Mac OS X
by Apple Inc.
CVEs (2,090)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3757 | 0.00 | — | 0.00 | Aug 16, 2015 | Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane. | |||
| CVE-2013-7422 | 0.00 | — | 0.03 | Aug 16, 2015 | Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid… | |||
| CVE-2015-5523 | 0.00 | — | 0.04 | Aug 11, 2015 | The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. | |||
| CVE-2015-5522 | 0.00 | — | 0.05 | Aug 11, 2015 | Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. | |||
| CVE-2015-3185 | 0.00 | — | 0.19 | Jul 20, 2015 | The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended… | |||
| CVE-2015-0253 | 0.00 | — | 0.15 | Jul 20, 2015 | The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a… | |||
| CVE-2015-3727 | 0.00 | — | 0.02 | Jul 3, 2015 | WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted… | |||
| CVE-2015-3721 | 0.00 | — | 0.01 | Jul 3, 2015 | The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app. | |||
| CVE-2015-3720 | 0.00 | — | 0.01 | Jul 3, 2015 | The kernel in Apple OS X before 10.10.4 does not properly manage memory in kernel-extension APIs, which allows attackers to obtain sensitive memory-layout information via a crafted app. | |||
| CVE-2015-3719 | 0.00 | — | 0.03 | Jul 3, 2015 | TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694. | |||
| CVE-2015-3718 | 0.00 | — | 0.02 | Jul 3, 2015 | systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a "type… | |||
| CVE-2015-3717 | 0.00 | — | 0.04 | Jul 3, 2015 | Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2015-3716 | 0.00 | — | 0.00 | Jul 3, 2015 | Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library. | |||
| CVE-2015-3715 | 0.00 | — | 0.01 | Jul 3, 2015 | The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrictions via a crafted library. | |||
| CVE-2015-3714 | 0.00 | — | 0.01 | Jul 3, 2015 | Apple OS X before 10.10.4 does not properly consider custom resource rules during app signature verification, which allows attackers to bypass intended launch restrictions via a modified app. | |||
| CVE-2015-3713 | 0.00 | — | 0.03 | Jul 3, 2015 | QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file. | |||
| CVE-2015-3712 | 0.00 | — | 0.03 | Jul 3, 2015 | The NVIDIA graphics driver in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds write) via a crafted app. | |||
| CVE-2015-3711 | 0.00 | — | 0.01 | Jul 3, 2015 | The NTFS implementation in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. | |||
| CVE-2015-3710 | 0.00 | — | 0.02 | Jul 3, 2015 | Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message. | |||
| CVE-2015-3709 | 0.00 | — | 0.00 | Jul 3, 2015 | Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation. |
- CVE-2015-3757Aug 16, 2015risk 0.00cvss —epss 0.00
Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane.
- CVE-2013-7422Aug 16, 2015risk 0.00cvss —epss 0.03
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid…
- CVE-2015-5523Aug 11, 2015risk 0.00cvss —epss 0.04
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
- CVE-2015-5522Aug 11, 2015risk 0.00cvss —epss 0.05
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.
- CVE-2015-3185Jul 20, 2015risk 0.00cvss —epss 0.19
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended…
- CVE-2015-0253Jul 20, 2015risk 0.00cvss —epss 0.15
The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a…
- CVE-2015-3727Jul 3, 2015risk 0.00cvss —epss 0.02
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted…
- CVE-2015-3721Jul 3, 2015risk 0.00cvss —epss 0.01
The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app.
- CVE-2015-3720Jul 3, 2015risk 0.00cvss —epss 0.01
The kernel in Apple OS X before 10.10.4 does not properly manage memory in kernel-extension APIs, which allows attackers to obtain sensitive memory-layout information via a crafted app.
- CVE-2015-3719Jul 3, 2015risk 0.00cvss —epss 0.03
TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694.
- CVE-2015-3718Jul 3, 2015risk 0.00cvss —epss 0.02
systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a "type…
- CVE-2015-3717Jul 3, 2015risk 0.00cvss —epss 0.04
Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
- CVE-2015-3716Jul 3, 2015risk 0.00cvss —epss 0.00
Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library.
- CVE-2015-3715Jul 3, 2015risk 0.00cvss —epss 0.01
The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrictions via a crafted library.
- CVE-2015-3714Jul 3, 2015risk 0.00cvss —epss 0.01
Apple OS X before 10.10.4 does not properly consider custom resource rules during app signature verification, which allows attackers to bypass intended launch restrictions via a modified app.
- CVE-2015-3713Jul 3, 2015risk 0.00cvss —epss 0.03
QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file.
- CVE-2015-3712Jul 3, 2015risk 0.00cvss —epss 0.03
The NVIDIA graphics driver in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds write) via a crafted app.
- CVE-2015-3711Jul 3, 2015risk 0.00cvss —epss 0.01
The NTFS implementation in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
- CVE-2015-3710Jul 3, 2015risk 0.00cvss —epss 0.02
Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message.
- CVE-2015-3709Jul 3, 2015risk 0.00cvss —epss 0.00
Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation.
Page 53 of 105