Max CVSS 10.0 Min CVSS 1.9 Total Count100
IDCVSSSummaryLast (major) updatePublished
CVE-2014-3618 7.5
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."
06-01-2017 - 22:00 08-09-2014 - 10:55
CVE-2014-2532 5.8
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
06-01-2017 - 21:59 18-03-2014 - 01:18
CVE-2015-3416 7.5
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-b
02-01-2017 - 22:00 24-04-2015 - 13:59
CVE-2015-3415 7.5
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact v
02-01-2017 - 22:00 24-04-2015 - 13:59
CVE-2015-3414 7.5
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other im
02-01-2017 - 22:00 24-04-2015 - 13:59
CVE-2015-2305 6.8
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary co
02-01-2017 - 21:59 30-03-2015 - 06:59
CVE-2015-0287 5.0
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial o
02-01-2017 - 21:59 19-03-2015 - 18:59
CVE-2015-0286 5.0
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of ser
02-01-2017 - 21:59 19-03-2015 - 18:59
CVE-2015-0235 10.0
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 fu
02-01-2017 - 21:59 28-01-2015 - 14:59
CVE-2014-8090 5.0
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string
02-01-2017 - 21:59 21-11-2014 - 10:59
CVE-2014-8080 5.0
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
02-01-2017 - 21:59 03-11-2014 - 11:55
CVE-2014-7187 10.0
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deepl
02-01-2017 - 21:59 28-09-2014 - 15:55
CVE-2014-7186 10.0
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here doc
02-01-2017 - 21:59 28-09-2014 - 15:55
CVE-2014-6277 10.0
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-poin
02-01-2017 - 21:59 27-09-2014 - 18:55
CVE-2015-3330 6.8
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or p
30-12-2016 - 21:59 09-06-2015 - 14:59
CVE-2015-3329 7.5
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) ph
30-12-2016 - 21:59 09-06-2015 - 14:59
CVE-2015-2787 7.5
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call th
30-12-2016 - 21:59 30-03-2015 - 06:59
CVE-2015-2783 5.8
ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length v
30-12-2016 - 21:59 09-06-2015 - 14:59
CVE-2015-2348 5.0
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extens
30-12-2016 - 21:59 30-03-2015 - 06:59
CVE-2015-2301 7.5
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an a
30-12-2016 - 21:59 30-03-2015 - 06:59
CVE-2015-1352 5.0
The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and applicat
30-12-2016 - 21:59 30-03-2015 - 06:59
CVE-2015-1351 7.5
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
30-12-2016 - 21:59 30-03-2015 - 06:59
CVE-2015-0273 7.5
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier
30-12-2016 - 21:59 30-03-2015 - 06:59
CVE-2015-0232 6.8
The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) v
30-12-2016 - 21:59 27-01-2015 - 15:04
CVE-2015-0231 7.5
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call th
30-12-2016 - 21:59 27-01-2015 - 15:03
CVE-2014-9709 5.0
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperl
30-12-2016 - 21:59 30-03-2015 - 06:59
CVE-2014-9705 7.5
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of m
30-12-2016 - 21:59 30-03-2015 - 06:59
CVE-2014-9652 5.0
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version
30-12-2016 - 21:59 30-03-2015 - 06:59
CVE-2014-9427 7.5
sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins wit
30-12-2016 - 21:59 02-01-2015 - 21:59
CVE-2015-5889 7.2
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.
23-12-2016 - 21:59 09-10-2015 - 01:59
CVE-2015-5912 5.0
The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.
21-12-2016 - 22:00 18-09-2015 - 08:00
CVE-2015-5903 10.0
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896.
21-12-2016 - 22:00 18-09-2015 - 08:00
CVE-2015-5899 7.2
libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
21-12-2016 - 22:00 18-09-2015 - 08:00
CVE-2015-5896 7.2
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5903.
21-12-2016 - 22:00 18-09-2015 - 08:00
CVE-2015-5885 5.0
The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain.
21-12-2016 - 22:00 18-09-2015 - 08:00
CVE-2015-5882 7.2
The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges.
21-12-2016 - 22:00 18-09-2015 - 08:00
CVE-2015-5879 5.0
XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted he
21-12-2016 - 22:00 18-09-2015 - 08:00
CVE-2015-5876 9.3
dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
21-12-2016 - 22:00 18-09-2015 - 08:00
CVE-2015-5874 7.5
CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
21-12-2016 - 22:00 18-09-2015 - 08:00
CVE-2015-5869 3.3
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
21-12-2016 - 22:00 18-09-2015 - 08:00
CVE-2015-5868 7.2
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903.
21-12-2016 - 22:00 18-09-2015 - 08:00
CVE-2015-5867 9.3
IOHIDFamily in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
21-12-2016 - 22:00 18-09-2015 - 08:00
CVE-2015-5863 2.1
IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors.
21-12-2016 - 22:00 18-09-2015 - 08:00
CVE-2015-5862 4.3
The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file.
21-12-2016 - 22:00 18-09-2015 - 08:00
CVE-2015-5860 5.0
The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site.
21-12-2016 - 22:00 18-09-2015 - 07:00
CVE-2015-5858 5.0
The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL.
21-12-2016 - 22:00 18-09-2015 - 07:00
CVE-2015-5855 4.3
Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app.
21-12-2016 - 22:00 18-09-2015 - 07:00
CVE-2015-5851 2.1
The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack.
21-12-2016 - 22:00 18-09-2015 - 07:00
CVE-2015-5847 7.2
The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
21-12-2016 - 22:00 18-09-2015 - 07:00
CVE-2015-5842 2.1
XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors.
21-12-2016 - 22:00 18-09-2015 - 06:59
CVE-2015-5841 5.0
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.
21-12-2016 - 22:00 18-09-2015 - 06:59
CVE-2015-5840 5.0
The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data.
21-12-2016 - 22:00 18-09-2015 - 06:59
CVE-2015-5839 5.0
dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file.
21-12-2016 - 22:00 18-09-2015 - 06:59
CVE-2015-5831 5.0
NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app.
21-12-2016 - 22:00 18-09-2015 - 06:59
CVE-2015-5824 4.3
The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive info
21-12-2016 - 22:00 18-09-2015 - 06:59
CVE-2014-8147 7.5
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which all
21-12-2016 - 21:59 25-05-2015 - 18:59
CVE-2014-8146 7.5
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows
21-12-2016 - 21:59 25-05-2015 - 18:59
CVE-2015-5830 7.2
The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877.
09-12-2016 - 11:47 09-10-2015 - 01:59
CVE-2015-5833 7.2
The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation.
09-12-2016 - 11:47 09-10-2015 - 01:59
CVE-2015-5864 2.1
IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
09-12-2016 - 11:43 09-10-2015 - 01:59
CVE-2015-5836 4.3
Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app.
09-12-2016 - 11:42 09-10-2015 - 01:59
CVE-2015-5854 2.1
The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors.
09-12-2016 - 11:42 09-10-2015 - 01:59
CVE-2015-5849 6.8
The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection.
09-12-2016 - 11:42 09-10-2015 - 01:59
CVE-2015-5853 3.3
AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors.
09-12-2016 - 11:42 09-10-2015 - 01:59
CVE-2015-5865 4.3
IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
09-12-2016 - 11:42 09-10-2015 - 01:59
CVE-2015-5870 2.1
The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors.
09-12-2016 - 11:42 09-10-2015 - 01:59
CVE-2015-5866 9.3
IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
09-12-2016 - 11:42 09-10-2015 - 01:59
CVE-2015-5872 7.2
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890.
09-12-2016 - 11:13 09-10-2015 - 01:59
CVE-2015-5871 7.2
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890.
09-12-2016 - 11:13 09-10-2015 - 01:59
CVE-2015-5873 7.2
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890.
09-12-2016 - 10:50 09-10-2015 - 01:59
CVE-2015-5875 2.1
Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text.
09-12-2016 - 10:49 09-10-2015 - 01:59
CVE-2015-5878 2.1
Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors.
09-12-2016 - 10:34 09-10-2015 - 01:59
CVE-2015-5877 7.2
The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830.
09-12-2016 - 10:34 09-10-2015 - 01:59
CVE-2015-7760 5.0
libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different
07-12-2016 - 22:14 09-10-2015 - 01:59
CVE-2015-5922 10.0
Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors.
07-12-2016 - 22:11 09-10-2015 - 01:59
CVE-2015-5917 5.0
The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated b
07-12-2016 - 22:11 09-10-2015 - 01:59
CVE-2015-5915 5.0
Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors.
07-12-2016 - 22:11 09-10-2015 - 01:59
CVE-2015-5914 4.7
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. N
07-12-2016 - 22:11 09-10-2015 - 01:59
CVE-2015-5913 6.8
Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request.
07-12-2016 - 22:11 09-10-2015 - 01:59
CVE-2015-5902 4.9
The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors.
07-12-2016 - 22:11 09-10-2015 - 01:59
CVE-2015-5901 2.1
The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive.
07-12-2016 - 22:11 09-10-2015 - 01:59
CVE-2015-5900 7.1
The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address.
07-12-2016 - 22:11 09-10-2015 - 01:59
CVE-2015-5897 4.6
The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework.
07-12-2016 - 22:11 09-10-2015 - 01:59
CVE-2015-5894 4.3
The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof end
07-12-2016 - 22:11 09-10-2015 - 01:59
CVE-2015-5893 2.1
SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
07-12-2016 - 22:11 09-10-2015 - 01:59
CVE-2015-5891 7.2
The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
07-12-2016 - 22:11 09-10-2015 - 01:59
CVE-2015-5890 7.2
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873.
07-12-2016 - 22:11 09-10-2015 - 01:59
CVE-2015-5888 7.2
The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file.
07-12-2016 - 22:11 09-10-2015 - 01:59
CVE-2015-5887 10.0
The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecifie
07-12-2016 - 22:11 09-10-2015 - 01:59
CVE-2015-5884 3.3
The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail mess
07-12-2016 - 22:11 09-10-2015 - 01:59
CVE-2015-5883 5.0
The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a cra
07-12-2016 - 22:11 09-10-2015 - 01:59
CVE-2015-5523 4.3
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
07-12-2016 - 22:10 11-08-2015 - 10:59
CVE-2015-5522 6.8
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.
07-12-2016 - 22:10 11-08-2015 - 10:59
CVE-2015-3785 1.9
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.
07-12-2016 - 22:08 09-10-2015 - 01:59
CVE-2013-3951 4.6
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a prog
07-12-2016 - 22:03 05-06-2013 - 10:39
CVE-2015-7761 5.0
Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760.
07-12-2016 - 13:25 09-10-2015 - 01:59
CVE-2014-9425 7.5
Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact
06-12-2016 - 22:01 30-12-2014 - 21:59
CVE-2015-2331 7.5
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial
02-12-2016 - 22:04 30-03-2015 - 06:59
CVE-2014-8611 6.9
The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (hea
06-04-2016 - 08:40 18-09-2015 - 06:59
CVE-2015-5859 4.3
The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by
30-11-2015 - 14:50 21-11-2015 - 22:59
Back to Top Mark selected
Back to Top