Apple macOS vulnerabilities

CVE-2015-3148 [MEDIUM] CWE-284 CVE-2015-3148: cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, w cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

CVE-2015-1132 [CRITICAL] CVE-2015-1132: fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privilege fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.

CVE-2015-1133 [HIGH] CVE-2015-1133: fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privilege fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135.

CVE-2015-1135 [HIGH] CVE-2015-1135: fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privilege fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134.

CVE-2015-1095 [HIGH] CVE-2015-1095: IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physi IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.

CVE-2015-1131 [HIGH] CWE-20 CVE-2015-1131: fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privilege fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.

CVE-2015-1134 [HIGH] CVE-2015-1134: fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privilege fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135.

CVE-2015-1098 [HIGH] CWE-119 CVE-2015-1098: iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbit iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.

CVE-2015-1144 [HIGH] CWE-119 CVE-2015-1144: Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local us Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier.

CVE-2015-1102 [HIGH] CWE-20 CVE-2015-1102: The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not prop The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.

CVE-2015-1140 [HIGH] CWE-119 CVE-2015-1140: Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges vi Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors.

CVE-2015-1143 [HIGH] CVE-2015-1143: LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted loca LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue.

CVE-2015-1130 [HIGH] CWE-59 CVE-2015-1130: The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.

CVE-2015-1103 [HIGH] CWE-20 CVE-2015-1103: The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet.

CVE-2015-1137 [HIGH] CVE-2015-1137: The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cau The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type.

CVE-2015-1089 [MEDIUM] CWE-200 CVE-2015-1089: CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies dur CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

CVE-2015-1101 [MEDIUM] CVE-2015-1101: The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attack The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2015-1093 [MEDIUM] CVE-2015-1093: FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

CVE-2015-1105 [MEDIUM] CWE-20 CVE-2015-1105: The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple T The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.

CVE-2015-1138 [MEDIUM] CWE-20 CVE-2015-1138: Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecif Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors.