Apple macOS vulnerabilities

CVE-2015-5782 [MEDIUM] CWE-200 CVE-2015-5782: ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecifie ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.

CVE-2015-3794 [MEDIUM] CWE-119 CVE-2015-3794: The Speech UI in Apple OS X before 10.10.5, when speech alerts are enabled, allows remote attackers The Speech UI in Apple OS X before 10.10.5, when speech alerts are enabled, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Unicode string.

CVE-2015-5747 [MEDIUM] CWE-399 CVE-2015-5747: The fasttrap driver in the kernel in Apple OS X before 10.10.5 allows local users to cause a denial The fasttrap driver in the kernel in Apple OS X before 10.10.5 allows local users to cause a denial of service (resource consumption) via unspecified vectors.

CVE-2015-5756 [MEDIUM] CVE-2015-5756: FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbi FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775.

CVE-2015-3807 [MEDIUM] CWE-119 CVE-2015-3807: libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitiv libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document.

CVE-2015-5781 [MEDIUM] CWE-200 CVE-2015-5781: ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecifie ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.

CVE-2015-5748 [LOW] CWE-17 CVE-2015-5748: The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local user The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.

CVE-2015-3776 [CRITICAL] CWE-119 CVE-2015-3776: IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code i IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.

CVE-2015-3770 [CRITICAL] CWE-119 CVE-2015-3770: IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5783.

CVE-2015-3768 [CRITICAL] CWE-189 CVE-2015-3768: Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.

CVE-2015-3761 [HIGH] CWE-264 CVE-2015-3761: The kernel in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, whi The kernel in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.

CVE-2015-3775 [HIGH] CWE-287 CVE-2015-3775: Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to ob Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors.

CVE-2015-3771 [HIGH] CVE-2015-3771: IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denia IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3772.

CVE-2013-7422 [HIGH] CWE-189 CVE-2013-7422: Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other p Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.

CVE-2015-3777 [HIGH] CWE-119 CVE-2015-3777: Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow loc Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow local users to gain privileges via XPC messages.

CVE-2015-3772 [HIGH] CVE-2015-3772: IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denia IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3771.

CVE-2015-3760 [HIGH] CWE-20 CVE-2015-3760: dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which all dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.

CVE-2015-3767 [HIGH] CWE-264 CVE-2015-3767: udf in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service udf in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.

CVE-2015-3783 [HIGH] CWE-119 CVE-2015-3783: SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a d SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

CVE-2015-3769 [HIGH] CWE-119 CVE-2015-3769: IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denia IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3771 and CVE-2015-3772.