Apple macOS vulnerabilities
3,139 known vulnerabilities affecting apple/mac_os_x.
Total CVEs
3,139
CISA KEV
26
actively exploited
Public exploits
277
Exploited in wild
28
Severity breakdown
CRITICAL302HIGH1409MEDIUM1236LOW192
Vulnerabilities
Page 92 of 157
CVE-2015-5884LOWCVSS 3.3≤ 10.10.52015-10-09
CVE-2015-5884 [LOW] CWE-200 CVE-2015-5884: The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attach
The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment.
nvd
CVE-2015-5854LOWCVSS 2.1≤ 10.10.52015-10-09
CVE-2015-5854 [LOW] CWE-200 CVE-2015-5854: The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain ac
The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors.
nvd
CVE-2015-5864LOWCVSS 2.1≤ 10.10.52015-10-09
CVE-2015-5864 [LOW] CWE-200 CVE-2015-5864: IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout
IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
nvd
CVE-2015-5875LOWCVSS 2.1≤ 10.10.52015-10-09
CVE-2015-5875 [LOW] CWE-79 CVE-2015-5875: Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to i
Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text.
nvd
CVE-2015-5893LOWCVSS 2.1≤ 10.10.52015-10-09
CVE-2015-5893 [LOW] CWE-200 CVE-2015-5893: SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-lay
SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
nvd
CVE-2015-3785LOWCVSS 1.9≤ 10.10.52015-10-09
CVE-2015-3785 [LOW] CVE-2015-3785: The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows l
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.
nvd
CVE-2015-5901LOWCVSS 2.1≤ 10.10.52015-10-09
CVE-2015-5901 [LOW] CWE-200 CVE-2015-5901: The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files,
The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive.
nvd
CVE-2015-5876CRITICALCVSS 9.3≤ 10.10.52015-09-18
CVE-2015-5876 [CRITICAL] CWE-119 CVE-2015-5876: dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged c
dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
nvd
CVE-2015-5903CRITICALCVSS 10.0≤ 10.10.52015-09-18
CVE-2015-5903 [CRITICAL] CVE-2015-5903: The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896.
nvd
CVE-2015-5882HIGHCVSS 7.2≤ 10.10.52015-09-18
CVE-2015-5882 [HIGH] CWE-284 CVE-2015-5882: The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an ent
The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges.
nvd
CVE-2015-5896HIGHCVSS 7.2≤ 10.10.52015-09-18
CVE-2015-5896 [HIGH] CVE-2015-5896: The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5903.
nvd
CVE-2015-5874HIGHCVSS 7.5≤ 10.10.52015-09-18
CVE-2015-5874 [HIGH] CWE-119 CVE-2015-5874: CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary c
CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
nvd
CVE-2015-5899HIGHCVSS 7.2≤ 10.10.52015-09-18
CVE-2015-5899 [HIGH] CWE-119 CVE-2015-5899: libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a deni
libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
nvd
CVE-2015-5868HIGHCVSS 7.2≤ 10.10.52015-09-18
CVE-2015-5868 [HIGH] CWE-119 CVE-2015-5868: The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903.
nvd
CVE-2015-5847HIGHCVSS 7.2≤ 10.10.52015-09-18
CVE-2015-5847 [HIGH] CWE-119 CVE-2015-5847: The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a den
The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
nvd
CVE-2015-5839MEDIUMCVSS 5.0≤ 10.10.52015-09-18
CVE-2015-5839 [MEDIUM] CWE-254 CVE-2015-5839: dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app
dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file.
nvd
CVE-2015-5831MEDIUMCVSS 5.0≤ 10.10.52015-09-18
CVE-2015-5831 [MEDIUM] CWE-200 CVE-2015-5831: NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified dat
NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app.
nvd
CVE-2015-5912MEDIUMCVSS 5.0≤ 10.10.52015-09-18
CVE-2015-5912 [MEDIUM] CWE-17 CVE-2015-5912: The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger
The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.
nvd
CVE-2015-5840MEDIUMCVSS 5.0≤ 10.10.52015-09-18
CVE-2015-5840 [MEDIUM] CWE-119 CVE-2015-5840: The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial
The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data.
nvd
CVE-2015-5862MEDIUMCVSS 4.3≤ 10.10.52015-09-18
CVE-2015-5862 [MEDIUM] CWE-119 CVE-2015-5862: The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memo
The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file.
nvd