Mac OS X
by Apple Inc.
CVEs (2,090)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5758 | 0.00 | — | 0.03 | Aug 17, 2015 | ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. | |||
| CVE-2015-5757 | 0.00 | — | 0.03 | Aug 17, 2015 | libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking. | |||
| CVE-2015-5756 | 0.00 | — | 0.03 | Aug 17, 2015 | FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775. | |||
| CVE-2015-5755 | 0.00 | — | 0.03 | Aug 17, 2015 | CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761. | |||
| CVE-2015-5750 | 0.00 | — | 0.02 | Aug 17, 2015 | Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode characters. | |||
| CVE-2015-5748 | 0.00 | — | 0.00 | Aug 17, 2015 | The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume. | |||
| CVE-2015-5747 | 0.00 | — | 0.00 | Aug 17, 2015 | The fasttrap driver in the kernel in Apple OS X before 10.10.5 allows local users to cause a denial of service (resource consumption) via unspecified vectors. | |||
| CVE-2015-3807 | 0.00 | — | 0.02 | Aug 17, 2015 | libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document. | |||
| CVE-2015-3806 | 0.00 | — | 0.00 | Aug 17, 2015 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file. | |||
| CVE-2015-3805 | 0.00 | — | 0.00 | Aug 17, 2015 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802. | |||
| CVE-2015-3804 | 0.00 | — | 0.04 | Aug 17, 2015 | FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775. | |||
| CVE-2015-3803 | 0.00 | — | 0.00 | Aug 17, 2015 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file. | |||
| CVE-2015-3802 | 0.00 | — | 0.00 | Aug 17, 2015 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805. | |||
| CVE-2015-3800 | 0.00 | — | 0.00 | Aug 17, 2015 | The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image. | |||
| CVE-2015-3799 | 0.00 | — | 0.02 | Aug 17, 2015 | The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app. | |||
| CVE-2015-3797 | 0.00 | — | 0.03 | Aug 17, 2015 | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than… | |||
| CVE-2015-3795 | 0.00 | — | 0.05 | Aug 17, 2015 | libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message. | |||
| CVE-2015-3794 | 0.00 | — | 0.03 | Aug 17, 2015 | The Speech UI in Apple OS X before 10.10.5, when speech alerts are enabled, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Unicode string. | |||
| CVE-2015-3787 | 0.00 | — | 0.01 | Aug 16, 2015 | The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets. | |||
| CVE-2015-3786 | 0.00 | — | 0.01 | Aug 16, 2015 | The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired devices via a crafted app. |
- CVE-2015-5758Aug 17, 2015risk 0.00cvss —epss 0.03
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
- CVE-2015-5757Aug 17, 2015risk 0.00cvss —epss 0.03
libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking.
- CVE-2015-5756Aug 17, 2015risk 0.00cvss —epss 0.03
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775.
- CVE-2015-5755Aug 17, 2015risk 0.00cvss —epss 0.03
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.
- CVE-2015-5750Aug 17, 2015risk 0.00cvss —epss 0.02
Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode characters.
- CVE-2015-5748Aug 17, 2015risk 0.00cvss —epss 0.00
The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
- CVE-2015-5747Aug 17, 2015risk 0.00cvss —epss 0.00
The fasttrap driver in the kernel in Apple OS X before 10.10.5 allows local users to cause a denial of service (resource consumption) via unspecified vectors.
- CVE-2015-3807Aug 17, 2015risk 0.00cvss —epss 0.02
libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document.
- CVE-2015-3806Aug 17, 2015risk 0.00cvss —epss 0.00
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.
- CVE-2015-3805Aug 17, 2015risk 0.00cvss —epss 0.00
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.
- CVE-2015-3804Aug 17, 2015risk 0.00cvss —epss 0.04
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775.
- CVE-2015-3803Aug 17, 2015risk 0.00cvss —epss 0.00
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file.
- CVE-2015-3802Aug 17, 2015risk 0.00cvss —epss 0.00
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.
- CVE-2015-3800Aug 17, 2015risk 0.00cvss —epss 0.00
The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.
- CVE-2015-3799Aug 17, 2015risk 0.00cvss —epss 0.02
The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app.
- CVE-2015-3797Aug 17, 2015risk 0.00cvss —epss 0.03
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than…
- CVE-2015-3795Aug 17, 2015risk 0.00cvss —epss 0.05
libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.
- CVE-2015-3794Aug 17, 2015risk 0.00cvss —epss 0.03
The Speech UI in Apple OS X before 10.10.5, when speech alerts are enabled, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Unicode string.
- CVE-2015-3787Aug 16, 2015risk 0.00cvss —epss 0.01
The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets.
- CVE-2015-3786Aug 16, 2015risk 0.00cvss —epss 0.01
The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired devices via a crafted app.
Page 51 of 105