The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
Max CVSS
1.9
EPSS Score
0.04%
Published
2015-08-24
Updated
2022-12-13
runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
9.3
EPSS Score
0.26%
Published
2015-08-17
Updated
2017-09-21
IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3770.
Max CVSS
9.3
EPSS Score
0.22%
Published
2015-08-17
Updated
2017-09-21
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
Max CVSS
4.3
EPSS Score
0.69%
Published
2015-08-17
Updated
2016-12-24
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.
Max CVSS
4.3
EPSS Score
0.58%
Published
2015-08-17
Updated
2016-12-24
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.
Max CVSS
6.8
EPSS Score
1.52%
Published
2015-08-17
Updated
2016-12-24
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778.
Max CVSS
6.8
EPSS Score
1.52%
Published
2015-08-17
Updated
2016-12-24
Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.
Max CVSS
7.5
EPSS Score
3.26%
Published
2015-08-17
Updated
2016-12-24
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.
Max CVSS
7.5
EPSS Score
3.26%
Published
2015-08-17
Updated
2016-12-24
Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-08-17
Updated
2016-12-24
QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document.
Max CVSS
6.8
EPSS Score
2.00%
Published
2015-08-17
Updated
2016-12-24
Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file.
Max CVSS
6.8
EPSS Score
1.38%
Published
2015-08-17
Updated
2017-09-21
Quartz Composer Framework in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted QuickTime file.
Max CVSS
6.8
EPSS Score
0.98%
Published
2015-08-17
Updated
2017-09-21
AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
Max CVSS
4.3
EPSS Score
0.21%
Published
2015-08-17
Updated
2017-09-21
ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-08-17
Updated
2017-09-21
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.
Max CVSS
6.8
EPSS Score
1.84%
Published
2015-08-17
Updated
2016-12-24
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
Max CVSS
6.8
EPSS Score
3.51%
Published
2015-08-17
Updated
2016-12-24
libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking.
Max CVSS
9.3
EPSS Score
0.29%
Published
2015-08-17
Updated
2016-12-24
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775.
Max CVSS
6.8
EPSS Score
2.00%
Published
2015-08-17
Updated
2016-12-24
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.
Max CVSS
6.8
EPSS Score
1.84%
Published
2015-08-17
Updated
2016-12-24
Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error.
Max CVSS
9.3
EPSS Score
0.27%
Published
2015-08-17
Updated
2017-09-21
Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode characters.
Max CVSS
7.5
EPSS Score
0.81%
Published
2015-08-17
Updated
2017-09-21
The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-08-17
Updated
2017-09-21
The fasttrap driver in the kernel in Apple OS X before 10.10.5 allows local users to cause a denial of service (resource consumption) via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2015-08-17
Updated
2017-09-21
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
Max CVSS
4.3
EPSS Score
1.54%
Published
2015-08-11
Updated
2016-12-08