CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities Published In 2015

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2015-1211 264 +Priv 2015-02-06 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI.
352 CVE-2015-1210 264 Bypass 2015-02-06 2017-09-07
5.0
None Remote Low Not required None Partial None
The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
353 CVE-2015-1209 DoS 2015-02-06 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor.
354 CVE-2015-1157 17 DoS 2015-05-27 2016-11-28
7.8
None Remote Low Not required None None Complete
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.
355 CVE-2015-1148 200 +Info 2015-04-10 2015-09-17
5.0
None Remote Low Not required Partial None None
Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file.
356 CVE-2015-1147 200 +Info 2015-04-10 2015-09-17
5.0
None Remote Low Not required Partial None None
Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network.
357 CVE-2015-1146 310 Bypass 2015-04-10 2015-09-17
1.9
None Local Medium Not required None Partial None
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145.
358 CVE-2015-1145 310 Bypass 2015-04-10 2015-09-17
1.9
None Local Medium Not required None Partial None
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146.
359 CVE-2015-1144 119 Overflow +Priv 2015-04-10 2015-09-17
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier.
360 CVE-2015-1143 +Priv 2015-04-10 2015-09-17
7.2
None Local Low Not required Complete Complete Complete
LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue.
361 CVE-2015-1142 20 DoS 2015-04-10 2015-09-17
2.1
None Local Low Not required None None Partial
LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data.
362 CVE-2015-1141 DoS 2015-04-10 2015-09-17
4.9
None Local Low Not required None None Complete
The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors.
363 CVE-2015-1140 119 Overflow +Priv 2015-04-10 2015-09-17
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors.
364 CVE-2015-1139 20 DoS Exec Code Mem. Corr. 2015-04-10 2015-09-17
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file.
365 CVE-2015-1138 20 DoS 2015-04-10 2015-09-17
4.9
None Local Low Not required None None Complete
Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors.
366 CVE-2015-1137 DoS +Priv 2015-04-10 2015-09-17
7.2
None Local Low Not required Complete Complete Complete
The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type.
367 CVE-2015-1136 Exec Code 2015-04-10 2015-09-17
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code by leveraging improper use of a mutex.
368 CVE-2015-1135 20 +Priv 2015-04-10 2015-09-17
7.2
None Local Low Not required Complete Complete Complete
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134.
369 CVE-2015-1134 20 +Priv 2015-04-10 2015-09-17
7.2
None Local Low Not required Complete Complete Complete
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135.
370 CVE-2015-1133 20 +Priv 2015-04-10 2015-09-17
7.2
None Local Low Not required Complete Complete Complete
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135.
371 CVE-2015-1132 20 +Priv 2015-04-10 2015-09-17
10.0
None Remote Low Not required Complete Complete Complete
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
372 CVE-2015-1131 20 +Priv 2015-04-10 2015-09-17
7.2
None Local Low Not required Complete Complete Complete
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
373 CVE-2015-1130 254 Bypass 2015-04-10 2015-09-17
7.2
None Local Low Not required Complete Complete Complete
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
374 CVE-2015-1118 DoS Mem. Corr. 2015-04-10 2015-09-11
5.0
None Remote Low Not required None None Partial
libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.
375 CVE-2015-1117 264 Exec Code 2015-04-10 2016-12-07
6.9
None Local Medium Not required Complete Complete Complete
The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app.
376 CVE-2015-1105 20 DoS 2015-04-10 2016-12-07
5.0
None Remote Low Not required None None Partial
The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.
377 CVE-2015-1104 20 Bypass 2015-04-10 2016-12-07
5.0
None Remote Low Not required None Partial None
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.
378 CVE-2015-1103 20 DoS +Info 2015-04-10 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet.
379 CVE-2015-1102 20 DoS 2015-04-10 2016-12-07
7.1
None Remote Medium Not required None None Complete
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.
380 CVE-2015-1101 DoS Exec Code Mem. Corr. 2015-04-10 2016-12-07
6.9
None Local Medium Not required Complete Complete Complete
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
381 CVE-2015-1100 119 DoS Overflow +Info 2015-04-10 2016-12-07
5.4
None Local Medium Not required Partial None Complete
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app.
382 CVE-2015-1099 362 DoS 2015-04-10 2016-12-07
4.0
None Local High Not required None None Complete
Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.
383 CVE-2015-1098 DoS Exec Code Mem. Corr. 2015-04-10 2017-01-02
6.8
None Remote Medium Not required Partial Partial Partial
iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
384 CVE-2015-1096 200 +Info 2015-04-10 2016-12-07
1.9
None Local Medium Not required Partial None None
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
385 CVE-2015-1095 DoS Exec Code Mem. Corr. 2015-04-10 2015-08-06
7.2
None Local Low Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.
386 CVE-2015-1093 DoS Exec Code Mem. Corr. 2015-04-10 2017-01-02
6.8
None Remote Medium Not required Partial Partial Partial
FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
387 CVE-2015-1091 200 Bypass +Info 2015-04-10 2017-01-02
4.3
None Remote Medium Not required Partial None None
The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
388 CVE-2015-1089 200 Bypass +Info 2015-04-10 2017-01-02
5.0
None Remote Low Not required Partial None None
CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
389 CVE-2015-1088 20 Exec Code 2015-04-10 2017-01-02
6.8
None Remote Medium Not required Partial Partial Partial
CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
390 CVE-2015-1069 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
391 CVE-2015-1067 310 2015-03-10 2017-01-02
4.3
None Remote Medium Not required None Partial None
Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.
392 CVE-2015-1066 189 Exec Code 2015-03-12 2015-09-11
10.0
None Remote Low Not required Complete Complete Complete
Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.
393 CVE-2015-1065 119 Exec Code Overflow 2015-03-12 2016-12-07
5.4
None Local Network Medium Not required Partial Partial Partial
Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.
394 CVE-2015-1061 94 Exec Code 2015-03-12 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.
395 CVE-2015-0973 119 Exec Code Overflow 2015-01-18 2016-10-20
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.
396 CVE-2015-0312 Exec Code 2015-01-28 2017-09-07
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors.
397 CVE-2015-0253 DoS 2015-07-20 2018-01-04
5.0
None Remote Low Not required None None Partial
The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.
398 CVE-2015-0228 20 DoS 2015-03-07 2018-01-04
5.0
None Remote Low Not required None None Partial
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.
399 CVE-2014-9495 119 Exec Code Overflow 2015-01-10 2016-10-17
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
400 CVE-2014-9160 119 Exec Code Overflow 2015-05-13 2017-01-02
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code via unknown vectors.
Total number of vulnerabilities : 444   Page : 1 2 3 4 5 6 7 8 (This Page)9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.