CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities Published In 2015

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2015-3805 20 Bypass 2015-08-16 2016-12-23
7.2
None Local Low Not required Complete Complete Complete
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.
202 CVE-2015-3804 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775.
203 CVE-2015-3803 20 Bypass 2015-08-16 2016-12-23
7.2
None Local Low Not required Complete Complete Complete
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file.
204 CVE-2015-3802 20 Bypass 2015-08-16 2016-12-23
7.2
None Local Low Not required Complete Complete Complete
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.
205 CVE-2015-3800 119 DoS Overflow +Priv Mem. Corr. 2015-08-16 2016-12-23
7.2
None Local Low Not required Complete Complete Complete
The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.
206 CVE-2015-3799 255 2015-08-16 2017-09-20
9.3
None Remote Medium Not required Complete Complete Complete
The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app.
207 CVE-2015-3798 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3797.
208 CVE-2015-3797 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3798.
209 CVE-2015-3796 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2017-09-15
7.5
None Remote Low Not required Partial Partial Partial
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3797 and CVE-2015-3798.
210 CVE-2015-3795 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
9.3
None Remote Medium Not required Complete Complete Complete
libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.
211 CVE-2015-3794 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2017-09-20
6.8
None Remote Medium Not required Partial Partial Partial
The Speech UI in Apple OS X before 10.10.5, when speech alerts are enabled, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Unicode string.
212 CVE-2015-3787 20 DoS 2015-08-16 2017-09-20
3.3
None Local Network Low Not required None None Partial
The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets.
213 CVE-2015-3786 200 +Info 2015-08-16 2017-09-20
4.3
None Remote Medium Not required Partial None None
The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired devices via a crafted app.
214 CVE-2015-3785 Bypass 2015-10-09 2016-12-07
1.9
None Local Medium Not required None Partial None
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.
215 CVE-2015-3784 200 +Info 2015-08-16 2016-12-23
5.0
None Remote Low Not required Partial None None
Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
216 CVE-2015-3783 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
217 CVE-2015-3782 200 +Info 2015-08-16 2016-12-23
4.3
None Remote Medium Not required Partial None None
CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.
218 CVE-2015-3781 79 XSS 2015-08-16 2017-09-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search.
219 CVE-2015-3780 200 +Info 2015-08-16 2017-09-20
4.3
None Remote Medium Not required Partial None None
The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
220 CVE-2015-3778 200 +Info 2015-08-16 2016-12-23
3.3
None Local Network Low Not required Partial None None
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
221 CVE-2015-3777 119 Overflow +Priv 2015-08-16 2017-09-20
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow local users to gain privileges via XPC messages.
222 CVE-2015-3776 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
9.3
None Remote Medium Not required Complete Complete Complete
IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
223 CVE-2015-3775 287 2015-08-16 2017-09-20
7.2
None Local Low Not required Complete Complete Complete
Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors.
224 CVE-2015-3774 20 +Info 2015-08-16 2017-09-20
4.8
None Local Network Low Not required Partial Partial None
The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream.
225 CVE-2015-3773 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
The SMB client in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
226 CVE-2015-3772 119 DoS Overflow +Priv Mem. Corr. 2015-08-16 2017-09-20
7.2
None Local Low Not required Complete Complete Complete
IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3771.
227 CVE-2015-3771 119 DoS Overflow +Priv Mem. Corr. 2015-08-16 2017-09-20
7.2
None Local Low Not required Complete Complete Complete
IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3772.
228 CVE-2015-3770 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2017-09-20
9.3
None Remote Medium Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5783.
229 CVE-2015-3769 119 DoS Overflow +Priv Mem. Corr. 2015-08-16 2017-09-20
7.2
None Local Low Not required Complete Complete Complete
IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3771 and CVE-2015-3772.
230 CVE-2015-3768 189 Exec Code Overflow 2015-08-16 2016-12-23
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.
231 CVE-2015-3767 264 DoS +Priv Mem. Corr. 2015-08-16 2017-09-20
7.2
None Local Low Not required Complete Complete Complete
udf in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.
232 CVE-2015-3766 200 +Info 2015-08-16 2016-12-23
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app.
233 CVE-2015-3764 200 +Info 2015-08-16 2017-09-20
4.3
None Remote Medium Not required Partial None None
Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, which allows attackers to read arbitrary notifications via a crafted app.
234 CVE-2015-3762 200 +Info 2015-08-16 2017-09-20
5.0
None Remote Low Not required Partial None None
The Text Formats component in Apple OS X before 10.10.5, as used in TextEdit, allows remote attackers to read arbitrary files via a text file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
235 CVE-2015-3761 264 +Priv 2015-08-16 2017-09-20
7.2
Admin Local Low Not required Complete Complete Complete
The kernel in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.
236 CVE-2015-3760 20 +Priv 2015-08-16 2017-09-20
7.2
None Local Low Not required Complete Complete Complete
dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.
237 CVE-2015-3757 284 2015-08-16 2017-09-20
2.1
None Local Low Not required None Partial None
Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane.
238 CVE-2015-3727 264 2015-07-02 2016-12-27
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site.
239 CVE-2015-3721 200 +Info 2015-07-02 2017-09-21
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app.
240 CVE-2015-3720 200 +Info 2015-07-02 2016-11-28
4.3
None Remote Medium Not required Partial None None
The kernel in Apple OS X before 10.10.4 does not properly manage memory in kernel-extension APIs, which allows attackers to obtain sensitive memory-layout information via a crafted app.
241 CVE-2015-3719 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694.
242 CVE-2015-3718 Exec Code 2015-07-02 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a "type confusion" issue.
243 CVE-2015-3717 119 DoS Exec Code Overflow 2015-07-02 2017-09-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
244 CVE-2015-3716 77 Exec Code 2015-07-02 2017-09-21
4.4
None Local Medium Not required Partial Partial Partial
Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library.
245 CVE-2015-3715 254 Bypass 2015-07-02 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrictions via a crafted library.
246 CVE-2015-3714 254 Bypass 2015-07-02 2017-09-21
5.0
None Remote Low Not required None Partial None
Apple OS X before 10.10.4 does not properly consider custom resource rules during app signature verification, which allows attackers to bypass intended launch restrictions via a modified app.
247 CVE-2015-3713 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2016-12-30
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file.
248 CVE-2015-3712 119 DoS Exec Code Overflow 2015-07-02 2017-09-21
9.3
Admin Remote Medium Not required Complete Complete Complete
The NVIDIA graphics driver in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds write) via a crafted app.
249 CVE-2015-3711 200 +Info 2015-07-02 2017-09-21
4.3
None Remote Medium Not required Partial None None
The NTFS implementation in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
250 CVE-2015-3710 254 2015-07-02 2017-09-21
4.3
None Remote Medium Not required None Partial None
Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message.
Total number of vulnerabilities : 444   Page : 1 2 3 4 5 (This Page)6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.