Skip to main content
CVE-2015-3668 MEDIUM PATCH This Month

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
3.6%
CVE-2015-3667 MEDIUM PATCH This Month

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
3.2%
CVE-2015-3666 MEDIUM PATCH This Month

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
3.2%
CVE-2015-3663 MEDIUM PATCH This Month

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
3.2%
CVE-2015-3662 MEDIUM PATCH This Month

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
3.2%
CVE-2015-3661 MEDIUM PATCH This Month

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Quicktime +1
NVD
CVSS 2.0
6.8
EPSS
3.2%
CVE-2015-3688 MEDIUM PATCH This Month

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Itunes +2
NVD
CVSS 2.0
6.8
EPSS
2.6%
CVE-2015-3687 MEDIUM PATCH This Month

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +2
NVD
CVSS 2.0
6.8
EPSS
2.6%
CVE-2015-3686 MEDIUM PATCH This Month

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +2
NVD
CVSS 2.0
6.8
EPSS
2.6%
CVE-2015-3682 MEDIUM PATCH This Month

Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Mac Os X
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2015-3681 MEDIUM PATCH This Month

Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Mac Os X
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2015-3680 MEDIUM PATCH This Month

Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Mac Os X
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2015-3679 MEDIUM PATCH This Month

Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Mac Os X
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2015-3669 MEDIUM PATCH This Month

QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Quicktime +1
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2015-3665 MEDIUM PATCH This Month

QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Quicktime
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2015-3664 MEDIUM PATCH This Month

QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Quicktime
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2015-3703 MEDIUM PATCH This Month

ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
1.9%
CVE-2015-3689 MEDIUM PATCH This Month

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
1.9%
CVE-2015-3685 MEDIUM PATCH This Month

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD
CVSS 2.0
6.8
EPSS
1.9%
CVE-2015-3684 MEDIUM PATCH This Month

The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2015-3719 MEDIUM PATCH This Month

TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2015-3694 MEDIUM PATCH This Month

FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2015-3713 MEDIUM This Month

QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2015-3718 MEDIUM PATCH This Month

systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Apple RCE Mac Os X
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2015-3724 MEDIUM This Month

CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2015-3723 MEDIUM This Month

CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2015-3659 MEDIUM This Month

The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Privilege Escalation RCE Iphone Os +2
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2015-3727 MEDIUM This Month

WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Safari Iphone Os Mac Os X
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2015-3709 MEDIUM PATCH This Month

Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation. Rated medium severity (CVSS 6.9).

Race Condition Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2015-3658 MEDIUM This Month

The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple CSRF Safari Iphone Os Mac Os X
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-3715 MEDIUM PATCH This Month

The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-3692 MEDIUM PATCH This Month

Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
6.8
EPSS
0.0%
CVE-2015-4239 MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13(0.21) allows remote attackers to cause a denial of service (device reload) by sending crafted OSPFv2 packets on the local. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
CVSS 2.0
6.1
EPSS
0.5%
CVE-2015-3675 MEDIUM PATCH This Month

The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Apache Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-3714 MEDIUM PATCH This Month

Apple OS X before 10.10.4 does not properly consider custom resource rules during app signature verification, which allows attackers to bypass intended launch restrictions via a modified app. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-3728 MEDIUM This Month

The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
4.8
EPSS
0.2%
CVE-2015-3726 MEDIUM This Month

The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Apple RCE Iphone Os
NVD
CVSS 2.0
4.6
EPSS
0.3%
CVE-2015-4232 MEDIUM This Month

Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Nx Os
NVD
CVSS 2.0
4.6
EPSS
0.3%
CVE-2015-4237 MEDIUM This Month

The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco Nx Os
NVD
CVSS 2.0
4.6
EPSS
0.2%
CVE-2015-3716 MEDIUM PATCH This Month

Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library. Rated medium severity (CVSS 4.4). This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Apple Mac Os X
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2015-3725 MEDIUM This Month

MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Denial Of Service Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-3722 MEDIUM This Month

Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Denial Of Service Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-3721 MEDIUM PATCH This Month

The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apple Information Disclosure Mac Os X Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-3690 MEDIUM PATCH This Month

The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apple Information Disclosure Mac Os X Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-3710 MEDIUM PATCH This Month

Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Apple Information Disclosure Iphone Os Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-3720 MEDIUM PATCH This Month

The kernel in Apple OS X before 10.10.4 does not properly manage memory in kernel-extension APIs, which allows attackers to obtain sensitive memory-layout information via a crafted app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-3660 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Apple Safari
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-3711 MEDIUM PATCH This Month

The NTFS implementation in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-3677 MEDIUM PATCH This Month

The LZVN compression feature in AppleFSCompression in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-3676 MEDIUM PATCH This Month

AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information via a crafted app. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy