CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-5786 119 DoS Exec Code Overflow Mem. Corr. 2015-08-24 2015-08-25
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5785.
2 CVE-2015-5785 119 DoS Exec Code Overflow Mem. Corr. 2015-08-24 2015-08-25
6.8
None Remote Medium Not required Partial Partial Partial
Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5786.
3 CVE-2015-5784 264 Exec Code 2015-08-16 2015-08-19
9.3
Admin Remote Medium Not required Complete Complete Complete
runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
4 CVE-2015-5783 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
9.3
None Remote Medium Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3770.
5 CVE-2015-5782 200 +Info 2015-08-16 2015-08-19
4.3
None Remote Medium Not required Partial None None
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
6 CVE-2015-5781 200 +Info 2015-08-16 2015-08-19
4.3
None Remote Medium Not required Partial None None
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.
7 CVE-2015-5779 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-26
7.5
None Remote Low Not required Partial Partial Partial
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5753.
8 CVE-2015-5778 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
6.8
None Remote Medium Not required Partial Partial Partial
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.
9 CVE-2015-5777 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
6.8
None Remote Medium Not required Partial Partial Partial
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778.
10 CVE-2015-5776 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.
11 CVE-2015-5775 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.
12 CVE-2015-5774 119 Overflow +Priv 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
13 CVE-2015-5773 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-20
6.8
None Remote Medium Not required Partial Partial Partial
QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document.
14 CVE-2015-5772 119 Exec Code Overflow 2015-08-16 2015-08-19
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file.
15 CVE-2015-5771 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
6.8
None Remote Medium Not required Partial Partial Partial
Quartz Composer Framework in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted QuickTime file.
16 CVE-2015-5770 264 2015-08-16 2015-08-19
5.8
None Remote Medium Not required None Partial Partial
MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app.
17 CVE-2015-5769 DoS 2015-08-16 2015-08-19
7.1
None Remote Medium Not required None None Complete
The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.
18 CVE-2015-5768 200 +Info 2015-08-16 2015-08-19
4.3
None Remote Medium Not required Partial None None
AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
19 CVE-2015-5766 22 Dir. Trav. 2015-08-16 2015-08-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.
20 CVE-2015-5763 119 DoS Overflow +Priv Mem. Corr. 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
21 CVE-2015-5761 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.
22 CVE-2015-5759 254 2015-08-16 2015-08-19
5.0
None Remote Low Not required None Partial None
WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events.
23 CVE-2015-5758 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
24 CVE-2015-5757 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
9.3
None Remote Medium Not required Complete Complete Complete
libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking.
25 CVE-2015-5756 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
6.8
None Remote Medium Not required Partial Partial Partial
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775.
26 CVE-2015-5755 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.
27 CVE-2015-5754 362 Exec Code 2015-08-16 2015-08-19
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error.
28 CVE-2015-5753 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-18
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5779.
29 CVE-2015-5752 59 Bypass 2015-08-16 2015-08-19
5.0
None Remote Low Not required Partial None None
Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.
30 CVE-2015-5751 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-26
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5753, and CVE-2015-5779.
31 CVE-2015-5750 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode characters.
32 CVE-2015-5749 200 Bypass +Info 2015-08-16 2015-08-19
4.3
None Remote Medium Not required Partial None None
The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
33 CVE-2015-5748 17 DoS 2015-08-16 2015-08-19
2.1
None Local Low Not required None None Partial
The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
34 CVE-2015-5747 399 DoS 2015-08-16 2015-08-19
4.9
None Local Low Not required None None Complete
The fasttrap driver in the kernel in Apple OS X before 10.10.5 allows local users to cause a denial of service (resource consumption) via unspecified vectors.
35 CVE-2015-5746 284 Bypass 2015-08-16 2015-08-19
5.0
None Remote Low Not required Partial None None
AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling.
36 CVE-2015-4000 310 2015-05-20 2015-08-25
4.3
None Remote Medium Not required None Partial None
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
37 CVE-2015-3807 119 DoS Overflow Mem. Corr. +Info 2015-08-16 2015-08-19
4.3
None Remote Medium Not required Partial None None
libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document.
38 CVE-2015-3806 284 Bypass 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.
39 CVE-2015-3805 20 Bypass 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.
40 CVE-2015-3804 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775.
41 CVE-2015-3803 20 Bypass 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file.
42 CVE-2015-3802 20 Bypass 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.
43 CVE-2015-3800 119 DoS Overflow +Priv Mem. Corr. 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.
44 CVE-2015-3799 255 2015-08-16 2015-08-19
9.3
None Remote Medium Not required Complete Complete Complete
The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app.
45 CVE-2015-3798 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3797.
46 CVE-2015-3797 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3798.
47 CVE-2015-3796 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3797 and CVE-2015-3798.
48 CVE-2015-3795 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
9.3
None Remote Medium Not required Complete Complete Complete
libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.
49 CVE-2015-3794 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
6.8
None Remote Medium Not required Partial Partial Partial
The Speech UI in Apple OS X before 10.10.5, when speech alerts are enabled, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Unicode string.
50 CVE-2015-3793 264 Bypass 2015-08-16 2015-08-19
4.3
None Remote Medium Not required Partial None None
CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
Total number of vulnerabilities : 2800   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.