CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-3727 264 2015-07-02 2015-07-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site.
2 CVE-2015-3721 200 +Info 2015-07-02 2015-07-07
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app.
3 CVE-2015-3720 200 +Info 2015-07-02 2015-07-07
4.3
None Remote Medium Not required Partial None None
The kernel in Apple OS X before 10.10.4 does not properly manage memory in kernel-extension APIs, which allows attackers to obtain sensitive memory-layout information via a crafted app.
4 CVE-2015-3719 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-07
6.8
None Remote Medium Not required Partial Partial Partial
TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694.
5 CVE-2015-3718 Exec Code 2015-07-02 2015-07-07
6.8
None Remote Medium Not required Partial Partial Partial
systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a "type confusion" issue.
6 CVE-2015-3717 119 DoS Exec Code Overflow 2015-07-02 2015-07-07
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
7 CVE-2015-3716 77 Exec Code 2015-07-02 2015-07-07
4.4
None Local Medium Not required Partial Partial Partial
Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library.
8 CVE-2015-3715 254 Bypass 2015-07-02 2015-07-07
6.8
None Remote Medium Not required Partial Partial Partial
The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrictions via a crafted library.
9 CVE-2015-3714 254 Bypass 2015-07-02 2015-07-07
5.0
None Remote Low Not required None Partial None
Apple OS X before 10.10.4 does not properly consider custom resource rules during app signature verification, which allows attackers to bypass intended launch restrictions via a modified app.
10 CVE-2015-3713 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-07
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file.
11 CVE-2015-3712 119 DoS Exec Code Overflow 2015-07-02 2015-07-07
9.3
Admin Remote Medium Not required Complete Complete Complete
The NVIDIA graphics driver in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds write) via a crafted app.
12 CVE-2015-3711 200 +Info 2015-07-02 2015-07-07
4.3
None Remote Medium Not required Partial None None
The NTFS implementation in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
13 CVE-2015-3710 254 2015-07-02 2015-07-07
4.3
None Remote Medium Not required None Partial None
Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message.
14 CVE-2015-3709 362 Bypass 2015-07-02 2015-07-07
6.9
None Local Medium Not required Complete Complete Complete
Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation.
15 CVE-2015-3708 2015-07-02 2015-07-07
8.8
None Remote Medium Not required None Complete Complete
kextd in kext tools in Apple OS X before 10.10.4 allows attackers to write to arbitrary files via a crafted app that conducts a symlink attack.
16 CVE-2015-3707 DoS Exec Code 2015-07-02 2015-07-07
9.3
Admin Remote Medium Not required Complete Complete Complete
The FireWire driver in IOFireWireFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
17 CVE-2015-3706 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-07
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3705.
18 CVE-2015-3705 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-07
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3706.
19 CVE-2015-3704 264 Exec Code 2015-07-02 2015-07-07
9.3
Admin Remote Medium Not required Complete Complete Complete
runner in Install.framework in the Install Framework Legacy subsystem in Apple OS X before 10.10.4 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
20 CVE-2015-3703 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-07
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image.
21 CVE-2015-3702 119 Overflow +Priv 2015-07-02 2015-07-07
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, and CVE-2015-3701.
22 CVE-2015-3701 119 Overflow +Priv 2015-07-02 2015-07-07
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, and CVE-2015-3702.
23 CVE-2015-3700 119 Overflow +Priv 2015-07-02 2015-07-07
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3701, and CVE-2015-3702.
24 CVE-2015-3699 119 Overflow +Priv 2015-07-02 2015-07-07
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
25 CVE-2015-3698 119 Overflow +Priv 2015-07-02 2015-07-07
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
26 CVE-2015-3697 119 Overflow +Priv 2015-07-02 2015-07-07
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
27 CVE-2015-3696 119 Overflow +Priv 2015-07-02 2015-07-07
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
28 CVE-2015-3695 119 Overflow +Priv 2015-07-02 2015-07-07
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
29 CVE-2015-3694 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
6.8
None Remote Medium Not required Partial Partial Partial
FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719.
30 CVE-2015-3693 254 DoS +Priv Mem. Corr. 2015-07-02 2015-07-07
9.3
None Remote Medium Not required Complete Complete Complete
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations.
31 CVE-2015-3692 284 2015-07-02 2015-07-07
6.8
None Local Low Single system Complete Complete Complete
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges.
32 CVE-2015-3691 284 Exec Code 2015-07-02 2015-07-07
9.3
None Remote Medium Not required Complete Complete Complete
The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer.
33 CVE-2015-3690 200 +Info 2015-07-02 2015-07-06
4.3
None Remote Medium Not required Partial None None
The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
34 CVE-2015-3689 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3688.
35 CVE-2015-3688 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689.
36 CVE-2015-3687 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3688, and CVE-2015-3689.
37 CVE-2015-3686 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689.
38 CVE-2015-3685 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689.
39 CVE-2015-3684 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
6.8
None Remote Medium Not required Partial Partial Partial
The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL.
40 CVE-2015-3683 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
9.3
None Remote Medium Not required Complete Complete Complete
The Bluetooth HCI interface implementation in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
41 CVE-2015-3682 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
6.8
None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3680, and CVE-2015-3681.
42 CVE-2015-3681 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
6.8
None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3680, and CVE-2015-3682.
43 CVE-2015-3680 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
6.8
None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3681, and CVE-2015-3682.
44 CVE-2015-3679 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
6.8
None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3680, CVE-2015-3681, and CVE-2015-3682.
45 CVE-2015-3678 77 DoS +Priv Mem. Corr. 2015-07-02 2015-07-06
7.2
Admin Local Low Not required Complete Complete Complete
AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified Thunderbolt commands.
46 CVE-2015-3677 200 +Info 2015-07-02 2015-07-06
4.3
None Remote Medium Not required Partial None None
The LZVN compression feature in AppleFSCompression in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
47 CVE-2015-3676 200 +Info 2015-07-02 2015-07-06
4.3
None Remote Medium Not required Partial None None
AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information via a crafted app.
48 CVE-2015-3675 284 Bypass 2015-07-02 2015-07-06
5.0
None Remote Low Not required Partial None None
The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL.
49 CVE-2015-3674 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
7.5
None Remote Low Not required Partial Partial Partial
afpserver in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
50 CVE-2015-3673 264 2015-07-02 2015-07-06
7.2
Admin Local Low Not required Complete Complete Complete
Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility.
Total number of vulnerabilities : 1144   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.