Max CVSS 10.0 Min CVSS 1.9 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2014-9709 5.0
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperl
09-11-2022 - 03:04 30-03-2015 - 10:59
CVE-2015-3415 7.5
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact v
16-08-2022 - 13:33 24-04-2015 - 17:59
CVE-2015-3414 7.5
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other im
16-08-2022 - 13:32 24-04-2015 - 17:59
CVE-2015-3416 7.5
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-b
16-08-2022 - 13:28 24-04-2015 - 17:59
CVE-2015-3330 6.8
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or p
27-12-2019 - 16:08 09-06-2015 - 18:59
CVE-2015-5922 10.0
Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors.
23-04-2019 - 19:29 09-10-2015 - 05:59
CVE-2015-5889 7.2
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.
24-12-2016 - 02:59 09-10-2015 - 05:59
CVE-2015-5833 7.2
The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation.
09-12-2016 - 16:47 09-10-2015 - 05:59
CVE-2015-5830 7.2
The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877.
09-12-2016 - 16:47 09-10-2015 - 05:59
CVE-2015-5864 2.1
IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
09-12-2016 - 16:43 09-10-2015 - 05:59
CVE-2015-5853 3.3
AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors.
09-12-2016 - 16:42 09-10-2015 - 05:59
CVE-2015-5854 2.1
The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors.
09-12-2016 - 16:42 09-10-2015 - 05:59
CVE-2015-5836 4.3
Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app.
09-12-2016 - 16:42 09-10-2015 - 05:59
CVE-2015-5849 6.8
The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection.
09-12-2016 - 16:42 09-10-2015 - 05:59
CVE-2015-5870 2.1
The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors.
09-12-2016 - 16:42 09-10-2015 - 05:59
CVE-2015-5865 4.3
IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
09-12-2016 - 16:42 09-10-2015 - 05:59
CVE-2015-5866 9.3
IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
09-12-2016 - 16:42 09-10-2015 - 05:59
CVE-2015-5872 7.2
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890.
09-12-2016 - 16:13 09-10-2015 - 05:59
CVE-2015-5871 7.2
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890.
09-12-2016 - 16:13 09-10-2015 - 05:59
CVE-2015-5873 7.2
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890.
09-12-2016 - 15:50 09-10-2015 - 05:59
CVE-2015-5875 2.1
Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text.
09-12-2016 - 15:49 09-10-2015 - 05:59
CVE-2015-5878 2.1
Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors.
09-12-2016 - 15:34 09-10-2015 - 05:59
CVE-2015-5877 7.2
The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830.
09-12-2016 - 15:34 09-10-2015 - 05:59
CVE-2015-7760 5.0
libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different
08-12-2016 - 03:14 09-10-2015 - 05:59
CVE-2015-5914 4.7
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. N
08-12-2016 - 03:11 09-10-2015 - 05:59
CVE-2015-5902 4.9
The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors.
08-12-2016 - 03:11 09-10-2015 - 05:59
CVE-2015-5917 5.0
The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated b
08-12-2016 - 03:11 09-10-2015 - 05:59
CVE-2015-5913 6.8
Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request.
08-12-2016 - 03:11 09-10-2015 - 05:59
CVE-2015-5897 4.6
The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework.
08-12-2016 - 03:11 09-10-2015 - 05:59
CVE-2015-5915 5.0
Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors.
08-12-2016 - 03:11 09-10-2015 - 05:59
CVE-2015-5887 10.0
The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecifie
08-12-2016 - 03:11 09-10-2015 - 05:59
CVE-2015-5901 2.1
The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive.
08-12-2016 - 03:11 09-10-2015 - 05:59
CVE-2015-5884 3.3
The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail mess
08-12-2016 - 03:11 09-10-2015 - 05:59
CVE-2015-5890 7.2
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873.
08-12-2016 - 03:11 09-10-2015 - 05:59
CVE-2015-5900 7.1
The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address.
08-12-2016 - 03:11 09-10-2015 - 05:59
CVE-2015-5894 4.3
The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof end
08-12-2016 - 03:11 09-10-2015 - 05:59
CVE-2015-5883 5.0
The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a cra
08-12-2016 - 03:11 09-10-2015 - 05:59
CVE-2015-5893 2.1
SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
08-12-2016 - 03:11 09-10-2015 - 05:59
CVE-2015-5891 7.2
The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
08-12-2016 - 03:11 09-10-2015 - 05:59
CVE-2015-5888 7.2
The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file.
08-12-2016 - 03:11 09-10-2015 - 05:59
CVE-2015-5522 6.8
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.
08-12-2016 - 03:10 11-08-2015 - 14:59
CVE-2015-5523 4.3
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
08-12-2016 - 03:10 11-08-2015 - 14:59
CVE-2015-3785 1.9
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.
08-12-2016 - 03:08 09-10-2015 - 05:59
CVE-2013-3951 4.6
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a prog
08-12-2016 - 03:03 05-06-2013 - 14:39
Back to Top Mark selected
Back to Top