OS X

CVEs (534)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2015-1132	Apple Inc. Mac Os X	—	0.01	Apr 10, 2015	fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
CVE-2015-1131	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
CVE-2015-1118	Apple Inc. Mac Os X	—	0.01	Apr 10, 2015	libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.
CVE-2015-1117	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group…
CVE-2015-1105	Apple Inc. Mac Os X	—	0.06	Apr 10, 2015	The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.
CVE-2015-1104	Apple Inc. Mac Os X	—	0.02	Apr 10, 2015	The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.
CVE-2015-1103	Apple Inc. Mac Os X	—	0.01	Apr 10, 2015	The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a…
CVE-2015-1102	Apple Inc. Mac Os X	—	0.02	Apr 10, 2015	The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.
CVE-2015-1101	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-1099	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.
CVE-2015-1096	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
CVE-2015-1095	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.
CVE-2015-1093	Apple Inc. Mac Os X	—	0.02	Apr 10, 2015	FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
CVE-2015-1091	Apple Inc. Mac Os X	—	0.01	Apr 10, 2015	The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2015-1089	Apple Inc. Mac Os X	—	0.01	Apr 10, 2015	CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2015-1088	Apple Inc. Mac Os X	—	0.02	Apr 10, 2015	CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
CVE-2015-1066	Apple Inc. Mac Os X	—	0.01	Mar 12, 2015	Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2015-1065	Apple Inc. Mac Os X	—	0.00	Mar 12, 2015	Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.
CVE-2015-1061	Apple Inc. Mac Os X	—	0.05	Mar 12, 2015	IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.
CVE-2015-1067	Apple Inc. Mac Os X	—	0.05	Mar 11, 2015	Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related…

CVE-2015-1132Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
CVE-2015-1131Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
CVE-2015-1118Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.
CVE-2015-1117Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group…
CVE-2015-1105Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.06
The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.
CVE-2015-1104Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.
CVE-2015-1103Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a…
CVE-2015-1102Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.
CVE-2015-1101Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-1099Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.
CVE-2015-1096Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
CVE-2015-1095Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.
CVE-2015-1093Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
CVE-2015-1091Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2015-1089Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2015-1088Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
CVE-2015-1066Mar 12, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2015-1065Mar 12, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.
CVE-2015-1061Mar 12, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.05
IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.
CVE-2015-1067Mar 11, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.05
Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related…

Page 22 of 27