Apple macOS vulnerabilities

CVE-2015-3773 [HIGH] CWE-119 CVE-2015-3773: The SMB client in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cau The SMB client in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

CVE-2015-3780 [MEDIUM] CWE-200 CVE-2015-3780: The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel mem The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

CVE-2015-3764 [MEDIUM] CWE-200 CVE-2015-3764: Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, w Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, which allows attackers to read arbitrary notifications via a crafted app.

CVE-2015-3786 [MEDIUM] CWE-200 CVE-2015-3786: The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired devices via a crafted app.

CVE-2015-3784 [MEDIUM] CWE-200 CVE-2015-3784: Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbi Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVE-2015-3782 [MEDIUM] CWE-200 CVE-2015-3782: CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.

CVE-2015-3766 [MEDIUM] CWE-200 CVE-2015-3766: The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_por The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app.

CVE-2015-3762 [MEDIUM] CWE-200 CVE-2015-3762: The Text Formats component in Apple OS X before 10.10.5, as used in TextEdit, allows remote attacker The Text Formats component in Apple OS X before 10.10.5, as used in TextEdit, allows remote attackers to read arbitrary files via a text file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVE-2015-3781 [MEDIUM] CWE-79 CVE-2015-3781: Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote at Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search.

CVE-2015-3774 [MEDIUM] CWE-20 CVE-2015-3774: The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle a The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream.

CVE-2015-3757 [LOW] CWE-284 CVE-2015-3757: Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, whi Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane.

CVE-2015-3778 [LOW] CWE-200 CVE-2015-3778: bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentiall bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.

CVE-2015-3787 [LOW] CWE-20 CVE-2015-3787: The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of se The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets.

CVE-2015-1819 [MEDIUM] CWE-399 CVE-2015-1819: The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) vi The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

CVE-2015-5523 [MEDIUM] CWE-119 CVE-2015-5523: The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial o The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

CVE-2015-5522 [MEDIUM] CWE-119 CVE-2015-5522: Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.

CVE-2015-0253 [MEDIUM] CVE-2015-0253: The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initia The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400

CVE-2015-3185 [MEDIUM] CWE-264 CVE-2015-3185: The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the pres

CVE-2015-3683 [CRITICAL] CWE-119 CVE-2015-3683: The Bluetooth HCI interface implementation in Apple OS X before 10.10.4 allows attackers to execute The Bluetooth HCI interface implementation in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2015-3693 [CRITICAL] CWE-254 CVE-2015-3693: Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locatio