Skip to main content
CVE-2015-7007 HIGH POC THREAT Act Now

Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.2%.

Apple Authentication Bypass Mac Os X
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
78.2%
Threat
5.3
CVE-2015-6983 HIGH This Week

Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Iphone Os Mac Os X
NVD
CVSS 2.0
8.8
EPSS
1.0%
CVE-2015-6984 HIGH This Week

libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
8.8
EPSS
0.4%
CVE-2015-7017 HIGH PATCH This Week

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Itunes +2
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2015-6992 HIGH PATCH This Week

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Itunes +2
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2015-6975 HIGH PATCH This Week

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Apple Buffer Overflow RCE Itunes +2
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2015-7016 HIGH This Week

The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Mac Os X
NVD
CVSS 2.0
7.6
EPSS
0.3%
CVE-2015-7035 HIGH This Week

Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2015-7030 HIGH This Week

The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Xcode
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-6994 HIGH This Week

The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Denial Of Service Mac Os X Iphone Os
NVD
CVSS 2.0
7.1
EPSS
1.6%
CVE-2015-5932 HIGH This Week

The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
7.2
EPSS
1.1%
CVE-2015-5945 HIGH This Week

The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-7021 HIGH This Week

The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or cause a denial of service (kernel memory corruption) via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow Mac Os X
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2015-7004 HIGH This Week

The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Denial Of Service Iphone Os
NVD
CVSS 2.0
7.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy