CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities Published In 2015

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2015-5936 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5937, and CVE-2015-5939.
102 CVE-2015-5935 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5936, CVE-2015-5937, and CVE-2015-5939.
103 CVE-2015-5934 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2015-10-26
6.8
None Remote Medium Not required Partial Partial Partial
Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5933.
104 CVE-2015-5933 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2015-10-26
6.8
None Remote Medium Not required Partial Partial Partial
Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5934.
105 CVE-2015-5932 +Priv 2015-10-23 2015-10-26
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing.
106 CVE-2015-5927 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5942.
107 CVE-2015-5926 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5925.
108 CVE-2015-5925 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926.
109 CVE-2015-5924 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
110 CVE-2015-5922 2015-10-09 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors.
111 CVE-2015-5915 17 2015-10-09 2016-12-07
5.0
None Remote Low Not required None Partial None
Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors.
112 CVE-2015-5914 17 2015-10-09 2016-12-07
4.7
None Local Medium Not required None Complete None
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498.
113 CVE-2015-5913 284 2015-10-09 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request.
114 CVE-2015-5912 17 2015-09-18 2016-12-21
5.0
None Remote Low Not required None Partial None
The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.
115 CVE-2015-5903 119 DoS Overflow +Priv Mem. Corr. 2015-09-18 2016-12-21
10.0
None Remote Low Not required Complete Complete Complete
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896.
116 CVE-2015-5902 DoS 2015-10-09 2016-12-07
4.9
None Local Low Not required None None Complete
The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors.
117 CVE-2015-5901 200 +Info 2015-10-09 2016-12-07
2.1
None Local Low Not required Partial None None
The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive.
118 CVE-2015-5900 254 DoS 2015-10-09 2016-12-07
7.1
None Remote Medium Not required None None Complete
The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address.
119 CVE-2015-5899 119 DoS Overflow +Priv Mem. Corr. 2015-09-18 2016-12-21
7.2
None Local Low Not required Complete Complete Complete
libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
120 CVE-2015-5897 264 +Priv 2015-10-09 2016-12-07
4.6
None Local Low Not required Partial Partial Partial
The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework.
121 CVE-2015-5896 119 DoS Overflow +Priv Mem. Corr. 2015-09-18 2016-12-21
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5903.
122 CVE-2015-5894 17 2015-10-09 2016-12-07
4.3
None Remote Medium Not required None Partial None
The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate.
123 CVE-2015-5893 200 +Info 2015-10-09 2016-12-07
2.1
None Local Low Not required Partial None None
SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
124 CVE-2015-5891 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-07
7.2
None Local Low Not required Complete Complete Complete
The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
125 CVE-2015-5890 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-07
7.2
None Local Low Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873.
126 CVE-2015-5889 264 2015-10-09 2016-12-23
7.2
None Local Low Not required Complete Complete Complete
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.
127 CVE-2015-5888 264 2015-10-09 2016-12-07
7.2
Admin Local Low Not required Complete Complete Complete
The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file.
128 CVE-2015-5887 17 2015-10-09 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data.
129 CVE-2015-5885 200 +Info 2015-09-18 2016-12-21
5.0
None Remote Low Not required Partial None None
The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain.
130 CVE-2015-5884 200 +Info 2015-10-09 2016-12-07
3.3
None Local Network Low Not required Partial None None
The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment.
131 CVE-2015-5883 20 2015-10-09 2016-12-07
5.0
None Remote Low Not required None Partial None
The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence.
132 CVE-2015-5882 284 Bypass 2015-09-18 2016-12-21
7.2
None Local Low Not required Complete Complete Complete
The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges.
133 CVE-2015-5879 20 DoS Bypass 2015-09-18 2016-12-21
5.0
None Remote Low Not required None None Partial
XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header.
134 CVE-2015-5878 200 +Info 2015-10-09 2016-12-09
2.1
None Local Low Not required Partial None None
Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors.
135 CVE-2015-5877 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-09
7.2
None Local Low Not required Complete Complete Complete
The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830.
136 CVE-2015-5876 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
9.3
None Remote Medium Not required Complete Complete Complete
dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
137 CVE-2015-5875 79 XSS 2015-10-09 2016-12-09
2.1
None Local Low Not required None Partial None
Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text.
138 CVE-2015-5874 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
139 CVE-2015-5873 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-09
7.2
None Local Low Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890.
140 CVE-2015-5872 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-09
7.2
None Local Low Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890.
141 CVE-2015-5871 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-09
7.2
None Local Low Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890.
142 CVE-2015-5870 200 +Info 2015-10-09 2016-12-09
2.1
None Local Low Not required Partial None None
The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors.
143 CVE-2015-5869 20 2015-09-18 2016-12-21
3.3
None Local Network Low Not required None Partial None
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
144 CVE-2015-5868 119 DoS Overflow +Priv Mem. Corr. 2015-09-18 2016-12-21
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903.
145 CVE-2015-5866 119 DoS Exec Code Overflow Mem. Corr. 2015-10-09 2016-12-09
9.3
None Remote Medium Not required Complete Complete Complete
IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
146 CVE-2015-5865 200 +Info 2015-10-09 2016-12-09
4.3
None Remote Medium Not required Partial None None
IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
147 CVE-2015-5864 200 +Info 2015-10-09 2016-12-09
2.1
None Local Low Not required Partial None None
IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
148 CVE-2015-5863 200 +Info 2015-09-18 2016-12-21
2.1
None Local Low Not required Partial None None
IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors.
149 CVE-2015-5862 119 DoS Overflow Mem. Corr. 2015-09-18 2016-12-21
4.3
None Remote Medium Not required None None Partial
The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file.
150 CVE-2015-5859 200 +Info 2015-11-21 2015-11-30
4.3
None Remote Medium Not required Partial None None
The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
Total number of vulnerabilities : 444   Page : 1 2 3 (This Page)4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.