| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors. |
| IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist. |
| Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow local users to gain privileges via XPC messages. |
| bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. |
| QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. |
| The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. |
| Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search. |
| CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app. |
| SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. |
| Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
| The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors. |
| The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired devices via a crafted app. |
| The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets. |
| QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. |
| QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. |
| QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. |
| QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. |
| QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. |
| CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. |
| The Speech UI in Apple OS X before 10.10.5, when speech alerts are enabled, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Unicode string. |
