Apple

macOS X

3207 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2015-5841

  • EPSS 0.62%
  • Published 18.09.2015 10:59:55
  • Last modified 12.04.2025 10:46:40

The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.

5

CVE-2015-5840

  • EPSS 0.92%
  • Published 18.09.2015 10:59:54
  • Last modified 12.04.2025 10:46:40

The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data.

5

CVE-2015-5839

  • EPSS 0.56%
  • Published 18.09.2015 10:59:53
  • Last modified 12.04.2025 10:46:40

dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file.

5

CVE-2015-5831

  • EPSS 0.52%
  • Published 18.09.2015 10:59:48
  • Last modified 12.04.2025 10:46:40

NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app.

4.3

CVE-2015-5824

  • EPSS 0.1%
  • Published 18.09.2015 10:59:43
  • Last modified 12.04.2025 10:46:40

The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive info...

6.9

CVE-2014-8611

  • EPSS 0.11%
  • Published 18.09.2015 10:59:00
  • Last modified 12.04.2025 10:46:40

The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (hea...

5

CVE-2015-6908

Exploit
  • EPSS 73.04%
  • Published 11.09.2015 16:59:12
  • Last modified 12.04.2025 10:46:40

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.

1.9

CVE-2015-6563

  • EPSS 0.09%
  • Published 24.08.2015 01:59:00
  • Last modified 12.04.2025 10:46:40

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjun...

9.3

CVE-2015-5784

  • EPSS 26.21%
  • Published 17.08.2015 00:01:12
  • Last modified 12.04.2025 10:46:40

runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3

CVE-2015-5783

  • EPSS 0.83%
  • Published 17.08.2015 00:01:10
  • Last modified 12.04.2025 10:46:40

IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3770.