Vulnerabilities > Apple

DATE CVE VULNERABILITY TITLE RISK
2015-08-16 CVE-2015-3783 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
network
low complexity
apple CWE-119
7.5
2015-08-16 CVE-2015-3782 Information Exposure vulnerability in Apple Iphone OS and mac OS X
CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.
network
apple CWE-200
4.3
2015-08-16 CVE-2015-3781 Cross-site Scripting vulnerability in Apple mac OS X
Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search.
network
apple CWE-79
4.3
2015-08-16 CVE-2015-3780 Information Exposure vulnerability in Apple mac OS X
The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
network
apple CWE-200
4.3
2015-08-16 CVE-2015-3779 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Quicktime 7.0.0
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779.
network
apple CWE-119
6.8
2015-08-16 CVE-2015-3778 Information Exposure vulnerability in Apple Iphone OS and mac OS X
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
low complexity
apple CWE-200
3.3
2015-08-16 CVE-2015-3777 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow local users to gain privileges via XPC messages.
local
low complexity
apple CWE-119
7.2
2015-08-16 CVE-2015-3776 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X
IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
network
apple CWE-119
critical
9.3
2015-08-16 CVE-2015-3775 Improper Authentication vulnerability in Apple mac OS X
Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors.
local
low complexity
apple CWE-287
7.2
2015-08-16 CVE-2015-3774 Improper Input Validation vulnerability in Apple mac OS X
The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream.
low complexity
apple CWE-20
4.8