Apple macOS vulnerabilities

CVE-2015-5879 [MEDIUM] CWE-20 CVE-2015-5879: XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header.

CVE-2014-8611 [MEDIUM] CWE-119 CVE-2014-8611: The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS befor The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application.

CVE-2015-5824 [MEDIUM] CWE-310 CVE-2015-5824: The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly veri The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2015-5885 [MEDIUM] CWE-200 CVE-2015-5885: The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vec The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain.

CVE-2015-5841 [MEDIUM] CWE-74 CVE-2015-5841: The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header w The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.

CVE-2015-5869 [LOW] CWE-20 CVE-2015-5869: The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows r The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

CVE-2015-5863 [LOW] CWE-200 CVE-2015-5863: IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, wh IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors.

CVE-2015-5842 [LOW] CWE-200 CVE-2015-5842: XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors.

CVE-2015-5851 [LOW] CWE-200 CVE-2015-5851: The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not r The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack.

CVE-2015-6908 [MEDIUM] CWE-20 CVE-2015-6908: The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote att The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.

CVE-2015-6563 [LOW] CWE-20 CVE-2015-6563: The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous user The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and mo

CVE-2015-5783 [CRITICAL] CVE-2015-5783: IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3770.

CVE-2015-5754 [CRITICAL] CWE-362 CVE-2015-5754: Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error.

CVE-2015-5757 [CRITICAL] CWE-119 CVE-2015-5757: libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary c libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking.

CVE-2015-5784 [CRITICAL] CWE-264 CVE-2015-5784: runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 d runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

CVE-2015-3795 [CRITICAL] CWE-119 CVE-2015-3795: libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.

CVE-2015-3799 [CRITICAL] CWE-255 CVE-2015-3799: The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passw The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app.

CVE-2015-3802 [HIGH] CWE-20 CVE-2015-3802: Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.

CVE-2015-5774 [HIGH] CWE-119 CVE-2015-5774: Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.

CVE-2015-5776 [HIGH] CWE-119 CVE-2015-5776: Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitra Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.