Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-7001 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Dec 11, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app.
CVE-2015-3195 9Apple CanonicalDebian+6 more 25Api Gateway Communications Webrtc Session ControllerDebian Linux+22 more May 6, 2026 Dec 6, 2015 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which...Show more The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.Show less
CVE-2015-7036 1Apple 2Iphone Os Mac Os X May 6, 2026 Nov 22, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that tr...Show more The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.Show less
CVE-2015-5859 1Apple 2Iphone Os Mac Os X May 6, 2026 Nov 22, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to o...Show more The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.Show less
CVE-2015-8035 4Apple CanonicalDebian+1 more 7Debian Linux Iphone OsLibxml2+4 more May 6, 2026 Nov 18, 2015 N/A· v4 N/A· v3 2.6 LOW· v2 The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
CVE-2015-7942 5Apple CanonicalDebian+2 more 9Debian Linux Icewall Federation AgentIcewall File Manager+6 more May 6, 2026 Nov 18, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out...Show more The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.Show less
CVE-2015-7995 2Apple Xmlsoft 5Iphone Os LibxsltMac Os X+2 more May 6, 2026 Nov 17, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" i...Show more The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.Show less
CVE-2013-5229 1Apple 2Apple Remote Desktop Mac Os X May 6, 2026 Nov 14, 2015 N/A· v4 N/A· v3 3.7 LOW· v2 The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attacke...Show more The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box.Show less
CVE-2015-8126 9Apple CanonicalDebian+6 more 20Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+17 more May 6, 2026 Nov 13, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow r...Show more Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.Show less
CVE-2015-7023 1Apple 2Iphone Os Mac Os X May 6, 2026 Oct 23, 2015 N/A· v4 N/A· v3 5.8 MEDIUM· v2 CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified...Show more CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.Show less
CVE-2015-7021 1Apple 1Mac Os X May 6, 2026 Oct 23, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or cause a denial of service (kernel memory corruption) via unspecified vectors.
CVE-2015-7020 1Apple 1Mac Os X May 6, 2026 Oct 23, 2015 N/A· v4 N/A· v3 5.6 MEDIUM· v2 The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) vi...Show more The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7019.Show less
CVE-2015-7019 1Apple 1Mac Os X May 6, 2026 Oct 23, 2015 N/A· v4 N/A· v3 5.6 MEDIUM· v2 The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) vi...Show more The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7020.Show less
CVE-2015-7018 1Apple 2Iphone Os Mac Os X May 6, 2026 Oct 23, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-20...Show more FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7010.Show less
CVE-2015-7016 1Apple 1Mac Os X May 6, 2026 Oct 23, 2015 N/A· v4 N/A· v3 7.6 HIGH· v2 The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gai...Show more The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app.Show less
CVE-2015-7015 1Apple 3Iphone Os Mac Os XWatchos May 6, 2026 Oct 23, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed con...Show more Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client.Show less
CVE-2015-7013 1Apple 3Iphone Os ItunesMac Os X May 6, 2026 Oct 23, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a di...Show more WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.Show less
CVE-2015-7010 1Apple 2Iphone Os Mac Os X May 6, 2026 Oct 23, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-20...Show more FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7018.Show less
CVE-2015-7009 1Apple 2Iphone Os Mac Os X May 6, 2026 Oct 23, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-20...Show more FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7010, and CVE-2015-7018.Show less
CVE-2015-7008 1Apple 2Iphone Os Mac Os X May 6, 2026 Oct 23, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-20...Show more FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.Show less

Previous 1...878889...161 Next