Mac OS X
by Apple Inc.
CVEs (2,090)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3662 | 0.00 | — | 0.03 | Jul 3, 2015 | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661,… | |||
| CVE-2015-3661 | 0.00 | — | 0.03 | Jul 3, 2015 | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3662,… | |||
| CVE-2015-3659 | 0.00 | — | 0.03 | Jul 3, 2015 | The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute… | |||
| CVE-2015-3658 | 0.00 | — | 0.02 | Jul 3, 2015 | The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for… | |||
| CVE-2015-1157 | 0.00 | — | 0.06 | May 28, 2015 | CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1)… | |||
| CVE-2015-3416 | 0.00 | — | 0.06 | Apr 24, 2015 | The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or… | |||
| CVE-2015-3415 | 0.00 | — | 0.05 | Apr 24, 2015 | The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as… | |||
| CVE-2015-3414 | 0.00 | — | 0.05 | Apr 24, 2015 | SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE… | |||
| CVE-2015-1148 | 0.00 | — | 0.01 | Apr 10, 2015 | Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file. | |||
| CVE-2015-1147 | 0.00 | — | 0.02 | Apr 10, 2015 | Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2015-1146 | 0.00 | — | 0.00 | Apr 10, 2015 | The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145. | |||
| CVE-2015-1145 | 0.00 | — | 0.00 | Apr 10, 2015 | The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146. | |||
| CVE-2015-1144 | 0.00 | — | 0.00 | Apr 10, 2015 | Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier. | |||
| CVE-2015-1143 | 0.00 | — | 0.00 | Apr 10, 2015 | LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue. | |||
| CVE-2015-1142 | 0.00 | — | 0.00 | Apr 10, 2015 | LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data. | |||
| CVE-2015-1141 | 0.00 | — | 0.00 | Apr 10, 2015 | The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors. | |||
| CVE-2015-1140 | 0.00 | — | 0.01 | Apr 10, 2015 | Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2015-1139 | 0.00 | — | 0.04 | Apr 10, 2015 | ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file. | |||
| CVE-2015-1138 | 0.00 | — | 0.00 | Apr 10, 2015 | Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors. | |||
| CVE-2015-1137 | 0.00 | — | 0.00 | Apr 10, 2015 | The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type. |
- CVE-2015-3662Jul 3, 2015risk 0.00cvss —epss 0.03
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661,…
- CVE-2015-3661Jul 3, 2015risk 0.00cvss —epss 0.03
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3662,…
- CVE-2015-3659Jul 3, 2015risk 0.00cvss —epss 0.03
The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute…
- CVE-2015-3658Jul 3, 2015risk 0.00cvss —epss 0.02
The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for…
- CVE-2015-1157May 28, 2015risk 0.00cvss —epss 0.06
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1)…
- CVE-2015-3416Apr 24, 2015risk 0.00cvss —epss 0.06
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or…
- CVE-2015-3415Apr 24, 2015risk 0.00cvss —epss 0.05
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as…
- CVE-2015-3414Apr 24, 2015risk 0.00cvss —epss 0.05
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE…
- CVE-2015-1148Apr 10, 2015risk 0.00cvss —epss 0.01
Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file.
- CVE-2015-1147Apr 10, 2015risk 0.00cvss —epss 0.02
Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network.
- CVE-2015-1146Apr 10, 2015risk 0.00cvss —epss 0.00
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145.
- CVE-2015-1145Apr 10, 2015risk 0.00cvss —epss 0.00
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146.
- CVE-2015-1144Apr 10, 2015risk 0.00cvss —epss 0.00
Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier.
- CVE-2015-1143Apr 10, 2015risk 0.00cvss —epss 0.00
LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue.
- CVE-2015-1142Apr 10, 2015risk 0.00cvss —epss 0.00
LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data.
- CVE-2015-1141Apr 10, 2015risk 0.00cvss —epss 0.00
The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors.
- CVE-2015-1140Apr 10, 2015risk 0.00cvss —epss 0.01
Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors.
- CVE-2015-1139Apr 10, 2015risk 0.00cvss —epss 0.04
ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file.
- CVE-2015-1138Apr 10, 2015risk 0.00cvss —epss 0.00
Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors.
- CVE-2015-1137Apr 10, 2015risk 0.00cvss —epss 0.00
The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type.
Page 56 of 105