Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-1352 2Apple Php 2Mac Os X Php May 6, 2026 Mar 30, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL po...Show more The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.Show less
CVE-2015-1351 3Apple OraclePhp 5Linux Mac Os XPhp+2 more May 6, 2026 Mar 30, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified othe...Show more Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Show less
CVE-2015-1069 1Apple 5Iphone Os ItunesMac Os X+2 more May 6, 2026 Mar 18, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted...Show more WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.Show less
CVE-2015-1066 1Apple 1Mac Os X May 6, 2026 Mar 12, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2015-1065 1Apple 2Iphone Os Mac Os X May 6, 2026 Mar 12, 2015 N/A· v4 N/A· v3 5.4 MEDIUM· v2 Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain r...Show more Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.Show less
CVE-2015-1061 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Mar 12, 2015 N/A· v4 N/A· v3 9.3 HIGH· v2 IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialize...Show more IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.Show less
CVE-2015-1067 1Apple 3Iphone Os Mac Os XTvos May 6, 2026 Mar 11, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attac...Show more Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.Show less
CVE-2015-0228 4Apache AppleCanonical+1 more 5Http Server Mac Os XMac Os X Server+2 more May 6, 2026 Mar 8, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Pi...Show more The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.Show less
CVE-2015-1546 3Apple OpenldapOpensuse 3Mac Os X OpenldapOpensuse May 6, 2026 Feb 12, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.
CVE-2014-8839 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e...Show more Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL.Show less
CVE-2014-8838 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revo...Show more The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app.Show less
CVE-2014-8837 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple unspecified vulnerabilities in the Bluetooth driver in Apple OS X before 10.10.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2014-8836 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app.
CVE-2014-8835 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 9.3 HIGH· v2 The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafte...Show more The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue.Show less
CVE-2014-8834 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 2.1 LOW· v2 UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file.
CVE-2014-8833 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 2.1 LOW· v2 SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via...Show more SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query.Show less
CVE-2014-8832 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive.
CVE-2014-8831 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID cert...Show more security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate.Show less
CVE-2014-8830 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file.
CVE-2014-8829 1Apple 1Mac Os X May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.

Previous 1...104105106...161 Next