Vendor CVEs
Apple Inc.
All CVEs
8,441 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5774 | 0.00 | — | 0.00 | Aug 17, 2015 | Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2015-5773 | 0.00 | — | 0.03 | Aug 17, 2015 | QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document. | |||
| CVE-2015-5772 | 0.00 | — | 0.03 | Aug 17, 2015 | Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file. | |||
| CVE-2015-5771 | 0.00 | — | 0.03 | Aug 17, 2015 | Quartz Composer Framework in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted QuickTime file. | |||
| CVE-2015-5770 | 0.00 | — | 0.01 | Aug 17, 2015 | MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app. | |||
| CVE-2015-5769 | 0.00 | — | 0.02 | Aug 17, 2015 | The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video. | |||
| CVE-2015-5768 | 0.00 | — | 0.01 | Aug 17, 2015 | AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||
| CVE-2015-5766 | 0.00 | — | 0.02 | Aug 17, 2015 | Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling. | |||
| CVE-2015-5763 | 0.00 | — | 0.00 | Aug 17, 2015 | ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2015-5761 | 0.00 | — | 0.03 | Aug 17, 2015 | CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755. | |||
| CVE-2015-5759 | 0.00 | — | 0.02 | Aug 17, 2015 | WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. | |||
| CVE-2015-5758 | 0.00 | — | 0.03 | Aug 17, 2015 | ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. | |||
| CVE-2015-5757 | 0.00 | — | 0.03 | Aug 17, 2015 | libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking. | |||
| CVE-2015-5756 | 0.00 | — | 0.03 | Aug 17, 2015 | FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775. | |||
| CVE-2015-5755 | 0.00 | — | 0.03 | Aug 17, 2015 | CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761. | |||
| CVE-2015-5753 | 0.00 | — | 0.03 | Aug 17, 2015 | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789,… | |||
| CVE-2015-5752 | 0.00 | — | 0.02 | Aug 17, 2015 | Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink. | |||
| CVE-2015-5751 | 0.00 | — | 0.03 | Aug 17, 2015 | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789,… | |||
| CVE-2015-5750 | 0.00 | — | 0.02 | Aug 17, 2015 | Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode characters. | |||
| CVE-2015-5749 | 0.00 | — | 0.01 | Aug 17, 2015 | The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | |||
| CVE-2015-5748 | 0.00 | — | 0.00 | Aug 17, 2015 | The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume. | |||
| CVE-2015-5747 | 0.00 | — | 0.00 | Aug 17, 2015 | The fasttrap driver in the kernel in Apple OS X before 10.10.5 allows local users to cause a denial of service (resource consumption) via unspecified vectors. | |||
| CVE-2015-5746 | 0.00 | — | 0.01 | Aug 17, 2015 | AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling. | |||
| CVE-2015-3807 | 0.00 | — | 0.02 | Aug 17, 2015 | libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document. | |||
| CVE-2015-3806 | 0.00 | — | 0.00 | Aug 17, 2015 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file. | |||
| CVE-2015-3805 | 0.00 | — | 0.00 | Aug 17, 2015 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802. | |||
| CVE-2015-3804 | 0.00 | — | 0.04 | Aug 17, 2015 | FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775. | |||
| CVE-2015-3803 | 0.00 | — | 0.00 | Aug 17, 2015 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file. | |||
| CVE-2015-3802 | 0.00 | — | 0.00 | Aug 17, 2015 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805. | |||
| CVE-2015-3800 | 0.00 | — | 0.00 | Aug 17, 2015 | The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image. | |||
| CVE-2015-3799 | 0.00 | — | 0.02 | Aug 17, 2015 | The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app. | |||
| CVE-2015-3797 | 0.00 | — | 0.03 | Aug 17, 2015 | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than… | |||
| CVE-2015-3795 | 0.00 | — | 0.05 | Aug 17, 2015 | libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message. | |||
| CVE-2015-3794 | 0.00 | — | 0.03 | Aug 17, 2015 | The Speech UI in Apple OS X before 10.10.5, when speech alerts are enabled, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Unicode string. | |||
| CVE-2015-3793 | 0.00 | — | 0.01 | Aug 17, 2015 | CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | |||
| CVE-2015-3792 | 0.00 | — | 0.04 | Aug 17, 2015 | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789,… | |||
| CVE-2015-3791 | 0.00 | — | 0.04 | Aug 17, 2015 | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789,… | |||
| CVE-2015-3790 | 0.00 | — | 0.04 | Aug 17, 2015 | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789,… | |||
| CVE-2015-3789 | 0.00 | — | 0.04 | Aug 17, 2015 | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3790,… | |||
| CVE-2015-3788 | 0.00 | — | 0.04 | Aug 16, 2015 | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3789, CVE-2015-3790,… | |||
| CVE-2015-3787 | 0.00 | — | 0.01 | Aug 16, 2015 | The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets. | |||
| CVE-2015-3786 | 0.00 | — | 0.01 | Aug 16, 2015 | The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired devices via a crafted app. | |||
| CVE-2015-3784 | 0.00 | — | 0.03 | Aug 16, 2015 | Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||
| CVE-2015-3782 | 0.00 | — | 0.01 | Aug 16, 2015 | CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app. | |||
| CVE-2015-3781 | 0.00 | — | 0.02 | Aug 16, 2015 | Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search. | |||
| CVE-2015-3780 | 0.00 | — | 0.01 | Aug 16, 2015 | The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||
| CVE-2015-3779 | 0.00 | — | 0.03 | Aug 16, 2015 | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790,… | |||
| CVE-2015-3778 | 0.00 | — | 0.01 | Aug 16, 2015 | bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. | |||
| CVE-2015-3777 | 0.00 | — | 0.00 | Aug 16, 2015 | Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow local users to gain privileges via XPC messages. | |||
| CVE-2015-3776 | 0.00 | — | 0.03 | Aug 16, 2015 | IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist. |
- CVE-2015-5774Aug 17, 2015risk 0.00cvss —epss 0.00
Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
- CVE-2015-5773Aug 17, 2015risk 0.00cvss —epss 0.03
QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document.
- CVE-2015-5772Aug 17, 2015risk 0.00cvss —epss 0.03
Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file.
- CVE-2015-5771Aug 17, 2015risk 0.00cvss —epss 0.03
Quartz Composer Framework in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted QuickTime file.
- CVE-2015-5770Aug 17, 2015risk 0.00cvss —epss 0.01
MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app.
- CVE-2015-5769Aug 17, 2015risk 0.00cvss —epss 0.02
The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.
- CVE-2015-5768Aug 17, 2015risk 0.00cvss —epss 0.01
AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
- CVE-2015-5766Aug 17, 2015risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.
- CVE-2015-5763Aug 17, 2015risk 0.00cvss —epss 0.00
ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
- CVE-2015-5761Aug 17, 2015risk 0.00cvss —epss 0.03
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.
- CVE-2015-5759Aug 17, 2015risk 0.00cvss —epss 0.02
WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events.
- CVE-2015-5758Aug 17, 2015risk 0.00cvss —epss 0.03
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
- CVE-2015-5757Aug 17, 2015risk 0.00cvss —epss 0.03
libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking.
- CVE-2015-5756Aug 17, 2015risk 0.00cvss —epss 0.03
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775.
- CVE-2015-5755Aug 17, 2015risk 0.00cvss —epss 0.03
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.
- CVE-2015-5753Aug 17, 2015risk 0.00cvss —epss 0.03
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789,…
- CVE-2015-5752Aug 17, 2015risk 0.00cvss —epss 0.02
Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.
- CVE-2015-5751Aug 17, 2015risk 0.00cvss —epss 0.03
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789,…
- CVE-2015-5750Aug 17, 2015risk 0.00cvss —epss 0.02
Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode characters.
- CVE-2015-5749Aug 17, 2015risk 0.00cvss —epss 0.01
The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
- CVE-2015-5748Aug 17, 2015risk 0.00cvss —epss 0.00
The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
- CVE-2015-5747Aug 17, 2015risk 0.00cvss —epss 0.00
The fasttrap driver in the kernel in Apple OS X before 10.10.5 allows local users to cause a denial of service (resource consumption) via unspecified vectors.
- CVE-2015-5746Aug 17, 2015risk 0.00cvss —epss 0.01
AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling.
- CVE-2015-3807Aug 17, 2015risk 0.00cvss —epss 0.02
libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document.
- CVE-2015-3806Aug 17, 2015risk 0.00cvss —epss 0.00
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.
- CVE-2015-3805Aug 17, 2015risk 0.00cvss —epss 0.00
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.
- CVE-2015-3804Aug 17, 2015risk 0.00cvss —epss 0.04
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775.
- CVE-2015-3803Aug 17, 2015risk 0.00cvss —epss 0.00
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file.
- CVE-2015-3802Aug 17, 2015risk 0.00cvss —epss 0.00
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.
- CVE-2015-3800Aug 17, 2015risk 0.00cvss —epss 0.00
The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.
- CVE-2015-3799Aug 17, 2015risk 0.00cvss —epss 0.02
The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app.
- CVE-2015-3797Aug 17, 2015risk 0.00cvss —epss 0.03
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than…
- CVE-2015-3795Aug 17, 2015risk 0.00cvss —epss 0.05
libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.
- CVE-2015-3794Aug 17, 2015risk 0.00cvss —epss 0.03
The Speech UI in Apple OS X before 10.10.5, when speech alerts are enabled, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Unicode string.
- CVE-2015-3793Aug 17, 2015risk 0.00cvss —epss 0.01
CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
- CVE-2015-3792Aug 17, 2015risk 0.00cvss —epss 0.04
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789,…
- CVE-2015-3791Aug 17, 2015risk 0.00cvss —epss 0.04
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789,…
- CVE-2015-3790Aug 17, 2015risk 0.00cvss —epss 0.04
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789,…
- CVE-2015-3789Aug 17, 2015risk 0.00cvss —epss 0.04
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3790,…
- CVE-2015-3788Aug 16, 2015risk 0.00cvss —epss 0.04
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3789, CVE-2015-3790,…
- CVE-2015-3787Aug 16, 2015risk 0.00cvss —epss 0.01
The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets.
- CVE-2015-3786Aug 16, 2015risk 0.00cvss —epss 0.01
The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired devices via a crafted app.
- CVE-2015-3784Aug 16, 2015risk 0.00cvss —epss 0.03
Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
- CVE-2015-3782Aug 16, 2015risk 0.00cvss —epss 0.01
CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.
- CVE-2015-3781Aug 16, 2015risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search.
- CVE-2015-3780Aug 16, 2015risk 0.00cvss —epss 0.01
The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
- CVE-2015-3779Aug 16, 2015risk 0.00cvss —epss 0.03
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790,…
- CVE-2015-3778Aug 16, 2015risk 0.00cvss —epss 0.01
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
- CVE-2015-3777Aug 16, 2015risk 0.00cvss —epss 0.00
Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow local users to gain privileges via XPC messages.
- CVE-2015-3776Aug 16, 2015risk 0.00cvss —epss 0.03
IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
Page 120 of 169