CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-5779 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-26
7.5
None Remote Low Not required Partial Partial Partial
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5753.
2 CVE-2015-5776 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.
3 CVE-2015-5775 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.
4 CVE-2015-5774 119 Overflow +Priv 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
5 CVE-2015-5769 DoS 2015-08-16 2015-08-19
7.1
None Remote Medium Not required None None Complete
The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.
6 CVE-2015-5763 119 DoS Overflow +Priv Mem. Corr. 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
7 CVE-2015-5750 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode characters.
8 CVE-2015-3806 284 Bypass 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.
9 CVE-2015-3805 20 Bypass 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.
10 CVE-2015-3804 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775.
11 CVE-2015-3803 20 Bypass 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file.
12 CVE-2015-3802 20 Bypass 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.
13 CVE-2015-3800 119 DoS Overflow +Priv Mem. Corr. 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.
14 CVE-2015-3798 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3797.
15 CVE-2015-3797 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3798.
16 CVE-2015-3796 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3797 and CVE-2015-3798.
17 CVE-2015-3783 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
18 CVE-2015-3777 119 Overflow +Priv 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow local users to gain privileges via XPC messages.
19 CVE-2015-3775 287 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors.
20 CVE-2015-3773 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2015-08-19
7.5
None Remote Low Not required Partial Partial Partial
The SMB client in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
21 CVE-2015-3772 119 DoS Overflow +Priv Mem. Corr. 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3771.
22 CVE-2015-3771 119 DoS Overflow +Priv Mem. Corr. 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3772.
23 CVE-2015-3769 119 DoS Overflow +Priv Mem. Corr. 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3771 and CVE-2015-3772.
24 CVE-2015-3767 264 DoS +Priv Mem. Corr. 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
udf in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.
25 CVE-2015-3761 264 +Priv 2015-08-16 2015-08-19
7.2
Admin Local Low Not required Complete Complete Complete
The kernel in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.
26 CVE-2015-3760 20 +Priv 2015-08-16 2015-08-19
7.2
None Local Low Not required Complete Complete Complete
dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.
27 CVE-2015-3717 119 DoS Exec Code Overflow 2015-07-02 2015-07-07
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
28 CVE-2015-3702 119 Overflow +Priv 2015-07-02 2015-07-07
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, and CVE-2015-3701.
29 CVE-2015-3701 119 Overflow +Priv 2015-07-02 2015-07-07
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, and CVE-2015-3702.
30 CVE-2015-3700 119 Overflow +Priv 2015-07-02 2015-07-07
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3701, and CVE-2015-3702.
31 CVE-2015-3699 119 Overflow +Priv 2015-07-02 2015-07-07
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
32 CVE-2015-3698 119 Overflow +Priv 2015-07-02 2015-07-07
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
33 CVE-2015-3697 119 Overflow +Priv 2015-07-02 2015-07-07
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
34 CVE-2015-3696 119 Overflow +Priv 2015-07-02 2015-07-07
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
35 CVE-2015-3695 119 Overflow +Priv 2015-07-02 2015-07-07
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
36 CVE-2015-3678 77 DoS +Priv Mem. Corr. 2015-07-02 2015-07-06
7.2
Admin Local Low Not required Complete Complete Complete
AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified Thunderbolt commands.
37 CVE-2015-3674 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
7.5
None Remote Low Not required Partial Partial Partial
afpserver in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
38 CVE-2015-3673 264 2015-07-02 2015-07-06
7.2
Admin Local Low Not required Complete Complete Complete
Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility.
39 CVE-2015-3672 284 2015-07-02 2015-07-06
7.2
Admin Local Low Not required Complete Complete Complete
Admin Framework in Apple OS X before 10.10.4 does not properly handle authentication errors, which allows local users to obtain admin privileges via unspecified vectors.
40 CVE-2015-3671 284 Bypass 2015-07-02 2015-07-06
7.2
Admin Local Low Not required Complete Complete Complete
Admin Framework in Apple OS X before 10.10.4 does not properly verify XPC entitlements, which allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
41 CVE-2015-3055 Exec Code 2015-05-13 2015-05-15
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3059, and CVE-2015-3075.
42 CVE-2015-1212 DoS 2015-02-06 2015-03-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
43 CVE-2015-1211 264 +Priv 2015-02-06 2015-03-11
7.5
None Remote Low Not required Partial Partial Partial
The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI.
44 CVE-2015-1209 DoS 2015-02-06 2015-03-11
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor.
45 CVE-2015-1157 17 DoS 2015-05-27 2015-07-13
7.8
None Remote Low Not required None None Complete
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.
46 CVE-2015-1149 189 DoS Overflow 2015-04-10 2015-04-14
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion.
47 CVE-2015-1144 119 Overflow +Priv 2015-04-10 2015-04-29
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier.
48 CVE-2015-1143 +Priv 2015-04-10 2015-04-29
7.2
None Local Low Not required Complete Complete Complete
LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue.
49 CVE-2015-1140 119 Overflow +Priv 2015-04-10 2015-04-29
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors.
50 CVE-2015-1137 DoS +Priv 2015-04-10 2015-04-29
7.2
None Local Low Not required Complete Complete Complete
The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type.
Total number of vulnerabilities : 486   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.