OS X

CVEs (508)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2015-5875	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text.
CVE-2015-5873	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890.
CVE-2015-5872	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890.
CVE-2015-5871	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890.
CVE-2015-5870	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors.
CVE-2015-5866	Apple Inc. Mac Os X	—	0.01	Oct 9, 2015	IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-5865	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
CVE-2015-5864	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
CVE-2015-5854	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors.
CVE-2015-5853	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors.
CVE-2015-5849	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection.
CVE-2015-5833	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation.
CVE-2015-5830	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877.
CVE-2015-3785	Apple Inc. Mac Os X	—	0.00	Oct 9, 2015	The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.
CVE-2015-5783	Apple Inc. Mac Os X	—	0.01	Aug 17, 2015	IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3770.
CVE-2015-5782	Apple Inc. Mac Os X	—	0.01	Aug 17, 2015	ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
CVE-2015-5781	Apple Inc. Mac Os X	—	0.01	Aug 17, 2015	ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.
CVE-2015-5778	Apple Inc. Mac Os X	—	0.02	Aug 17, 2015	CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.
CVE-2015-5777	Apple Inc. Mac Os X	—	0.02	Aug 17, 2015	CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778.
CVE-2015-5776	Apple Inc. Mac Os X	—	0.03	Aug 17, 2015	Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.

CVE-2015-5875Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text.
CVE-2015-5873Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890.
CVE-2015-5872Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890.
CVE-2015-5871Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890.
CVE-2015-5870Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors.
CVE-2015-5866Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-5865Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
CVE-2015-5864Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
CVE-2015-5854Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors.
CVE-2015-5853Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors.
CVE-2015-5849Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection.
CVE-2015-5833Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation.
CVE-2015-5830Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877.
CVE-2015-3785Oct 9, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.
CVE-2015-5783Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3770.
CVE-2015-5782Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
CVE-2015-5781Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.
CVE-2015-5778Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.
CVE-2015-5777Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778.
CVE-2015-5776Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.03
Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.

Page 15 of 26