Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-1717 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Feb 1, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-1716 1Apple 1Mac Os X May 6, 2026 Feb 1, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-1941 2Apple Mozilla 2Firefox Mac Os X May 6, 2026 Jan 31, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click acti...Show more The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.Show less
CVE-2015-8472 2Apple Libpng 2Libpng Mac Os X May 6, 2026 Jan 21, 2016 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of s...Show more Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.Show less
CVE-2016-0778 5Apple HpOpenbsd+2 more 6Linux Mac Os XOpenssh+3 more May 29, 2026 Jan 14, 2016 N/A· v4 8.1 HIGH· v3 4.6 MEDIUM· v2 The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection fi...Show more The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.Show less
CVE-2016-0777 5Apple HpOpenbsd+2 more 6Linux Mac Os XOpenssh+3 more May 29, 2026 Jan 14, 2016 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buff...Show more The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.Show less
CVE-2015-8659 2Apple Nghttp2 5Iphone Os Mac Os XNghttp2+2 more May 6, 2026 Jan 12, 2016 N/A· v4 10.0 CRITICAL· v3 10.0 HIGH· v2 The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.
CVE-2015-7024 1Apple 1Mac Os X May 6, 2026 Jan 11, 2016 N/A· v4 6.7 MEDIUM· v3 6.9 MEDIUM· v2 Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by...Show more Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature.Show less
CVE-2015-6980 1Apple 1Mac Os X May 6, 2026 Jan 11, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors.
CVE-2015-7116 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Jan 10, 2016 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different v...Show more libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115.Show less
CVE-2015-7115 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Jan 10, 2016 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different v...Show more libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116.Show less
CVE-2015-8242 5Apple CanonicalHp+2 more 12Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Server+9 more May 6, 2026 Dec 15, 2015 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash)...Show more The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.Show less
CVE-2015-7500 6Apple CanonicalDebian+3 more 13Debian Linux Enterprise Linux DesktopEnterprise Linux Hpc Node+10 more May 6, 2026 Dec 15, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and...Show more The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.Show less
CVE-2015-7499 7Apple CanonicalDebian+4 more 15Debian Linux Enterprise Linux DesktopEnterprise Linux Hpc Node+12 more May 6, 2026 Dec 15, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
CVE-2015-5312 6Apple CanonicalDebian+3 more 13Debian Linux Enterprise Linux DesktopEnterprise Linux Hpc Node+10 more May 6, 2026 Dec 15, 2015 N/A· v4 N/A· v3 7.1 HIGH· v2 The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted...Show more The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.Show less
CVE-2015-7804 2Apple Php 2Mac Os X Php May 6, 2026 Dec 11, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application c...Show more Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.Show less
CVE-2015-7803 2Apple Php 2Mac Os X Php May 6, 2026 Dec 11, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with...Show more The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.Show less
CVE-2015-7112 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Dec 11, 2015 N/A· v4 N/A· v3 9.3 HIGH· v2 The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption...Show more The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7111.Show less
CVE-2015-7111 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Dec 11, 2015 N/A· v4 N/A· v3 9.3 HIGH· v2 The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption...Show more The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7112.Show less
CVE-2015-7110 1Apple 2Iphone Os Mac Os X May 6, 2026 Dec 11, 2015 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image.

Previous 1...848586...161 Next