Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.42%
Published
2015-10-23
Updated
2016-12-24
The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or cause a denial of service (kernel memory corruption) via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-10-23
Updated
2015-10-27
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.
Max CVSS
7.5
EPSS Score
3.12%
Published
2015-10-23
Updated
2016-12-24
The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app.
Max CVSS
7.6
EPSS Score
0.07%
Published
2015-10-23
Updated
2015-10-27
CVE-2015-7007
Public exploit
Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.
Max CVSS
7.5
EPSS Score
97.29%
Published
2015-10-23
Updated
2016-12-24
The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app.
Max CVSS
7.1
EPSS Score
0.21%
Published
2015-10-23
Updated
2016-12-24
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.
Max CVSS
7.5
EPSS Score
3.12%
Published
2015-10-23
Updated
2016-12-24
The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement.
Max CVSS
10.0
EPSS Score
3.61%
Published
2015-10-23
Updated
2016-12-24
libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack.
Max CVSS
8.8
EPSS Score
0.06%
Published
2015-10-23
Updated
2015-10-26
Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors.
Max CVSS
8.8
EPSS Score
0.64%
Published
2015-10-23
Updated
2016-12-24
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.
Max CVSS
7.5
EPSS Score
3.12%
Published
2015-10-23
Updated
2016-12-24
IOHIDFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Max CVSS
9.3
EPSS Score
0.27%
Published
2015-10-23
Updated
2016-12-24
The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-10-23
Updated
2015-10-27
The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-10-23
Updated
2015-10-26
Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.89%
Published
2015-10-09
Updated
2019-04-23
The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address.
Max CVSS
7.1
EPSS Score
0.27%
Published
2015-10-09
Updated
2016-12-08
The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-10-09
Updated
2016-12-08
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-10-09
Updated
2016-12-08
CVE-2015-5889
Public exploit
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.
Max CVSS
7.2
EPSS Score
0.05%
Published
2015-10-09
Updated
2016-12-24
The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-10-09
Updated
2016-12-08
The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data.
Max CVSS
10.0
EPSS Score
0.65%
Published
2015-10-09
Updated
2016-12-08
The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-10-09
Updated
2016-12-09
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-10-09
Updated
2016-12-09
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-10-09
Updated
2016-12-09
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-10-09
Updated
2016-12-09