Vulnerabilities > Apple > MAC OS X
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-10-09 | CVE-2015-5917 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Netbsd Tnftpd The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring. | 5.0 |
| 2015-10-09 | CVE-2015-5915 | Code vulnerability in Apple mac OS X Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors. | 5.0 |
| 2015-10-09 | CVE-2015-5914 | Code vulnerability in Apple mac OS X The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. | 4.7 |
| 2015-10-09 | CVE-2015-5913 | Improper Access Control vulnerability in Apple mac OS X Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request. | 6.8 |
| 2015-10-09 | CVE-2015-5902 | Multiple Security vulnerability in Apple Mac OS X Prior to 10.11 The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors. | 4.9 |
| 2015-10-09 | CVE-2015-5901 | Information Exposure vulnerability in Apple mac OS X The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive. | 2.1 |
| 2015-10-09 | CVE-2015-5900 | 7PK - Security Features vulnerability in Apple mac OS X The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address. | 7.1 |
| 2015-10-09 | CVE-2015-5897 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework. | 4.6 |
| 2015-10-09 | CVE-2015-5894 | Code vulnerability in Apple mac OS X The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. | 4.3 |
| 2015-10-09 | CVE-2015-5893 | Information Exposure vulnerability in Apple mac OS X SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | 2.1 |