Apple macOS vulnerabilities

3,139 known vulnerabilities affecting apple/mac_os_x.

Total CVEs

3,139

CISA KEV

actively exploited

Public exploits

277

Exploited in wild

Severity breakdown

CRITICAL302HIGH1409MEDIUM1236LOW192

Vulnerabilities

Page 94 of 157

CVE-2015-5775HIGHCVSS 7.5≤ 10.10.42015-08-17

CVE-2015-5775 [HIGH] CVE-2015-5775: FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbi FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.

nvd

CVE-2015-3797HIGHCVSS 7.5≤ 10.10.42015-08-17

CVE-2015-3797 [HIGH] CVE-2015-3797: The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent a The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3798.

nvd

CVE-2015-3804HIGHCVSS 7.5≤ 10.10.42015-08-17

CVE-2015-3804 [HIGH] CWE-119 CVE-2015-3804: FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbi FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775.

nvd

CVE-2015-3803HIGHCVSS 7.2≤ 10.10.42015-08-17

CVE-2015-3803 [HIGH] CWE-20 CVE-2015-3803: Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file.

nvd

CVE-2015-5750HIGHCVSS 7.5≤ 10.10.42015-08-17

CVE-2015-5750 [HIGH] CWE-119 CVE-2015-5750: Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cau Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode characters.

nvd

CVE-2015-3805HIGHCVSS 7.2≤ 10.10.42015-08-17

CVE-2015-3805 [HIGH] CVE-2015-3805: Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.

nvd

CVE-2015-3796HIGHCVSS 7.5PoC≤ 10.10.42015-08-17

CVE-2015-3796 [HIGH] CWE-119 CVE-2015-3796: The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent a The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3797 and CVE-2015-3798.

nvd

CVE-2015-3800HIGHCVSS 7.2≤ 10.10.42015-08-17

CVE-2015-3800 [HIGH] CWE-119 CVE-2015-3800: The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gai The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.

nvd

CVE-2015-3798HIGHCVSS 7.5PoC≤ 10.10.42015-08-17

CVE-2015-3798 [HIGH] CVE-2015-3798: The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent a The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3797.

nvd

CVE-2015-3806HIGHCVSS 7.2≤ 10.10.42015-08-17

CVE-2015-3806 [HIGH] CWE-284 CVE-2015-3806: Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.

nvd

CVE-2015-5763HIGHCVSS 7.2≤ 10.10.42015-08-17

CVE-2015-5763 [HIGH] CWE-119 CVE-2015-5763: ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

nvd

CVE-2015-5778MEDIUMCVSS 6.8≤ 10.10.42015-08-17

CVE-2015-5778 [MEDIUM] CVE-2015-5778: CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to exec CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.

nvd

CVE-2015-5755MEDIUMCVSS 6.8≤ 10.10.42015-08-17

CVE-2015-5755 [MEDIUM] CWE-119 CVE-2015-5755: CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitr CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.

nvd

CVE-2015-5777MEDIUMCVSS 6.8≤ 10.10.42015-08-17

CVE-2015-5777 [MEDIUM] CWE-119 CVE-2015-5777: CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to exec CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778.

nvd

CVE-2015-5768MEDIUMCVSS 4.3≤ 10.10.42015-08-17

CVE-2015-5768 [MEDIUM] CWE-200 CVE-2015-5768: AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

nvd

CVE-2015-5773MEDIUMCVSS 6.8≤ 10.10.42015-08-17

CVE-2015-5773 [MEDIUM] CWE-119 CVE-2015-5773: QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbit QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document.

nvd

CVE-2015-5758MEDIUMCVSS 6.8≤ 10.10.42015-08-17

CVE-2015-5758 [MEDIUM] CWE-119 CVE-2015-5758: ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitra ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.

nvd

CVE-2015-5761MEDIUMCVSS 6.8≤ 10.10.42015-08-17

CVE-2015-5761 [MEDIUM] CVE-2015-5761: CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitr CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.

nvd

CVE-2015-5772MEDIUMCVSS 6.8≤ 10.10.42015-08-17

CVE-2015-5772 [MEDIUM] CWE-119 CVE-2015-5772: Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execu Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file.

nvd

CVE-2015-5771MEDIUMCVSS 6.8≤ 10.10.42015-08-17

CVE-2015-5771 [MEDIUM] CWE-119 CVE-2015-5771: Quartz Composer Framework in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary Quartz Composer Framework in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted QuickTime file.

nvd

← Previous94 / 157Next →