Search Results (Refine Search)
- CPE Product Version: cpe:/o:apple:mac_os_x:10.0.2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-3307 |
The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive. Published: June 09, 2015; 2:59:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-2783 |
ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. Published: June 09, 2015; 2:59:00 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2015-1157 |
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message. Published: May 27, 2015; 9:59:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2014-8147 |
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. Published: May 25, 2015; 6:59:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-8146 |
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. Published: May 25, 2015; 6:59:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-4000 |
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. Published: May 20, 2015; 8:59:00 PM -0400 |
V3.0: 3.7 LOW V2.0: 4.3 MEDIUM |
CVE-2015-3416 |
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. Published: April 24, 2015; 1:59:02 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-3143 |
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. Published: April 24, 2015; 10:59:08 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1148 |
Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file. Published: April 10, 2015; 10:59:58 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1147 |
Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network. Published: April 10, 2015; 10:59:57 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1146 |
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145. Published: April 10, 2015; 10:59:56 AM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2015-1145 |
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146. Published: April 10, 2015; 10:59:55 AM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2015-1144 |
Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier. Published: April 10, 2015; 10:59:54 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2015-1143 |
LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue. Published: April 10, 2015; 10:59:53 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2015-1142 |
LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data. Published: April 10, 2015; 10:59:53 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-1141 |
The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors. Published: April 10, 2015; 10:59:52 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2015-1140 |
Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors. Published: April 10, 2015; 10:59:51 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2015-1139 |
ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file. Published: April 10, 2015; 10:59:50 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-1138 |
Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors. Published: April 10, 2015; 10:59:49 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2015-1137 |
The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type. Published: April 10, 2015; 10:59:48 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |