OS X

CVEs (508)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2015-3795	Apple Inc. Mac Os X	—	0.02	Aug 17, 2015	libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.
CVE-2015-3794	Apple Inc. Mac Os X	—	0.01	Aug 17, 2015	The Speech UI in Apple OS X before 10.10.5, when speech alerts are enabled, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Unicode string.
CVE-2015-3787	Apple Inc. Mac Os X	—	0.01	Aug 16, 2015	The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets.
CVE-2015-3786	Apple Inc. Mac Os X	—	0.00	Aug 16, 2015	The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired devices via a crafted app.
CVE-2015-3784	Apple Inc. Mac Os X	—	0.01	Aug 16, 2015	Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2015-3782	Apple Inc. Mac Os X	—	0.01	Aug 16, 2015	CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.
CVE-2015-3781	Apple Inc. Mac Os X	—	0.00	Aug 16, 2015	Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search.
CVE-2015-3780	Apple Inc. Mac Os X	—	0.01	Aug 16, 2015	The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
CVE-2015-3779	Apple Inc. Quicktime	—	0.02	Aug 16, 2015	QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790,…
CVE-2015-3778	Apple Inc. Mac Os X	—	0.00	Aug 16, 2015	bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
CVE-2015-3777	Apple Inc. Mac Os X	—	0.00	Aug 16, 2015	Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow local users to gain privileges via XPC messages.
CVE-2015-3776	Apple Inc. Mac Os X	—	0.01	Aug 16, 2015	IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
CVE-2015-3775	Apple Inc. Mac Os X	—	0.00	Aug 16, 2015	Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors.
CVE-2015-3774	Apple Inc. Mac Os X	—	0.00	Aug 16, 2015	The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream.
CVE-2015-3773	Apple Inc. Mac Os X	—	0.02	Aug 16, 2015	The SMB client in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
CVE-2015-3772	Apple Inc. Mac Os X	—	0.00	Aug 16, 2015	IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3771.
CVE-2015-3771	Apple Inc. Mac Os X	—	0.00	Aug 16, 2015	IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3772.
CVE-2015-3770	Apple Inc. Mac Os X	—	0.02	Aug 16, 2015	IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5783.
CVE-2015-3769	Apple Inc. Mac Os X	—	0.00	Aug 16, 2015	IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3771 and CVE-2015-3772.
CVE-2015-3768	Apple Inc. Mac Os X	—	0.01	Aug 16, 2015	Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.

CVE-2015-3795Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.
CVE-2015-3794Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
The Speech UI in Apple OS X before 10.10.5, when speech alerts are enabled, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Unicode string.
CVE-2015-3787Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets.
CVE-2015-3786Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired devices via a crafted app.
CVE-2015-3784Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2015-3782Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.
CVE-2015-3781Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search.
CVE-2015-3780Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
CVE-2015-3779Aug 16, 2015
Apple Inc.
Quicktime
risk 0.00cvss —epss 0.02
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790,…
CVE-2015-3778Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
CVE-2015-3777Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow local users to gain privileges via XPC messages.
CVE-2015-3776Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
CVE-2015-3775Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors.
CVE-2015-3774Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream.
CVE-2015-3773Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
The SMB client in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
CVE-2015-3772Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3771.
CVE-2015-3771Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3772.
CVE-2015-3770Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5783.
CVE-2015-3769Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3771 and CVE-2015-3772.
CVE-2015-3768Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.

Page 17 of 26