Mac OS X
by Apple Inc.
CVEs (2,090)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5893 | 0.00 | — | 0.00 | Oct 9, 2015 | SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | |||
| CVE-2015-5891 | 0.00 | — | 0.00 | Oct 9, 2015 | The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2015-5890 | 0.00 | — | 0.00 | Oct 9, 2015 | IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873. | |||
| CVE-2015-5888 | 0.00 | — | 0.00 | Oct 9, 2015 | The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file. | |||
| CVE-2015-5887 | 0.00 | — | 0.02 | Oct 9, 2015 | The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data. | |||
| CVE-2015-5884 | 0.00 | — | 0.00 | Oct 9, 2015 | The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment. | |||
| CVE-2015-5883 | 0.00 | — | 0.02 | Oct 9, 2015 | The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence. | |||
| CVE-2015-5878 | 0.00 | — | 0.00 | Oct 9, 2015 | Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-5877 | 0.00 | — | 0.00 | Oct 9, 2015 | The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830. | |||
| CVE-2015-5875 | 0.00 | — | 0.00 | Oct 9, 2015 | Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text. | |||
| CVE-2015-5873 | 0.00 | — | 0.00 | Oct 9, 2015 | IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890. | |||
| CVE-2015-5872 | 0.00 | — | 0.00 | Oct 9, 2015 | IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890. | |||
| CVE-2015-5871 | 0.00 | — | 0.00 | Oct 9, 2015 | IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890. | |||
| CVE-2015-5870 | 0.00 | — | 0.00 | Oct 9, 2015 | The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors. | |||
| CVE-2015-5866 | 0.00 | — | 0.03 | Oct 9, 2015 | IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||
| CVE-2015-5865 | 0.00 | — | 0.01 | Oct 9, 2015 | IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||
| CVE-2015-5864 | 0.00 | — | 0.00 | Oct 9, 2015 | IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | |||
| CVE-2015-5854 | 0.00 | — | 0.00 | Oct 9, 2015 | The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors. | |||
| CVE-2015-5853 | 0.00 | — | 0.01 | Oct 9, 2015 | AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors. | |||
| CVE-2015-5849 | 0.00 | — | 0.02 | Oct 9, 2015 | The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection. |
- CVE-2015-5893Oct 9, 2015risk 0.00cvss —epss 0.00
SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
- CVE-2015-5891Oct 9, 2015risk 0.00cvss —epss 0.00
The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
- CVE-2015-5890Oct 9, 2015risk 0.00cvss —epss 0.00
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873.
- CVE-2015-5888Oct 9, 2015risk 0.00cvss —epss 0.00
The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file.
- CVE-2015-5887Oct 9, 2015risk 0.00cvss —epss 0.02
The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data.
- CVE-2015-5884Oct 9, 2015risk 0.00cvss —epss 0.00
The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment.
- CVE-2015-5883Oct 9, 2015risk 0.00cvss —epss 0.02
The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence.
- CVE-2015-5878Oct 9, 2015risk 0.00cvss —epss 0.00
Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors.
- CVE-2015-5877Oct 9, 2015risk 0.00cvss —epss 0.00
The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830.
- CVE-2015-5875Oct 9, 2015risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text.
- CVE-2015-5873Oct 9, 2015risk 0.00cvss —epss 0.00
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890.
- CVE-2015-5872Oct 9, 2015risk 0.00cvss —epss 0.00
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890.
- CVE-2015-5871Oct 9, 2015risk 0.00cvss —epss 0.00
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890.
- CVE-2015-5870Oct 9, 2015risk 0.00cvss —epss 0.00
The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors.
- CVE-2015-5866Oct 9, 2015risk 0.00cvss —epss 0.03
IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
- CVE-2015-5865Oct 9, 2015risk 0.00cvss —epss 0.01
IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
- CVE-2015-5864Oct 9, 2015risk 0.00cvss —epss 0.00
IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
- CVE-2015-5854Oct 9, 2015risk 0.00cvss —epss 0.00
The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors.
- CVE-2015-5853Oct 9, 2015risk 0.00cvss —epss 0.01
AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors.
- CVE-2015-5849Oct 9, 2015risk 0.00cvss —epss 0.02
The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection.
Page 48 of 105