Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-1095 |
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device. Published: April 10, 2015; 10:59:11 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2015-1093 |
FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. Published: April 10, 2015; 10:59:09 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-1091 |
The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Published: April 10, 2015; 10:59:07 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1089 |
CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Published: April 10, 2015; 10:59:05 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1088 |
CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site. Published: April 10, 2015; 10:59:04 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-2787 |
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. Published: March 30, 2015; 6:59:15 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-2348 |
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. Published: March 30, 2015; 6:59:14 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-2301 |
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. Published: March 30, 2015; 6:59:10 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1352 |
The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. Published: March 30, 2015; 6:59:08 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1351 |
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Published: March 30, 2015; 6:59:07 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1069 |
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. Published: March 18, 2015; 6:59:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-0342 |
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0341. Published: March 13, 2015; 1:59:09 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-0341 |
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0342. Published: March 13, 2015; 1:59:08 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-0340 |
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass intended file-upload restrictions via unspecified vectors. Published: March 13, 2015; 1:59:08 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-0339 |
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0335. Published: March 13, 2015; 1:59:06 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-0338 |
Integer overflow in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors. Published: March 13, 2015; 1:59:06 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-0337 |
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Published: March 13, 2015; 1:59:05 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-0336 |
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0334. Published: March 13, 2015; 1:59:04 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2015-0335 |
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0339. Published: March 13, 2015; 1:59:03 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-0334 |
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0336. Published: March 13, 2015; 1:59:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |