Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-3757 1Apple 1Mac Os X May 6, 2026 Aug 16, 2015 N/A· v4 N/A· v3 2.1 LOW· v2 Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane.
CVE-2013-7422 2Apple Perl 2Mac Os X Perl May 6, 2026 Aug 16, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) v...Show more Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.Show less
CVE-2015-1819 8Apple CanonicalDebian+5 more 12Debian Linux Enterprise LinuxFedora+9 more May 6, 2026 Aug 14, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
CVE-2015-5523 4Apple CanonicalDebian+1 more 6Debian Linux Iphone OsMac Os X+3 more May 6, 2026 Aug 11, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memo...Show more The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.Show less
CVE-2015-5522 4Apple CanonicalDebian+1 more 6Debian Linux Iphone OsMac Os X+3 more May 6, 2026 Aug 11, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.
CVE-2015-3185 3Apache AppleCanonical 5Http Server Mac Os XMac Os X Server+2 more May 6, 2026 Jul 20, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authenticatio...Show more The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.Show less
CVE-2015-0253 3Apache AppleOracle 5Http Server LinuxMac Os X+2 more May 6, 2026 Jul 20, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference...Show more The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.Show less
CVE-2015-3727 1Apple 3Iphone Os Mac Os XSafari May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attacker...Show more WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site.Show less
CVE-2015-3721 1Apple 2Iphone Os Mac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app.
CVE-2015-3720 1Apple 1Mac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The kernel in Apple OS X before 10.10.4 does not properly manage memory in kernel-extension APIs, which allows attackers to obtain sensitive memory-layout information via a crafted app.
CVE-2015-3719 1Apple 2Iphone Os Mac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnera...Show more TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694.Show less
CVE-2015-3718 1Apple 1Mac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd...Show more systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a "type confusion" issue.Show less
CVE-2015-3717 2Apple Sqlite 3Iphone Os Mac Os XSqlite May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash)...Show more Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.Show less
CVE-2015-3716 1Apple 1Mac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 4.4 MEDIUM· v2 Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library.
CVE-2015-3715 1Apple 1Mac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrictions via a crafted li...Show more The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrictions via a crafted library.Show less
CVE-2015-3714 1Apple 1Mac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Apple OS X before 10.10.4 does not properly consider custom resource rules during app signature verification, which allows attackers to bypass intended launch restrictions via a modified app.
CVE-2015-3713 1Apple 2Mac Os X Quicktime May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file.
CVE-2015-3712 1Apple 1Mac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 9.3 HIGH· v2 The NVIDIA graphics driver in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds write) via a crafted app.
CVE-2015-3711 1Apple 1Mac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The NTFS implementation in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
CVE-2015-3710 1Apple 2Iphone Os Mac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message.

Previous 1...969798...161 Next