Mac OS X
by Apple Inc.
CVEs (2,090)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5841 | 0.00 | — | 0.02 | Sep 18, 2015 | The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. | |||
| CVE-2015-5840 | 0.00 | — | 0.02 | Sep 18, 2015 | The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data. | |||
| CVE-2015-5839 | 0.00 | — | 0.02 | Sep 18, 2015 | dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file. | |||
| CVE-2015-5831 | 0.00 | — | 0.02 | Sep 18, 2015 | NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app. | |||
| CVE-2015-5824 | 0.00 | — | 0.00 | Sep 18, 2015 | The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted… | |||
| CVE-2014-8611 | 0.00 | — | 0.00 | Sep 18, 2015 | The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via… | |||
| CVE-2015-5783 | 0.00 | — | 0.03 | Aug 17, 2015 | IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3770. | |||
| CVE-2015-5782 | 0.00 | — | 0.02 | Aug 17, 2015 | ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image. | |||
| CVE-2015-5781 | 0.00 | — | 0.02 | Aug 17, 2015 | ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image. | |||
| CVE-2015-5778 | 0.00 | — | 0.03 | Aug 17, 2015 | CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777. | |||
| CVE-2015-5777 | 0.00 | — | 0.03 | Aug 17, 2015 | CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778. | |||
| CVE-2015-5776 | 0.00 | — | 0.04 | Aug 17, 2015 | Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket. | |||
| CVE-2015-5775 | 0.00 | — | 0.04 | Aug 17, 2015 | FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756. | |||
| CVE-2015-5774 | 0.00 | — | 0.00 | Aug 17, 2015 | Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2015-5773 | 0.00 | — | 0.03 | Aug 17, 2015 | QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document. | |||
| CVE-2015-5772 | 0.00 | — | 0.03 | Aug 17, 2015 | Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file. | |||
| CVE-2015-5771 | 0.00 | — | 0.03 | Aug 17, 2015 | Quartz Composer Framework in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted QuickTime file. | |||
| CVE-2015-5768 | 0.00 | — | 0.01 | Aug 17, 2015 | AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||
| CVE-2015-5763 | 0.00 | — | 0.00 | Aug 17, 2015 | ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2015-5761 | 0.00 | — | 0.03 | Aug 17, 2015 | CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755. |
- CVE-2015-5841Sep 18, 2015risk 0.00cvss —epss 0.02
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.
- CVE-2015-5840Sep 18, 2015risk 0.00cvss —epss 0.02
The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data.
- CVE-2015-5839Sep 18, 2015risk 0.00cvss —epss 0.02
dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file.
- CVE-2015-5831Sep 18, 2015risk 0.00cvss —epss 0.02
NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app.
- CVE-2015-5824Sep 18, 2015risk 0.00cvss —epss 0.00
The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted…
- CVE-2014-8611Sep 18, 2015risk 0.00cvss —epss 0.00
The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via…
- CVE-2015-5783Aug 17, 2015risk 0.00cvss —epss 0.03
IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3770.
- CVE-2015-5782Aug 17, 2015risk 0.00cvss —epss 0.02
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
- CVE-2015-5781Aug 17, 2015risk 0.00cvss —epss 0.02
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.
- CVE-2015-5778Aug 17, 2015risk 0.00cvss —epss 0.03
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.
- CVE-2015-5777Aug 17, 2015risk 0.00cvss —epss 0.03
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778.
- CVE-2015-5776Aug 17, 2015risk 0.00cvss —epss 0.04
Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.
- CVE-2015-5775Aug 17, 2015risk 0.00cvss —epss 0.04
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.
- CVE-2015-5774Aug 17, 2015risk 0.00cvss —epss 0.00
Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
- CVE-2015-5773Aug 17, 2015risk 0.00cvss —epss 0.03
QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document.
- CVE-2015-5772Aug 17, 2015risk 0.00cvss —epss 0.03
Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file.
- CVE-2015-5771Aug 17, 2015risk 0.00cvss —epss 0.03
Quartz Composer Framework in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted QuickTime file.
- CVE-2015-5768Aug 17, 2015risk 0.00cvss —epss 0.01
AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
- CVE-2015-5763Aug 17, 2015risk 0.00cvss —epss 0.00
ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
- CVE-2015-5761Aug 17, 2015risk 0.00cvss —epss 0.03
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.
Page 50 of 105