| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
47351 |
CVE-2015-1143 |
|
|
+Priv |
2015-04-10 |
2015-09-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue. |
|
47352 |
CVE-2015-1141 |
|
|
DoS |
2015-04-10 |
2015-09-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors. |
|
47353 |
CVE-2015-1140 |
119 |
|
Overflow +Priv |
2015-04-10 |
2015-09-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors. |
|
47354 |
CVE-2015-1139 |
20 |
|
DoS Exec Code Mem. Corr. |
2015-04-10 |
2015-09-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file. |
|
47355 |
CVE-2015-1138 |
20 |
|
DoS |
2015-04-10 |
2015-09-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors. |
|
47356 |
CVE-2015-1137 |
|
|
DoS +Priv |
2015-04-10 |
2015-09-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type. |
|
47357 |
CVE-2015-1136 |
|
|
Exec Code |
2015-04-10 |
2015-09-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code by leveraging improper use of a mutex. |
|
47358 |
CVE-2015-1135 |
20 |
|
+Priv |
2015-04-10 |
2015-09-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134. |
|
47359 |
CVE-2015-1134 |
20 |
|
+Priv |
2015-04-10 |
2015-09-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135. |
|
47360 |
CVE-2015-1133 |
20 |
|
+Priv |
2015-04-10 |
2015-09-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135. |
|
47361 |
CVE-2015-1132 |
20 |
|
+Priv |
2015-04-10 |
2015-09-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135. |
|
47362 |
CVE-2015-1131 |
20 |
|
+Priv |
2015-04-10 |
2015-09-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135. |
|
47363 |
CVE-2015-1130 |
254 |
|
Bypass |
2015-04-10 |
2015-09-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors. |
|
47364 |
CVE-2015-1129 |
310 |
|
|
2015-04-10 |
2015-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site. |
|
47365 |
CVE-2015-1128 |
200 |
|
+Info |
2015-04-10 |
2015-09-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests. |
|
47366 |
CVE-2015-1126 |
20 |
|
|
2015-04-10 |
2015-09-11 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors. |
|
47367 |
CVE-2015-1125 |
17 |
|
|
2015-04-10 |
2015-09-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site. |
|
47368 |
CVE-2015-1124 |
|
|
DoS Exec Code Mem. Corr. |
2015-04-10 |
2016-11-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. |
|
47369 |
CVE-2015-1123 |
|
|
DoS Exec Code Mem. Corr. |
2015-04-10 |
2015-09-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4. |
|
47370 |
CVE-2015-1122 |
|
|
DoS Exec Code Mem. Corr. |
2015-04-10 |
2016-12-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. |
|
47371 |
CVE-2015-1121 |
|
|
DoS Exec Code Mem. Corr. |
2015-04-10 |
2016-11-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. |
|
47372 |
CVE-2015-1120 |
|
|
DoS Exec Code Mem. Corr. |
2015-04-10 |
2016-12-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. |
|
47373 |
CVE-2015-1119 |
|
|
DoS Exec Code Mem. Corr. |
2015-04-10 |
2016-11-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. |
|
47374 |
CVE-2015-1118 |
|
|
DoS Mem. Corr. |
2015-04-10 |
2015-09-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile. |
|
47375 |
CVE-2015-1117 |
264 |
|
Exec Code |
2015-04-10 |
2016-12-07 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app. |
|
47376 |
CVE-2015-1115 |
284 |
|
Bypass |
2015-04-10 |
2017-01-02 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app. |
|
47377 |
CVE-2015-1112 |
200 |
|
+Info |
2015-04-10 |
2015-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file. |
|
47378 |
CVE-2015-1111 |
200 |
|
+Info |
2015-04-10 |
2017-01-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file. |
|
47379 |
CVE-2015-1110 |
200 |
|
+Info |
2015-04-10 |
2017-01-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data. |
|
47380 |
CVE-2015-1105 |
20 |
|
DoS |
2015-04-10 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets. |
|
47381 |
CVE-2015-1104 |
20 |
|
Bypass |
2015-04-10 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet. |
|
47382 |
CVE-2015-1103 |
20 |
|
DoS +Info |
2015-04-10 |
2016-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet. |
|
47383 |
CVE-2015-1102 |
20 |
|
DoS |
2015-04-10 |
2016-12-07 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors. |
|
47384 |
CVE-2015-1101 |
|
|
DoS Exec Code Mem. Corr. |
2015-04-10 |
2016-12-07 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
|
47385 |
CVE-2015-1100 |
119 |
|
DoS Overflow +Info |
2015-04-10 |
2016-12-07 |
5.4 |
None |
Local |
Medium |
Not required |
Partial |
None |
Complete |
|
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app. |
|
47386 |
CVE-2015-1099 |
362 |
|
DoS |
2015-04-10 |
2016-12-07 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app. |
|
47387 |
CVE-2015-1098 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-04-10 |
2019-09-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. |
|
47388 |
CVE-2015-1095 |
|
|
DoS Exec Code Mem. Corr. |
2015-04-10 |
2015-08-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device. |
|
47389 |
CVE-2015-1093 |
|
|
DoS Exec Code Mem. Corr. |
2015-04-10 |
2017-01-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. |
|
47390 |
CVE-2015-1092 |
|
|
|
2015-04-10 |
2017-01-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
|
47391 |
CVE-2015-1091 |
200 |
|
Bypass +Info |
2015-04-10 |
2017-01-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. |
|
47392 |
CVE-2015-1090 |
200 |
|
+Info |
2015-04-10 |
2017-01-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file. |
|
47393 |
CVE-2015-1089 |
200 |
|
Bypass +Info |
2015-04-10 |
2017-01-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. |
|
47394 |
CVE-2015-1088 |
20 |
|
Exec Code |
2015-04-10 |
2017-01-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site. |
|
47395 |
CVE-2015-1086 |
20 |
|
Exec Code |
2015-04-10 |
2015-09-30 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
47396 |
CVE-2015-1084 |
17 |
|
|
2015-03-18 |
2015-09-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. |
|
47397 |
CVE-2015-1083 |
399 |
|
DoS Exec Code Mem. Corr. |
2015-03-18 |
2016-12-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. |
|
47398 |
CVE-2015-1082 |
399 |
|
DoS Exec Code Mem. Corr. |
2015-03-18 |
2015-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. |
|
47399 |
CVE-2015-1081 |
399 |
|
DoS Exec Code Mem. Corr. |
2015-03-18 |
2016-12-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. |
|
47400 |
CVE-2015-1080 |
399 |
|
DoS Exec Code Mem. Corr. |
2015-03-18 |
2015-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. |
