Untrusted search path vulnerability in Adobe Download Manager, as used in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X, allows local users to gain privileges via a crafted resource in an unspecified directory.
Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors.
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access) via unspecified vectors.
The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or cause a denial of service (kernel memory corruption) via unspecified vectors.
Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors.
Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file.
A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Successful exploitation could result in a local user with permissions to write to the file system running system commands with administrator privileges.
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
kext tools in Apple OS X before 10.11.2 mishandles kernel-extension loading, which allows local users to gain privileges via unspecified vectors.
A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7084.
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083.
The Bluetooth HCI interface in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname.
slpd in Directory Services in Mac OS X 10.3.9 creates insecure temporary files as root, which allows local users to gain privileges.
The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830.
ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947.
The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file.
The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing.
The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877.
IOAcceleratorFamily in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
GasGauge in Apple watchOS before 2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5918.
libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890.
The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903.
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890.
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873.
Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges.
IOMobileFrameBuffer in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory.
Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain privileges via (1) chfn, (2) chpass, and (3) chsh, which "use external helper programs in an insecure manner."
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and perform a transition from Low Integrity to Medium Integrity via unspecified vectors, a different vulnerability than CVE-2015-4446 and CVE-2015-5106.
Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X before 10.3.9 allows local users to execute arbitrary code via a long -i (Server_id) argument.
Admin Framework in Apple OS X before 10.10.4 does not properly handle authentication errors, which allows local users to obtain admin privileges via unspecified vectors.
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.
Admin Framework in Apple OS X before 10.10.4 does not properly verify XPC entitlements, which allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user.
Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to execute arbitrary code.
The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, and CVE-2015-3701.
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
The CFPlugIn in Core Foundation framework in Mac OS X allows user supplied libraries to be loaded, which could allow local users to gain privileges.