Search Results (Refine Search)
- CPE Product Version: cpe:/o:apple:mac_os_x:10.2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-5876 |
dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Published: September 18, 2015; 8:00:17 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2015-5874 |
CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. Published: September 18, 2015; 8:00:16 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-5869 |
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. Published: September 18, 2015; 8:00:15 AM -0400 |
V3.x:(not available) V2.0: 3.3 LOW |
CVE-2015-5868 |
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903. Published: September 18, 2015; 8:00:14 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2015-5863 |
IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors. Published: September 18, 2015; 8:00:11 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-5862 |
The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file. Published: September 18, 2015; 8:00:10 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-5851 |
The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack. Published: September 18, 2015; 7:00:04 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-5847 |
The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. Published: September 18, 2015; 7:00:01 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2015-5842 |
XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors. Published: September 18, 2015; 6:59:56 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-5841 |
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. Published: September 18, 2015; 6:59:55 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5840 |
The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data. Published: September 18, 2015; 6:59:54 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5839 |
dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file. Published: September 18, 2015; 6:59:53 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5831 |
NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app. Published: September 18, 2015; 6:59:48 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5824 |
The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Published: September 18, 2015; 6:59:43 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-8611 |
The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application. Published: September 18, 2015; 6:59:00 AM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2015-6908 |
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. Published: September 11, 2015; 12:59:12 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-6563 |
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. Published: August 23, 2015; 9:59:00 PM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2015-5784 |
runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app. Published: August 16, 2015; 8:01:12 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2015-5783 |
IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3770. Published: August 16, 2015; 8:01:10 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2015-5782 |
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image. Published: August 16, 2015; 8:01:08 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |