# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
251 |
CVE-2015-3709 |
362 |
|
Bypass |
2015-07-02 |
2017-09-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation. |
252 |
CVE-2015-3708 |
|
|
|
2015-07-02 |
2017-09-21 |
8.8 |
None |
Remote |
Medium |
Not required |
None |
Complete |
Complete |
kextd in kext tools in Apple OS X before 10.10.4 allows attackers to write to arbitrary files via a crafted app that conducts a symlink attack. |
253 |
CVE-2015-3707 |
|
|
DoS Exec Code |
2015-07-02 |
2017-09-21 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The FireWire driver in IOFireWireFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. |
254 |
CVE-2015-3706 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3705. |
255 |
CVE-2015-3705 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3706. |
256 |
CVE-2015-3704 |
264 |
|
Exec Code |
2015-07-02 |
2017-09-21 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
runner in Install.framework in the Install Framework Legacy subsystem in Apple OS X before 10.10.4 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app. |
257 |
CVE-2015-3703 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image. |
258 |
CVE-2015-3702 |
119 |
|
Overflow +Priv |
2015-07-02 |
2017-09-21 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, and CVE-2015-3701. |
259 |
CVE-2015-3701 |
119 |
|
Overflow +Priv |
2015-07-02 |
2017-09-21 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, and CVE-2015-3702. |
260 |
CVE-2015-3700 |
119 |
|
Overflow +Priv |
2015-07-02 |
2017-09-21 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3701, and CVE-2015-3702. |
261 |
CVE-2015-3699 |
119 |
|
Overflow +Priv |
2015-07-02 |
2017-09-21 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702. |
262 |
CVE-2015-3698 |
119 |
|
Overflow +Priv |
2015-07-02 |
2017-09-21 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702. |
263 |
CVE-2015-3697 |
119 |
|
Overflow +Priv |
2015-07-02 |
2017-09-21 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702. |
264 |
CVE-2015-3696 |
119 |
|
Overflow +Priv |
2015-07-02 |
2017-09-21 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702. |
265 |
CVE-2015-3695 |
119 |
|
Overflow +Priv |
2015-07-02 |
2017-09-21 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702. |
266 |
CVE-2015-3694 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719. |
267 |
CVE-2015-3693 |
254 |
|
DoS +Priv Mem. Corr. |
2015-07-02 |
2016-12-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations. |
268 |
CVE-2015-3692 |
284 |
|
|
2015-07-02 |
2016-12-05 |
6.8 |
None |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges. |
269 |
CVE-2015-3691 |
284 |
|
Exec Code |
2015-07-02 |
2017-09-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer. |
270 |
CVE-2015-3690 |
200 |
|
+Info |
2015-07-02 |
2017-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. |
271 |
CVE-2015-3689 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3688. |
272 |
CVE-2015-3688 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689. |
273 |
CVE-2015-3687 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3688, and CVE-2015-3689. |
274 |
CVE-2015-3686 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689. |
275 |
CVE-2015-3685 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689. |
276 |
CVE-2015-3684 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL. |
277 |
CVE-2015-3683 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The Bluetooth HCI interface implementation in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
278 |
CVE-2015-3682 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3680, and CVE-2015-3681. |
279 |
CVE-2015-3681 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3680, and CVE-2015-3682. |
280 |
CVE-2015-3680 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3681, and CVE-2015-3682. |
281 |
CVE-2015-3679 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3680, CVE-2015-3681, and CVE-2015-3682. |
282 |
CVE-2015-3678 |
77 |
|
DoS +Priv Mem. Corr. |
2015-07-02 |
2017-09-21 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified Thunderbolt commands. |
283 |
CVE-2015-3677 |
200 |
|
+Info |
2015-07-02 |
2017-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The LZVN compression feature in AppleFSCompression in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. |
284 |
CVE-2015-3676 |
200 |
|
+Info |
2015-07-02 |
2017-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information via a crafted app. |
285 |
CVE-2015-3675 |
284 |
|
Bypass |
2015-07-02 |
2017-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL. |
286 |
CVE-2015-3674 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2017-09-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
afpserver in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
287 |
CVE-2015-3673 |
264 |
|
|
2015-07-02 |
2017-09-21 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility. |
288 |
CVE-2015-3672 |
284 |
|
|
2015-07-02 |
2017-09-21 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Admin Framework in Apple OS X before 10.10.4 does not properly handle authentication errors, which allows local users to obtain admin privileges via unspecified vectors. |
289 |
CVE-2015-3671 |
284 |
|
Bypass |
2015-07-02 |
2017-09-21 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Admin Framework in Apple OS X before 10.10.4 does not properly verify XPC entitlements, which allows local users to bypass authentication and obtain admin privileges via unspecified vectors. |
290 |
CVE-2015-3669 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3665. |
291 |
CVE-2015-3668 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3666, and CVE-2015-3667. |
292 |
CVE-2015-3667 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3666, and CVE-2015-3668. |
293 |
CVE-2015-3666 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3667, and CVE-2015-3668. |
294 |
CVE-2015-3663 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668. |
295 |
CVE-2015-3662 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668. |
296 |
CVE-2015-3661 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3662, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668. |
297 |
CVE-2015-3659 |
264 |
|
DoS Exec Code |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. |
298 |
CVE-2015-3658 |
254 |
|
Bypass CSRF |
2015-07-02 |
2016-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site. |
299 |
CVE-2015-3416 |
119 |
|
DoS Overflow |
2015-04-24 |
2017-01-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. |
300 |
CVE-2015-3415 |
20 |
|
DoS |
2015-04-24 |
2017-01-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. |