Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
Max CVSS
7.5
EPSS Score
1.49%
Published
2015-11-13
Updated
2022-05-13
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7111.
Max CVSS
9.3
EPSS Score
0.29%
Published
2015-12-11
Updated
2019-03-08
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7112.
Max CVSS
9.3
EPSS Score
0.27%
Published
2015-12-11
Updated
2019-03-08
IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Max CVSS
9.3
EPSS Score
0.25%
Published
2015-12-11
Updated
2017-09-13
The Bluetooth HCI interface in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-12-11
Updated
2017-09-13
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-12-11
Updated
2017-09-13
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-12-11
Updated
2019-03-08
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7084.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-12-11
Updated
2019-03-08
Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-12-11
Updated
2017-09-13
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access) via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-12-11
Updated
2017-09-13
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-12-11
Updated
2017-09-13
The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protection mechanism for app scoped bookmarks via a crafted pathname.
Max CVSS
10.0
EPSS Score
0.35%
Published
2015-12-11
Updated
2017-09-13
IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.
Max CVSS
9.3
EPSS Score
0.25%
Published
2015-12-11
Updated
2019-03-25
The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-12-11
Updated
2017-09-13
kext tools in Apple OS X before 10.11.2 mishandles kernel-extension loading, which allows local users to gain privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-12-11
Updated
2017-09-13
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-12-11
Updated
2019-03-08
The System Integrity Protection feature in Apple OS X before 10.11.2 mishandles union mounts, which allows attackers to execute arbitrary code in a privileged context via a crafted app with root privileges.
Max CVSS
7.6
EPSS Score
0.19%
Published
2015-12-11
Updated
2017-09-13
The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.
Max CVSS
7.5
EPSS Score
3.34%
Published
2015-11-22
Updated
2017-07-01
Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.42%
Published
2015-10-23
Updated
2016-12-24
The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or cause a denial of service (kernel memory corruption) via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-10-23
Updated
2015-10-27
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.
Max CVSS
7.5
EPSS Score
3.12%
Published
2015-10-23
Updated
2016-12-24
The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app.
Max CVSS
7.6
EPSS Score
0.07%
Published
2015-10-23
Updated
2015-10-27
CVE-2015-7007
Public exploit
Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.
Max CVSS
7.5
EPSS Score
97.29%
Published
2015-10-23
Updated
2016-12-24
The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app.
Max CVSS
7.1
EPSS Score
0.21%
Published
2015-10-23
Updated
2016-12-24
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.
Max CVSS
7.5
EPSS Score
3.12%
Published
2015-10-23
Updated
2016-12-24