VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2015-3784Aug 16, 2015
    risk 0.00cvss epss 0.03

    Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

  • CVE-2015-3782Aug 16, 2015
    risk 0.00cvss epss 0.01

    CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.

  • CVE-2015-3781Aug 16, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search.

  • CVE-2015-3780Aug 16, 2015
    risk 0.00cvss epss 0.01

    The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

  • CVE-2015-3778Aug 16, 2015
    risk 0.00cvss epss 0.01

    bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.

  • CVE-2015-3777Aug 16, 2015
    risk 0.00cvss epss 0.00

    Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow local users to gain privileges via XPC messages.

  • CVE-2015-3776Aug 16, 2015
    risk 0.00cvss epss 0.03

    IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.

  • CVE-2015-3775Aug 16, 2015
    risk 0.00cvss epss 0.00

    Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors.

  • CVE-2015-3774Aug 16, 2015
    risk 0.00cvss epss 0.01

    The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream.

  • CVE-2015-3773Aug 16, 2015
    risk 0.00cvss epss 0.03

    The SMB client in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

  • CVE-2015-3772Aug 16, 2015
    risk 0.00cvss epss 0.00

    IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3771.

  • CVE-2015-3771Aug 16, 2015
    risk 0.00cvss epss 0.00

    IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3772.

  • CVE-2015-3770Aug 16, 2015
    risk 0.00cvss epss 0.03

    IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5783.

  • CVE-2015-3769Aug 16, 2015
    risk 0.00cvss epss 0.00

    IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3771 and CVE-2015-3772.

  • CVE-2015-3768Aug 16, 2015
    risk 0.00cvss epss 0.03

    Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.

  • CVE-2015-3767Aug 16, 2015
    risk 0.00cvss epss 0.00

    udf in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.

  • CVE-2015-3766Aug 16, 2015
    risk 0.00cvss epss 0.01

    The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app.

  • CVE-2015-3764Aug 16, 2015
    risk 0.00cvss epss 0.01

    Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, which allows attackers to read arbitrary notifications via a crafted app.

  • CVE-2015-3762Aug 16, 2015
    risk 0.00cvss epss 0.02

    The Text Formats component in Apple OS X before 10.10.5, as used in TextEdit, allows remote attackers to read arbitrary files via a text file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

  • CVE-2015-3761Aug 16, 2015
    risk 0.00cvss epss 0.00

    The kernel in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.

Page 52 of 105