Total
5565 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5836 | 1 Apple | 1 Mac Os X | 2016-12-09 | 4.3 MEDIUM | N/A |
| Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app. | |||||
| CVE-2015-5854 | 1 Apple | 1 Mac Os X | 2016-12-09 | 2.1 LOW | N/A |
| The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors. | |||||
| CVE-2015-5849 | 1 Apple | 1 Mac Os X | 2016-12-09 | 6.8 MEDIUM | N/A |
| The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection. | |||||
| CVE-2015-5853 | 1 Apple | 1 Mac Os X | 2016-12-09 | 3.3 LOW | N/A |
| AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors. | |||||
| CVE-2015-5865 | 1 Apple | 1 Mac Os X | 2016-12-09 | 4.3 MEDIUM | N/A |
| IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||||
| CVE-2015-5870 | 1 Apple | 1 Mac Os X | 2016-12-09 | 2.1 LOW | N/A |
| The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors. | |||||
| CVE-2015-5866 | 1 Apple | 1 Mac Os X | 2016-12-09 | 9.3 HIGH | N/A |
| IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2015-5872 | 1 Apple | 1 Mac Os X | 2016-12-09 | 7.2 HIGH | N/A |
| IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890. | |||||
| CVE-2015-5871 | 1 Apple | 1 Mac Os X | 2016-12-09 | 7.2 HIGH | N/A |
| IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890. | |||||
| CVE-2015-5873 | 1 Apple | 1 Mac Os X | 2016-12-09 | 7.2 HIGH | N/A |
| IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890. | |||||
| CVE-2015-5875 | 1 Apple | 1 Mac Os X | 2016-12-09 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text. | |||||
| CVE-2015-5878 | 1 Apple | 1 Mac Os X | 2016-12-09 | 2.1 LOW | N/A |
| Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-5877 | 1 Apple | 1 Mac Os X | 2016-12-09 | 7.2 HIGH | N/A |
| The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830. | |||||
| CVE-2015-7760 | 1 Apple | 1 Mac Os X | 2016-12-08 | 5.0 MEDIUM | N/A |
| libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different vulnerability than CVE-2015-7761. | |||||
| CVE-2015-5917 | 2 Apple, Netbsd | 2 Mac Os X, Tnftpd | 2016-12-08 | 5.0 MEDIUM | N/A |
| The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring. | |||||
| CVE-2015-5915 | 1 Apple | 1 Mac Os X | 2016-12-08 | 5.0 MEDIUM | N/A |
| Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors. | |||||
| CVE-2015-5914 | 1 Apple | 1 Mac Os X | 2016-12-08 | 4.7 MEDIUM | N/A |
| The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498. | |||||
| CVE-2015-5913 | 1 Apple | 1 Mac Os X | 2016-12-08 | 6.8 MEDIUM | N/A |
| Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request. | |||||
| CVE-2015-5902 | 1 Apple | 1 Mac Os X | 2016-12-08 | 4.9 MEDIUM | N/A |
| The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors. | |||||
| CVE-2015-5901 | 1 Apple | 1 Mac Os X | 2016-12-08 | 2.1 LOW | N/A |
| The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive. | |||||