U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.2.7
There are 2,020 matching records.
Displaying matches 1,381 through 1,400.
Vuln ID Summary CVSS Severity
CVE-2015-5872

IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890.

Published: October 09, 2015; 1:59:14 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-5871

IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890.

Published: October 09, 2015; 1:59:13 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-5870

The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors.

Published: October 09, 2015; 1:59:12 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2015-5866

IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: October 09, 2015; 1:59:11 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2015-5865

IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

Published: October 09, 2015; 1:59:10 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-5864

IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

Published: October 09, 2015; 1:59:09 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2015-5854

The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors.

Published: October 09, 2015; 1:59:08 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2015-5853

AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors.

Published: October 09, 2015; 1:59:07 AM -0400
V3.x:(not available)
V2.0: 3.3 LOW
CVE-2015-5849

The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection.

Published: October 09, 2015; 1:59:06 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-5836

Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app.

Published: October 09, 2015; 1:59:05 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-5833

The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation.

Published: October 09, 2015; 1:59:04 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-5830

The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877.

Published: October 09, 2015; 1:59:03 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-3785

The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.

Published: October 09, 2015; 1:59:00 AM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2015-5912

The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.

Published: September 18, 2015; 8:00:56 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-5903

The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896.

Published: September 18, 2015; 8:00:30 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2015-5899

libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

Published: September 18, 2015; 8:00:28 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-5896

The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5903.

Published: September 18, 2015; 8:00:25 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-5885

The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain.

Published: September 18, 2015; 8:00:22 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-5882

The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges.

Published: September 18, 2015; 8:00:21 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-5879

XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header.

Published: September 18, 2015; 8:00:18 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM