Total
5568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5872 | 1 Apple | 1 Mac Os X | 2016-12-09 | 7.2 HIGH | N/A |
| IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890. | |||||
| CVE-2015-5871 | 1 Apple | 1 Mac Os X | 2016-12-09 | 7.2 HIGH | N/A |
| IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890. | |||||
| CVE-2015-5873 | 1 Apple | 1 Mac Os X | 2016-12-09 | 7.2 HIGH | N/A |
| IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890. | |||||
| CVE-2015-5875 | 1 Apple | 1 Mac Os X | 2016-12-09 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text. | |||||
| CVE-2015-5877 | 1 Apple | 1 Mac Os X | 2016-12-09 | 7.2 HIGH | N/A |
| The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830. | |||||
| CVE-2015-5878 | 1 Apple | 1 Mac Os X | 2016-12-09 | 2.1 LOW | N/A |
| Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-7760 | 1 Apple | 1 Mac Os X | 2016-12-08 | 5.0 MEDIUM | N/A |
| libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different vulnerability than CVE-2015-7761. | |||||
| CVE-2015-5902 | 1 Apple | 1 Mac Os X | 2016-12-08 | 4.9 MEDIUM | N/A |
| The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors. | |||||
| CVE-2015-5901 | 1 Apple | 1 Mac Os X | 2016-12-08 | 2.1 LOW | N/A |
| The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive. | |||||
| CVE-2015-5888 | 1 Apple | 1 Mac Os X | 2016-12-08 | 7.2 HIGH | N/A |
| The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file. | |||||
| CVE-2015-5894 | 1 Apple | 1 Mac Os X | 2016-12-08 | 4.3 MEDIUM | N/A |
| The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. | |||||
| CVE-2015-5900 | 1 Apple | 1 Mac Os X | 2016-12-08 | 7.1 HIGH | N/A |
| The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address. | |||||
| CVE-2015-5897 | 1 Apple | 1 Mac Os X | 2016-12-08 | 4.6 MEDIUM | N/A |
| The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework. | |||||
| CVE-2015-5884 | 1 Apple | 1 Mac Os X | 2016-12-08 | 3.3 LOW | N/A |
| The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment. | |||||
| CVE-2015-5915 | 1 Apple | 1 Mac Os X | 2016-12-08 | 5.0 MEDIUM | N/A |
| Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors. | |||||
| CVE-2015-5914 | 1 Apple | 1 Mac Os X | 2016-12-08 | 4.7 MEDIUM | N/A |
| The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498. | |||||
| CVE-2015-5917 | 2 Apple, Netbsd | 2 Mac Os X, Tnftpd | 2016-12-08 | 5.0 MEDIUM | N/A |
| The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring. | |||||
| CVE-2015-5893 | 1 Apple | 1 Mac Os X | 2016-12-08 | 2.1 LOW | N/A |
| SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | |||||
| CVE-2015-5887 | 1 Apple | 1 Mac Os X | 2016-12-08 | 10.0 HIGH | N/A |
| The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data. | |||||
| CVE-2015-5891 | 1 Apple | 1 Mac Os X | 2016-12-08 | 7.2 HIGH | N/A |
| The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||||