OS X

CVEs (315)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2015-1142	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data.
CVE-2015-1141	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors.
CVE-2015-1140	Apple Inc. Mac Os X	—	0.03	Apr 10, 2015	Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors.
CVE-2015-1139	Apple Inc. Mac Os X	—	0.02	Apr 10, 2015	ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file.
CVE-2015-1138	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors.
CVE-2015-1137	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type.
CVE-2015-1136	Apple Inc. Mac Os X	—	0.02	Apr 10, 2015	Use-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code by leveraging improper use of a mutex.
CVE-2015-1135	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134.
CVE-2015-1134	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135.
CVE-2015-1133	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135.
CVE-2015-1132	Apple Inc. Mac Os X	—	0.01	Apr 10, 2015	fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
CVE-2015-1131	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
CVE-2015-1118	Apple Inc. Mac Os X	—	0.01	Apr 10, 2015	libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.
CVE-2015-1117	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group…
CVE-2015-1105	Apple Inc. Mac Os X	—	0.06	Apr 10, 2015	The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.
CVE-2015-1104	Apple Inc. Mac Os X	—	0.02	Apr 10, 2015	The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.
CVE-2015-1103	Apple Inc. Mac Os X	—	0.01	Apr 10, 2015	The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a…
CVE-2015-1102	Apple Inc. Mac Os X	—	0.02	Apr 10, 2015	The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.
CVE-2015-1101	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-1099	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.

CVE-2015-1142Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data.
CVE-2015-1141Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors.
CVE-2015-1140Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.03
Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors.
CVE-2015-1139Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file.
CVE-2015-1138Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors.
CVE-2015-1137Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type.
CVE-2015-1136Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
Use-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code by leveraging improper use of a mutex.
CVE-2015-1135Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134.
CVE-2015-1134Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135.
CVE-2015-1133Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135.
CVE-2015-1132Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
CVE-2015-1131Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
CVE-2015-1118Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.
CVE-2015-1117Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group…
CVE-2015-1105Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.06
The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.
CVE-2015-1104Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.
CVE-2015-1103Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a…
CVE-2015-1102Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.
CVE-2015-1101Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-1099Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.

Page 12 of 16