Filtered by vendor Apple
Subscriptions
Filtered by product Mac Os X
Subscriptions
Total
5567 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5859 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | N/A |
| The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2015-5854 | 1 Apple | 1 Mac Os X | 2024-11-21 | N/A |
| The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors. | ||||
| CVE-2015-5853 | 1 Apple | 1 Mac Os X | 2024-11-21 | N/A |
| AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors. | ||||
| CVE-2015-5851 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | N/A |
| The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack. | ||||
| CVE-2015-5849 | 1 Apple | 1 Mac Os X | 2024-11-21 | N/A |
| The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection. | ||||
| CVE-2015-5847 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-11-21 | N/A |
| The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| CVE-2015-5842 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-11-21 | N/A |
| XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors. | ||||
| CVE-2015-5841 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-11-21 | N/A |
| The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. | ||||
| CVE-2015-5840 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-11-21 | N/A |
| The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data. | ||||
| CVE-2015-5839 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-11-21 | N/A |
| dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file. | ||||
| CVE-2015-5836 | 1 Apple | 1 Mac Os X | 2024-11-21 | N/A |
| Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app. | ||||
| CVE-2015-5833 | 1 Apple | 1 Mac Os X | 2024-11-21 | N/A |
| The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation. | ||||
| CVE-2015-5831 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | N/A |
| NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app. | ||||
| CVE-2015-5830 | 1 Apple | 1 Mac Os X | 2024-11-21 | N/A |
| The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877. | ||||
| CVE-2015-5824 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-11-21 | N/A |
| The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2015-5784 | 1 Apple | 1 Mac Os X | 2024-11-21 | N/A |
| runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | ||||
| CVE-2015-5783 | 1 Apple | 1 Mac Os X | 2024-11-21 | N/A |
| IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3770. | ||||
| CVE-2015-5782 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | N/A |
| ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image. | ||||
| CVE-2015-5781 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | N/A |
| ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image. | ||||
| CVE-2015-5779 | 1 Apple | 2 Mac Os X, Quicktime | 2024-11-21 | N/A |
| QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5753. | ||||