Vendor CVEs
Apple Inc.
All CVEs
8,439 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3675 | 0.00 | — | 0.02 | Jul 3, 2015 | The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL. | |||
| CVE-2015-3674 | 0.00 | — | 0.03 | Jul 3, 2015 | afpserver in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2015-3672 | 0.00 | — | 0.00 | Jul 3, 2015 | Admin Framework in Apple OS X before 10.10.4 does not properly handle authentication errors, which allows local users to obtain admin privileges via unspecified vectors. | |||
| CVE-2015-3671 | 0.00 | — | 0.00 | Jul 3, 2015 | Admin Framework in Apple OS X before 10.10.4 does not properly verify XPC entitlements, which allows local users to bypass authentication and obtain admin privileges via unspecified vectors. | |||
| CVE-2015-3669 | 0.00 | — | 0.03 | Jul 3, 2015 | QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3665. | |||
| CVE-2015-3668 | 0.00 | — | 0.03 | Jul 3, 2015 | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661,… | |||
| CVE-2015-3667 | 0.00 | — | 0.04 | Jul 3, 2015 | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661,… | |||
| CVE-2015-3666 | 0.00 | — | 0.03 | Jul 3, 2015 | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661,… | |||
| CVE-2015-3665 | 0.00 | — | 0.03 | Jul 3, 2015 | QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3669. | |||
| CVE-2015-3664 | 0.00 | — | 0.03 | Jul 3, 2015 | QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3665 and CVE-2015-3669. | |||
| CVE-2015-3663 | 0.00 | — | 0.03 | Jul 3, 2015 | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661,… | |||
| CVE-2015-3662 | 0.00 | — | 0.03 | Jul 3, 2015 | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661,… | |||
| CVE-2015-3661 | 0.00 | — | 0.03 | Jul 3, 2015 | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3662,… | |||
| CVE-2015-3660 | 0.00 | — | 0.02 | Jul 3, 2015 | Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content. | |||
| CVE-2015-3659 | 0.00 | — | 0.03 | Jul 3, 2015 | The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute… | |||
| CVE-2015-3658 | 0.00 | — | 0.02 | Jul 3, 2015 | The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for… | |||
| CVE-2015-1157 | 0.00 | — | 0.06 | May 28, 2015 | CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1)… | |||
| CVE-2015-1156 | 0.00 | — | 0.02 | May 8, 2015 | The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the… | |||
| CVE-2015-1154 | 0.00 | — | 0.02 | May 8, 2015 | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and… | |||
| CVE-2015-1153 | 0.00 | — | 0.03 | May 8, 2015 | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and… | |||
| CVE-2015-1152 | 0.00 | — | 0.03 | May 8, 2015 | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and… | |||
| CVE-2015-1151 | 0.00 | — | 0.02 | Apr 28, 2015 | Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client. | |||
| CVE-2015-1150 | 0.00 | — | 0.02 | Apr 28, 2015 | The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended. | |||
| CVE-2015-3416 | 0.00 | — | 0.06 | Apr 24, 2015 | The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or… | |||
| CVE-2015-3415 | 0.00 | — | 0.05 | Apr 24, 2015 | The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as… | |||
| CVE-2015-3414 | 0.00 | — | 0.05 | Apr 24, 2015 | SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE… | |||
| CVE-2015-3027 | 0.00 | — | 0.01 | Apr 10, 2015 | Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C… | |||
| CVE-2015-1149 | 0.00 | — | 0.02 | Apr 10, 2015 | Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion. | |||
| CVE-2015-1148 | 0.00 | — | 0.01 | Apr 10, 2015 | Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file. | |||
| CVE-2015-1147 | 0.00 | — | 0.02 | Apr 10, 2015 | Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2015-1146 | 0.00 | — | 0.00 | Apr 10, 2015 | The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145. | |||
| CVE-2015-1145 | 0.00 | — | 0.00 | Apr 10, 2015 | The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146. | |||
| CVE-2015-1144 | 0.00 | — | 0.00 | Apr 10, 2015 | Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier. | |||
| CVE-2015-1143 | 0.00 | — | 0.00 | Apr 10, 2015 | LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue. | |||
| CVE-2015-1142 | 0.00 | — | 0.00 | Apr 10, 2015 | LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data. | |||
| CVE-2015-1141 | 0.00 | — | 0.00 | Apr 10, 2015 | The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors. | |||
| CVE-2015-1140 | 0.00 | — | 0.01 | Apr 10, 2015 | Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2015-1139 | 0.00 | — | 0.04 | Apr 10, 2015 | ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file. | |||
| CVE-2015-1138 | 0.00 | — | 0.00 | Apr 10, 2015 | Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors. | |||
| CVE-2015-1137 | 0.00 | — | 0.00 | Apr 10, 2015 | The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type. | |||
| CVE-2015-1136 | 0.00 | — | 0.04 | Apr 10, 2015 | Use-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code by leveraging improper use of a mutex. | |||
| CVE-2015-1135 | 0.00 | — | 0.01 | Apr 10, 2015 | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134. | |||
| CVE-2015-1134 | 0.00 | — | 0.01 | Apr 10, 2015 | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135. | |||
| CVE-2015-1133 | 0.00 | — | 0.01 | Apr 10, 2015 | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135. | |||
| CVE-2015-1132 | 0.00 | — | 0.04 | Apr 10, 2015 | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135. | |||
| CVE-2015-1131 | 0.00 | — | 0.01 | Apr 10, 2015 | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135. | |||
| CVE-2015-1129 | 0.00 | — | 0.01 | Apr 10, 2015 | Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site. | |||
| CVE-2015-1128 | 0.00 | — | 0.01 | Apr 10, 2015 | The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests. | |||
| CVE-2015-1127 | 0.00 | — | 0.00 | Apr 10, 2015 | The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries. | |||
| CVE-2015-1125 | 0.00 | — | 0.01 | Apr 10, 2015 | The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site. |
- CVE-2015-3675Jul 3, 2015risk 0.00cvss —epss 0.02
The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL.
- CVE-2015-3674Jul 3, 2015risk 0.00cvss —epss 0.03
afpserver in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
- CVE-2015-3672Jul 3, 2015risk 0.00cvss —epss 0.00
Admin Framework in Apple OS X before 10.10.4 does not properly handle authentication errors, which allows local users to obtain admin privileges via unspecified vectors.
- CVE-2015-3671Jul 3, 2015risk 0.00cvss —epss 0.00
Admin Framework in Apple OS X before 10.10.4 does not properly verify XPC entitlements, which allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
- CVE-2015-3669Jul 3, 2015risk 0.00cvss —epss 0.03
QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3665.
- CVE-2015-3668Jul 3, 2015risk 0.00cvss —epss 0.03
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661,…
- CVE-2015-3667Jul 3, 2015risk 0.00cvss —epss 0.04
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661,…
- CVE-2015-3666Jul 3, 2015risk 0.00cvss —epss 0.03
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661,…
- CVE-2015-3665Jul 3, 2015risk 0.00cvss —epss 0.03
QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3669.
- CVE-2015-3664Jul 3, 2015risk 0.00cvss —epss 0.03
QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3665 and CVE-2015-3669.
- CVE-2015-3663Jul 3, 2015risk 0.00cvss —epss 0.03
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661,…
- CVE-2015-3662Jul 3, 2015risk 0.00cvss —epss 0.03
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661,…
- CVE-2015-3661Jul 3, 2015risk 0.00cvss —epss 0.03
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3662,…
- CVE-2015-3660Jul 3, 2015risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content.
- CVE-2015-3659Jul 3, 2015risk 0.00cvss —epss 0.03
The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute…
- CVE-2015-3658Jul 3, 2015risk 0.00cvss —epss 0.02
The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for…
- CVE-2015-1157May 28, 2015risk 0.00cvss —epss 0.06
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1)…
- CVE-2015-1156May 8, 2015risk 0.00cvss —epss 0.02
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the…
- CVE-2015-1154May 8, 2015risk 0.00cvss —epss 0.02
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and…
- CVE-2015-1153May 8, 2015risk 0.00cvss —epss 0.03
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and…
- CVE-2015-1152May 8, 2015risk 0.00cvss —epss 0.03
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and…
- CVE-2015-1151Apr 28, 2015risk 0.00cvss —epss 0.02
Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client.
- CVE-2015-1150Apr 28, 2015risk 0.00cvss —epss 0.02
The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended.
- CVE-2015-3416Apr 24, 2015risk 0.00cvss —epss 0.06
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or…
- CVE-2015-3415Apr 24, 2015risk 0.00cvss —epss 0.05
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as…
- CVE-2015-3414Apr 24, 2015risk 0.00cvss —epss 0.05
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE…
- CVE-2015-3027Apr 10, 2015risk 0.00cvss —epss 0.01
Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C…
- CVE-2015-1149Apr 10, 2015risk 0.00cvss —epss 0.02
Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion.
- CVE-2015-1148Apr 10, 2015risk 0.00cvss —epss 0.01
Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file.
- CVE-2015-1147Apr 10, 2015risk 0.00cvss —epss 0.02
Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network.
- CVE-2015-1146Apr 10, 2015risk 0.00cvss —epss 0.00
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145.
- CVE-2015-1145Apr 10, 2015risk 0.00cvss —epss 0.00
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146.
- CVE-2015-1144Apr 10, 2015risk 0.00cvss —epss 0.00
Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier.
- CVE-2015-1143Apr 10, 2015risk 0.00cvss —epss 0.00
LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue.
- CVE-2015-1142Apr 10, 2015risk 0.00cvss —epss 0.00
LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data.
- CVE-2015-1141Apr 10, 2015risk 0.00cvss —epss 0.00
The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors.
- CVE-2015-1140Apr 10, 2015risk 0.00cvss —epss 0.01
Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors.
- CVE-2015-1139Apr 10, 2015risk 0.00cvss —epss 0.04
ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file.
- CVE-2015-1138Apr 10, 2015risk 0.00cvss —epss 0.00
Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors.
- CVE-2015-1137Apr 10, 2015risk 0.00cvss —epss 0.00
The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type.
- CVE-2015-1136Apr 10, 2015risk 0.00cvss —epss 0.04
Use-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code by leveraging improper use of a mutex.
- CVE-2015-1135Apr 10, 2015risk 0.00cvss —epss 0.01
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134.
- CVE-2015-1134Apr 10, 2015risk 0.00cvss —epss 0.01
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135.
- CVE-2015-1133Apr 10, 2015risk 0.00cvss —epss 0.01
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135.
- CVE-2015-1132Apr 10, 2015risk 0.00cvss —epss 0.04
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
- CVE-2015-1131Apr 10, 2015risk 0.00cvss —epss 0.01
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
- CVE-2015-1129Apr 10, 2015risk 0.00cvss —epss 0.01
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.
- CVE-2015-1128Apr 10, 2015risk 0.00cvss —epss 0.01
The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests.
- CVE-2015-1127Apr 10, 2015risk 0.00cvss —epss 0.00
The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.
- CVE-2015-1125Apr 10, 2015risk 0.00cvss —epss 0.01
The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.
Page 123 of 169