Apple macOS vulnerabilities

CVE-2015-6995 [MEDIUM] CWE-119 CVE-2015-6995: The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which al The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.

CVE-2015-7023 [MEDIUM] CWE-17 CVE-2015-7023: CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-v CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.

CVE-2015-5927 [MEDIUM] CWE-119 CVE-2015-5927: FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote atta FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5942.

CVE-2015-6977 [MEDIUM] CVE-2015-6977: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitr FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

CVE-2015-6976 [MEDIUM] CWE-119 CVE-2015-6976: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitr FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

CVE-2015-6993 [MEDIUM] CVE-2015-6993: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitr FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

CVE-2015-5934 [MEDIUM] CVE-2015-5934: Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a deni Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5933.

CVE-2015-7015 [MEDIUM] CWE-119 CVE-2015-7015: Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client.

CVE-2015-5942 [MEDIUM] CVE-2015-5942: FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote atta FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5927.

CVE-2015-5935 [MEDIUM] CWE-119 CVE-2015-5935: ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attacke ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5936, CVE-2015-5937, and CVE-2015-5939.

CVE-2015-6987 [LOW] CWE-20 CVE-2015-6987: The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of ser The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of service (application crash) via crafted bookmark metadata in a folder.

CVE-2015-5887 [CRITICAL] CWE-17 CVE-2015-5887: The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a C The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data.

CVE-2015-5922 [CRITICAL] CVE-2015-5922: Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Ap Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors.

CVE-2015-5866 [CRITICAL] CWE-119 CVE-2015-5866: IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged co IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2015-5890 [HIGH] CVE-2015-5890: IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of ser IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873.

CVE-2015-5873 [HIGH] CVE-2015-5873: IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of ser IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890.

CVE-2015-5872 [HIGH] CVE-2015-5872: IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of ser IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890.

CVE-2015-5830 [HIGH] CWE-119 CVE-2015-5830: The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877.

CVE-2015-5889 [HIGH] CWE-264 CVE-2015-5889: rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privil rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.

CVE-2015-5871 [HIGH] CWE-119 CVE-2015-5871: IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of ser IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890.