Vulnerabilities > Apple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-10-09 | CVE-2015-5894 | Code vulnerability in Apple mac OS X The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. | 4.3 |
| 2015-10-09 | CVE-2015-5893 | Information Exposure vulnerability in Apple mac OS X SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | 2.1 |
| 2015-10-09 | CVE-2015-5891 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 7.2 |
| 2015-10-09 | CVE-2015-5890 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873. | 7.2 |
| 2015-10-09 | CVE-2015-5889 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables. | 7.2 |
| 2015-10-09 | CVE-2015-5888 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file. | 7.2 |
| 2015-10-09 | CVE-2015-5887 | Code vulnerability in Apple mac OS X The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data. | 10.0 |
| 2015-10-09 | CVE-2015-5884 | Information Exposure vulnerability in Apple mac OS X The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment. | 3.3 |
| 2015-10-09 | CVE-2015-5883 | Improper Input Validation vulnerability in Apple mac OS X The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence. | 5.0 |
| 2015-10-09 | CVE-2015-5878 | Information Exposure vulnerability in Apple mac OS X Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors. | 2.1 |