Vulnerabilities > Apple > MAC OS X > 10.3.5

DATE CVE VULNERABILITY TITLE RISK
2015-12-11 CVE-2015-7040 Multiple Security vulnerability in Apple Mac OS X/watchOS/iOS/tvOS
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7041, CVE-2015-7042, and CVE-2015-7043.
network
apple
4.3
2015-12-11 CVE-2015-7039 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7038.
network
apple CWE-119
6.8
2015-12-11 CVE-2015-7038 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7039.
network
apple CWE-119
6.8
2015-12-11 CVE-2015-7001 Permissions, Privileges, and Access Controls vulnerability in Apple products
AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app.
network
apple CWE-264
6.8
2015-12-06 CVE-2015-3195 Information Exposure vulnerability in multiple products
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
5.3
2015-11-22 CVE-2015-7036 Improper Input Validation vulnerability in Apple Iphone OS and mac OS X
The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.
network
low complexity
apple CWE-20
7.5
2015-11-22 CVE-2015-5859 Information Exposure vulnerability in Apple Iphone OS and mac OS X
The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
network
apple CWE-200
4.3
2015-11-18 CVE-2015-8035 Resource Management Errors vulnerability in multiple products
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
network
high complexity
debian xmlsoft apple canonical CWE-399
2.6
2015-11-18 CVE-2015-7942 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
6.8
2015-11-17 CVE-2015-7995 Remote Denial of Service vulnerability in libxslt 'libxslt/preproc.c' Type Confusion
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
network
low complexity
apple xmlsoft
5.0