U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.5.6
There are 2,055 matching records.
Displaying matches 1,581 through 1,600.
Vuln ID Summary CVSS Severity
CVE-2015-1131

fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.

Published: April 10, 2015; 10:59:43 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-1130

The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.

Published: April 10, 2015; 10:59:43 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-1118

libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.

Published: April 10, 2015; 10:59:32 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1117

The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app.

Published: April 10, 2015; 10:59:31 AM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2015-1105

The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.

Published: April 10, 2015; 10:59:20 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1104

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.

Published: April 10, 2015; 10:59:20 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1103

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet.

Published: April 10, 2015; 10:59:19 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-1102

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.

Published: April 10, 2015; 10:59:18 AM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2015-1101

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: April 10, 2015; 10:59:17 AM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2015-1100

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app.

Published: April 10, 2015; 10:59:16 AM -0400
V3.x:(not available)
V2.0: 5.4 MEDIUM
CVE-2015-1099

Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.

Published: April 10, 2015; 10:59:15 AM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2015-1098

iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.

Published: April 10, 2015; 10:59:14 AM -0400
V3.1: 7.3 HIGH
V2.0: 6.8 MEDIUM
CVE-2015-1096

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

Published: April 10, 2015; 10:59:12 AM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2015-1095

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.

Published: April 10, 2015; 10:59:11 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-1093

FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

Published: April 10, 2015; 10:59:09 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-1091

The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Published: April 10, 2015; 10:59:07 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-1089

CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Published: April 10, 2015; 10:59:05 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1088

CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.

Published: April 10, 2015; 10:59:04 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-2787

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.

Published: March 30, 2015; 6:59:15 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-2348

The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.

Published: March 30, 2015; 6:59:14 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM