cvss —epss 0.01
Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760.
- CVE-2015-7760Oct 9, 2015risk 0.00cvss —epss 0.02
libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different vulnerability than…
- CVE-2015-5922Oct 9, 2015risk 0.00cvss —epss 0.03
Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors.
- CVE-2015-5915Oct 9, 2015risk 0.00cvss —epss 0.01
Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors.
- CVE-2015-5914Oct 9, 2015risk 0.00cvss —epss 0.00
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists…
- CVE-2015-5913Oct 9, 2015risk 0.00cvss —epss 0.02
Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request.
- CVE-2015-5902Oct 9, 2015risk 0.00cvss —epss 0.00
The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors.
- CVE-2015-5901Oct 9, 2015risk 0.00cvss —epss 0.00
The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive.
- CVE-2015-5900Oct 9, 2015risk 0.00cvss —epss 0.02
The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address.
- CVE-2015-5897Oct 9, 2015risk 0.00cvss —epss 0.00
The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework.
- CVE-2015-5894Oct 9, 2015risk 0.00cvss —epss 0.01
The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access…
Page 47 of 105