National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.6.1
There are 2,890 matching records.
Displaying matches 1621 through 1640.
Vuln ID Summary CVSS Severity
CVE-2015-5927

FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5942.

Published: October 23, 2015; 05:59:03 PM -04:00
    V2: 6.8 MEDIUM
CVE-2015-5926

The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5925.

Published: October 23, 2015; 05:59:02 PM -04:00
    V2: 6.8 MEDIUM
CVE-2015-5925

The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926.

Published: October 23, 2015; 05:59:01 PM -04:00
    V2: 6.8 MEDIUM
CVE-2015-5924

The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Published: October 23, 2015; 05:59:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2015-7035

Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors.

Published: October 23, 2015; 06:59:17 AM -04:00
    V2: 7.5 HIGH
CVE-2015-7017

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.

Published: October 23, 2015; 06:59:12 AM -04:00
    V2: 7.5 HIGH
CVE-2015-6992

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.

Published: October 23, 2015; 06:59:06 AM -04:00
    V2: 7.5 HIGH
CVE-2015-6975

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.

Published: October 23, 2015; 06:59:00 AM -04:00
    V2: 7.5 HIGH
CVE-2015-7761

Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760.

Published: October 09, 2015; 01:59:41 AM -04:00
    V2: 5.0 MEDIUM
CVE-2015-7760

libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different vulnerability than CVE-2015-7761.

Published: October 09, 2015; 01:59:40 AM -04:00
    V2: 5.0 MEDIUM
CVE-2015-5922

Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors.

Published: October 09, 2015; 01:59:38 AM -04:00
    V2: 10.0 HIGH
CVE-2015-5915

Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors.

Published: October 09, 2015; 01:59:34 AM -04:00
    V2: 5.0 MEDIUM
CVE-2015-5914

The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498.

Published: October 09, 2015; 01:59:32 AM -04:00
    V2: 4.7 MEDIUM
CVE-2015-5913

Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request.

Published: October 09, 2015; 01:59:31 AM -04:00
    V2: 6.8 MEDIUM
CVE-2015-5902

The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors.

Published: October 09, 2015; 01:59:30 AM -04:00
    V2: 4.9 MEDIUM
CVE-2015-5901

The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive.

Published: October 09, 2015; 01:59:29 AM -04:00
    V2: 2.1 LOW
CVE-2015-5900

The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address.

Published: October 09, 2015; 01:59:28 AM -04:00
    V2: 7.1 HIGH
CVE-2015-5897

The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework.

Published: October 09, 2015; 01:59:28 AM -04:00
    V2: 4.6 MEDIUM
CVE-2015-5894

The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate.

Published: October 09, 2015; 01:59:27 AM -04:00
    V2: 4.3 MEDIUM
CVE-2015-5893

SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

Published: October 09, 2015; 01:59:26 AM -04:00
    V2: 2.1 LOW