Apple

macOS X

3207 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2015-1095

  • EPSS 0.22%
  • Published 10.04.2015 14:59:11
  • Last modified 12.04.2025 10:46:40

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.

6.8

CVE-2015-1093

  • EPSS 2.49%
  • Published 10.04.2015 14:59:09
  • Last modified 12.04.2025 10:46:40

FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

4.3

CVE-2015-1091

  • EPSS 0.5%
  • Published 10.04.2015 14:59:07
  • Last modified 12.04.2025 10:46:40

The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a craf...

5

CVE-2015-1089

  • EPSS 0.5%
  • Published 10.04.2015 14:59:05
  • Last modified 12.04.2025 10:46:40

CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

6.8

CVE-2015-1088

  • EPSS 1.64%
  • Published 10.04.2015 14:59:04
  • Last modified 12.04.2025 10:46:40

CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.

7.5

CVE-2015-2787

Exploit
  • EPSS 36.43%
  • Published 30.03.2015 10:59:15
  • Last modified 12.04.2025 10:46:40

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call th...

5

CVE-2015-2348

Exploit
  • EPSS 7.24%
  • Published 30.03.2015 10:59:14
  • Last modified 12.04.2025 10:46:40

The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extens...

7.5

CVE-2015-2301

Exploit
  • EPSS 17.29%
  • Published 30.03.2015 10:59:10
  • Last modified 12.04.2025 10:46:40

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an a...

5

CVE-2015-1352

Exploit
  • EPSS 23.74%
  • Published 30.03.2015 10:59:08
  • Last modified 12.04.2025 10:46:40

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and applicat...

7.5

CVE-2015-1351

Exploit
  • EPSS 17.77%
  • Published 30.03.2015 10:59:07
  • Last modified 12.04.2025 10:46:40

Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.