OS X

CVEs (508)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2015-7761	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760.
CVE-2015-7760	Apple Inc. Mac Os X	—	0.01	Oct 9, 2015	libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different vulnerability than…
CVE-2015-5917	Luke Mewburn Tnftpd	—	0.01	Oct 9, 2015	The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the…
CVE-2015-5915	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors.
CVE-2015-5914	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists…
CVE-2015-5913	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request.
CVE-2015-5902	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors.
CVE-2015-5901	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive.
CVE-2015-5900	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address.
CVE-2015-5897	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework.
CVE-2015-5894	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access…
CVE-2015-5893	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
CVE-2015-5891	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2015-5890	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873.
CVE-2015-5888	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file.
CVE-2015-5887	Apple Inc. Mac Os X	—	0.01	Oct 9, 2015	The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data.
CVE-2015-5884	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment.
CVE-2015-5883	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence.
CVE-2015-5878	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2015-5877	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830.

CVE-2015-7761Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760.
CVE-2015-7760Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different vulnerability than…
CVE-2015-5917Oct 9, 2015
Luke Mewburn
Tnftpd
risk 0.00cvss —epss 0.01
The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the…
CVE-2015-5915Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors.
CVE-2015-5914Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists…
CVE-2015-5913Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request.
CVE-2015-5902Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors.
CVE-2015-5901Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive.
CVE-2015-5900Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address.
CVE-2015-5897Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework.
CVE-2015-5894Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access…
CVE-2015-5893Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
CVE-2015-5891Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2015-5890Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873.
CVE-2015-5888Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file.
CVE-2015-5887Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data.
CVE-2015-5884Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment.
CVE-2015-5883Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence.
CVE-2015-5878Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2015-5877Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830.

Page 14 of 26