Vulnerabilities > Apple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-10-09 | CVE-2015-5853 | Information Exposure vulnerability in Apple mac OS X AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors. | 3.3 |
| 2015-10-09 | CVE-2015-5849 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection. | 6.8 |
| 2015-10-09 | CVE-2015-5836 | Information Exposure vulnerability in Apple mac OS X Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app. | 4.3 |
| 2015-10-09 | CVE-2015-5833 | 7PK - Security Features vulnerability in Apple mac OS X The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation. | 7.2 |
| 2015-10-09 | CVE-2015-5830 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877. | 7.2 |
| 2015-10-09 | CVE-2015-5828 | Improper Input Validation vulnerability in multiple products The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site. | 4.3 |
| 2015-10-09 | CVE-2015-5780 | Improper Input Validation vulnerability in Apple Safari The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors. | 10.0 |
| 2015-10-09 | CVE-2015-3785 | Multiple Security vulnerability in Apple Mac OS X Prior to 10.11 The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors. local apple | 1.9 |
| 2015-09-26 | CVE-2015-6306 | Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client 4.1.(8) Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947. | 7.2 |
| 2015-09-22 | CVE-2015-6682 | Use After Free Remote Code Execution vulnerability in Adobe Flash Player and AIR APSB15-23 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, and CVE-2015-5584. | 10.0 |