Vulnerabilities > Apple > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-10-09 | CVE-2015-7760 | Resource Management Errors vulnerability in Apple mac OS X libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by repeatedly connecting to the SSH port, a different vulnerability than CVE-2015-7761. | 5.0 |
2015-10-09 | CVE-2015-5917 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Netbsd Tnftpd The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring. | 5.0 |
2015-10-09 | CVE-2015-5915 | Code vulnerability in Apple mac OS X Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors. | 5.0 |
2015-10-09 | CVE-2015-5914 | Code vulnerability in Apple mac OS X The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. | 4.7 |
2015-10-09 | CVE-2015-5913 | Improper Access Control vulnerability in Apple mac OS X Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request. | 6.8 |
2015-10-09 | CVE-2015-5902 | Multiple Security vulnerability in Apple Mac OS X Prior to 10.11 The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors. | 4.9 |
2015-10-09 | CVE-2015-5897 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework. | 4.6 |
2015-10-09 | CVE-2015-5894 | Code vulnerability in Apple mac OS X The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. | 4.3 |
2015-10-09 | CVE-2015-5883 | Improper Input Validation vulnerability in Apple mac OS X The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence. | 5.0 |
2015-10-09 | CVE-2015-5865 | Information Exposure vulnerability in Apple mac OS X IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | 4.3 |