Skip to main content
CVE-2015-5531 MEDIUM POC PATCH THREAT This Month

Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.0%.

Path Traversal Elastic Elasticsearch
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
92.0%
Threat
5.3
CVE-2015-5784 CRITICAL POC THREAT Emergency

runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 27.2%.

Apple Privilege Escalation RCE Mac Os X
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
27.2%
Threat
4.2
CVE-2015-5754 CRITICAL POC THREAT Emergency

Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 26.9%.

Race Condition Apple RCE Mac Os X
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
26.9%
Threat
4.2
CVE-2015-3798 HIGH POC THREAT Act Now

The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.2%.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
26.2%
CVE-2015-3796 HIGH POC THREAT Act Now

The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.1%.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
18.1%
CVE-2015-3795 CRITICAL Act Now

libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
9.3
EPSS
1.6%
CVE-2015-5783 CRITICAL Act Now

IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3770. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X
NVD
CVSS 2.0
9.3
EPSS
1.1%
CVE-2015-5757 CRITICAL Act Now

libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD
CVSS 2.0
9.3
EPSS
1.1%
CVE-2015-3799 CRITICAL Act Now

The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
9.3
EPSS
0.5%
CVE-2014-9743 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Vlc Media Player
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-5776 HIGH This Week

Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD
CVSS 2.0
7.5
EPSS
3.0%
CVE-2015-5779 HIGH This Week

QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Quicktime
NVD
CVSS 2.0
7.5
EPSS
2.7%
CVE-2015-5775 HIGH This Week

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2015-3804 HIGH This Week

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2015-3797 HIGH This Week

The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2015-5750 HIGH This Week

Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2015-3792 MEDIUM PATCH This Month

QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Quicktime
NVD
CVSS 2.0
6.8
EPSS
3.2%
CVE-2015-3791 MEDIUM PATCH This Month

QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Quicktime
NVD
CVSS 2.0
6.8
EPSS
3.2%
CVE-2015-3790 MEDIUM PATCH This Month

QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Quicktime
NVD
CVSS 2.0
6.8
EPSS
3.2%
CVE-2015-3789 MEDIUM PATCH This Month

QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Quicktime
NVD
CVSS 2.0
6.8
EPSS
3.2%
CVE-2015-5758 MEDIUM This Month

ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD
CVSS 2.0
6.8
EPSS
2.8%
CVE-2015-5755 MEDIUM PATCH This Month

CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Itunes +2
NVD
CVSS 2.0
6.8
EPSS
2.8%
CVE-2015-5773 MEDIUM This Month

QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow Microsoft RCE +2
NVD
CVSS 2.0
6.8
EPSS
2.5%
CVE-2015-5751 MEDIUM This Month

QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Quicktime
NVD
CVSS 2.0
6.8
EPSS
2.5%
CVE-2015-5761 MEDIUM PATCH This Month

CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +2
NVD
CVSS 2.0
6.8
EPSS
2.5%
CVE-2015-5769 HIGH This Week

The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Denial Of Service Iphone Os
NVD
CVSS 2.0
7.1
EPSS
0.8%
CVE-2015-5763 HIGH This Week

ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow Mac Os X
NVD
CVSS 2.0
7.2
EPSS
0.2%
CVE-2015-5756 MEDIUM This Month

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2015-5774 HIGH This Week

Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow Mac Os X Iphone Os
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-3800 HIGH This Week

The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow Iphone Os Mac Os X
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-3805 HIGH This Week

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os Mac Os X
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-3803 HIGH This Week

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os Mac Os X
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-3802 HIGH This Week

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os Mac Os X
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-3806 HIGH This Week

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os Mac Os X
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-5771 MEDIUM This Month

Quartz Composer Framework in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted QuickTime. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2015-5753 MEDIUM This Month

QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Quicktime
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2015-5778 MEDIUM This Month

CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
1.9%
CVE-2015-5777 MEDIUM This Month

CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
1.9%
CVE-2015-5772 MEDIUM This Month

Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Buffer Overflow RCE Mac Os X
NVD
CVSS 2.0
6.8
EPSS
1.7%
CVE-2015-3794 MEDIUM This Month

The Speech UI in Apple OS X before 10.10.5, when speech alerts are enabled, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2015-6254 MEDIUM This Month

The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Picketlink
NVD
CVSS 2.0
6.0
EPSS
0.7%
CVE-2015-0277 MEDIUM This Month

The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Picketlink
NVD
CVSS 2.0
6.0
EPSS
0.5%
CVE-2015-5770 MEDIUM This Month

MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD
CVSS 2.0
5.8
EPSS
0.4%
CVE-2015-5752 MEDIUM This Month

Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-5759 MEDIUM This Month

WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-5746 MEDIUM This Month

AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-5766 MEDIUM This Month

Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apple Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-5747 MEDIUM This Month

The fasttrap driver in the kernel in Apple OS X before 10.10.5 allows local users to cause a denial of service (resource consumption) via unspecified vectors. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Mac Os X
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-3807 MEDIUM This Month

libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow Iphone Os Mac Os X +1
NVD
CVSS 2.0
4.3
EPSS
2.4%
CVE-2015-5782 MEDIUM This Month

ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Iphone Os Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy