CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities Published In 2015 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-8126 119 DoS Overflow 2015-11-12 2017-06-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
2 CVE-2015-7112 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-09-12
9.3
None Remote Medium Not required Complete Complete Complete
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7111.
3 CVE-2015-7111 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-09-12
9.3
None Remote Medium Not required Complete Complete Complete
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7112.
4 CVE-2015-7109 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-09-12
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
5 CVE-2015-7108 119 DoS Overflow +Priv Mem. Corr. 2015-12-11 2017-09-12
7.2
Admin Local Low Not required Complete Complete Complete
The Bluetooth HCI interface in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
6 CVE-2015-7106 119 DoS Overflow +Priv Mem. Corr. 2015-12-11 2017-09-12
7.2
Admin Local Low Not required Complete Complete Complete
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
7 CVE-2015-7084 119 DoS Overflow +Priv Mem. Corr. 2015-12-11 2017-09-12
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083.
8 CVE-2015-7083 119 DoS Overflow +Priv Mem. Corr. 2015-12-11 2017-09-12
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7084.
9 CVE-2015-7078 +Priv 2015-12-11 2017-09-12
7.2
None Local Low Not required Complete Complete Complete
Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects.
10 CVE-2015-7077 119 DoS Overflow +Priv 2015-12-11 2017-09-12
7.2
None Local Low Not required Complete Complete Complete
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access) via unspecified vectors.
11 CVE-2015-7076 DoS +Priv 2015-12-11 2017-09-12
7.2
None Local Low Not required Complete Complete Complete
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
12 CVE-2015-7071 264 Bypass 2015-12-11 2017-09-12
10.0
None Remote Low Not required Complete Complete Complete
The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protection mechanism for app scoped bookmarks via a crafted pathname.
13 CVE-2015-7068 DoS Exec Code 2015-12-11 2017-09-12
9.3
Admin Remote Medium Not required Complete Complete Complete
IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.
14 CVE-2015-7063 264 +Priv 2015-12-11 2017-09-12
7.2
Admin Local Low Not required Complete Complete Complete
The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname.
15 CVE-2015-7052 264 +Priv 2015-12-11 2017-09-12
7.2
Admin Local Low Not required Complete Complete Complete
kext tools in Apple OS X before 10.11.2 mishandles kernel-extension loading, which allows local users to gain privileges via unspecified vectors.
16 CVE-2015-7047 20 +Priv 2015-12-11 2017-09-12
7.2
Admin Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
17 CVE-2015-7044 254 Exec Code 2015-12-11 2017-09-12
7.6
None Remote High Not required Complete Complete Complete
The System Integrity Protection feature in Apple OS X before 10.11.2 mishandles union mounts, which allows attackers to execute arbitrary code in a privileged context via a crafted app with root privileges.
18 CVE-2015-7036 20 DoS Exec Code 2015-11-21 2017-06-30
7.5
None Remote Low Not required Partial Partial Partial
The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.
19 CVE-2015-7035 17 2015-10-23 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors.
20 CVE-2015-7021 119 DoS Overflow +Priv Mem. Corr. 2015-10-23 2015-10-26
7.2
None Local Low Not required Complete Complete Complete
The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or cause a denial of service (kernel memory corruption) via unspecified vectors.
21 CVE-2015-7017 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.
22 CVE-2015-7016 264 +Priv Bypass 2015-10-23 2015-10-26
7.6
None Remote High Not required Complete Complete Complete
The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app.
23 CVE-2015-7007 Bypass 2015-10-23 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.
24 CVE-2015-6994 399 DoS 2015-10-23 2016-12-23
7.1
None Remote Medium Not required None None Complete
The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app.
25 CVE-2015-6992 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.
26 CVE-2015-6988 Exec Code 2015-10-23 2016-12-23
10.0
None Remote Low Not required Complete Complete Complete
The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement.
27 CVE-2015-6984 284 2015-10-23 2015-10-26
8.8
None Remote Medium Not required None Complete Complete
libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack.
28 CVE-2015-6983 2015-10-23 2016-12-23
8.8
None Remote Medium Not required None Complete Complete
Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors.
29 CVE-2015-6975 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.
30 CVE-2015-6974 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-23
9.3
None Remote Medium Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
31 CVE-2015-5945 20 +Priv 2015-10-23 2015-10-26
7.2
None Local Low Not required Complete Complete Complete
The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters.
32 CVE-2015-5932 +Priv 2015-10-23 2015-10-26
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing.
33 CVE-2015-5922 2015-10-09 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors.
34 CVE-2015-5903 119 DoS Overflow +Priv Mem. Corr. 2015-09-18 2016-12-21
10.0
None Remote Low Not required Complete Complete Complete
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896.
35 CVE-2015-5900 254 DoS 2015-10-09 2016-12-07
7.1
None Remote Medium Not required None None Complete
The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address.
36 CVE-2015-5899 119 DoS Overflow +Priv Mem. Corr. 2015-09-18 2016-12-21
7.2
None Local Low Not required Complete Complete Complete
libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
37 CVE-2015-5896 119 DoS Overflow +Priv Mem. Corr. 2015-09-18 2016-12-21
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5903.
38 CVE-2015-5891 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-07
7.2
None Local Low Not required Complete Complete Complete
The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
39 CVE-2015-5890 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-07
7.2
None Local Low Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873.
40 CVE-2015-5889 264 2015-10-09 2016-12-23
7.2
None Local Low Not required Complete Complete Complete
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.
41 CVE-2015-5888 264 2015-10-09 2016-12-07
7.2
Admin Local Low Not required Complete Complete Complete
The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file.
42 CVE-2015-5887 17 2015-10-09 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data.
43 CVE-2015-5882 284 Bypass 2015-09-18 2016-12-21
7.2
None Local Low Not required Complete Complete Complete
The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges.
44 CVE-2015-5877 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-09
7.2
None Local Low Not required Complete Complete Complete
The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830.
45 CVE-2015-5876 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
9.3
None Remote Medium Not required Complete Complete Complete
dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
46 CVE-2015-5874 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
47 CVE-2015-5873 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-09
7.2
None Local Low Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890.
48 CVE-2015-5872 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-09
7.2
None Local Low Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890.
49 CVE-2015-5871 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-09
7.2
None Local Low Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890.
50 CVE-2015-5868 119 DoS Overflow +Priv Mem. Corr. 2015-09-18 2016-12-21
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903.
Total number of vulnerabilities : 201   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.