Mac Os X Security Vulnerabilities and Issues — Page 20 of Mac Os X CVE List

Lucene search

AppleMac Os X

3225 matches found

CVE•added 2010/07/28 12:48 p.m.•72 views

CVE-2010-0211

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing i...

9.8CVSS8.8AI score0.42633EPSS

CVE•added 2011/03/02 8:0 p.m.•72 views

CVE-2010-4754

The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstr...

4CVSS8.1AI score0.25067EPSS

CVE•added 2015/01/18 6:59 p.m.•72 views

CVE-2015-0973

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.

8.8CVSS7.3AI score0.02533EPSS

CVE•added 2015/05/13 10:59 a.m.•72 views

CVE-2015-3048

Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unknown vectors.

10CVSS7.7AI score0.11897EPSS

CVE•added 2015/05/13 11:0 a.m.•72 views

CVE-2015-3073

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE...

10CVSS6.4AI score0.31105EPSS

CVE•added 2016/07/22 2:59 a.m.•72 views

CVE-2016-4615

libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors...

9.8CVSS9.1AI score

CVE•added 2017/11/13 3:29 a.m.•72 views

CVE-2017-13828

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Fonts" component. It allows remote attackers to spoof the user interface via crafted text.

5.5CVSS5.9AI score0.00164EPSS

CVE•added 2017/12/25 9:29 p.m.•72 views

CVE-2017-13878

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash).

7.1CVSS6.3AI score0.00095EPSS

CVE•added 2019/04/03 6:29 p.m.•72 views

CVE-2017-13911

A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS X El Capitan 10.11.6 Security Update 2018-002, macOS Sierra 10.12.6 Security Update 2018-002, macOS High Sierra 10.13.2.

9.3CVSS7.4AI score0.00127EPSS

CVE•added 2017/02/20 8:59 a.m.•72 views

CVE-2017-2360

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or c...

9.3CVSS6.8AI score0.03244EPSS

CVE•added 2017/12/27 5:8 p.m.•72 views

CVE-2017-7163

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.4AI score0.00229EPSS

CVE•added 2018/04/03 6:29 a.m.•72 views

CVE-2017-7173

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

5.5CVSS5AI score0.04078EPSS

CVE•added 2018/04/03 6:29 a.m.•72 views

CVE-2018-4100

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. watchOS before 4.2.2 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted tex...

7.5CVSS6.9AI score0.04117EPSS

CVE•added 2019/01/11 6:29 p.m.•72 views

CVE-2018-4182

In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS.

8.2CVSS6.7AI score0.00055EPSS

CVE•added 2019/04/03 6:29 p.m.•72 views

CVE-2018-4383

A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

9.3CVSS7.8AI score0.00185EPSS

CVE•added 2019/04/03 6:29 p.m.•72 views

CVE-2018-4395

This issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

5.5CVSS6.1AI score0.00069EPSS

CVE•added 2019/04/03 6:29 p.m.•72 views

CVE-2018-4408

A memory corruption issue was addressed with improved input validation This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

9.3CVSS7.4AI score0.00204EPSS

CVE•added 2019/12/18 6:15 p.m.•72 views

CVE-2019-8516

A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service.

7.5CVSS6.8AI score0.00642EPSS

CVE•added 2019/12/18 6:15 p.m.•72 views

CVE-2019-8527

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

9.4CVSS8AI score0.00967EPSS

CVE•added 2019/12/18 6:15 p.m.•72 views

CVE-2019-8789

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information.

5.5CVSS5.3AI score0.00255EPSS

CVE•added 2020/10/27 8:15 p.m.•72 views

CVE-2019-8799

This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications.

2.4CVSS4.6AI score0.0007EPSS

CVE•added 2020/12/08 8:15 p.m.•72 views

CVE-2020-10016

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.4AI score0.00564EPSS

CVE•added 2020/12/08 9:15 p.m.•72 views

CVE-2020-10017

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.

7.8CVSS7.5AI score0.00646EPSS

CVE•added 2020/02/27 9:15 p.m.•72 views

CVE-2020-3845

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with system privileges.

9.3CVSS7.9AI score0.00374EPSS

CVE•added 2020/04/01 7:15 p.m.•72 views

CVE-2020-3848

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

9.8CVSS9.1AI score0.00857EPSS

CVE•added 2020/06/09 5:15 p.m.•72 views

CVE-2020-9809

An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine kernel memory layout.

7.1CVSS5AI score0.00297EPSS

CVE•added 2020/06/09 5:15 p.m.•72 views

CVE-2020-9826

A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service.

7.5CVSS6.7AI score0.00471EPSS

CVE•added 2020/10/27 9:15 p.m.•72 views

CVE-2020-9857

An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra. A malicious website may be able to exfiltrate autofilled data in Safari.

4.3CVSS4.6AI score0.0025EPSS

CVE•added 2020/10/22 6:15 p.m.•72 views

CVE-2020-9863

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.8AI score0.00456EPSS

CVE•added 2020/10/16 5:15 p.m.•72 views

CVE-2020-9865

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox.

8.6CVSS8AI score0.00305EPSS

CVE•added 2021/04/02 6:15 p.m.•72 views

CVE-2020-9926

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing maliciously crafted X...

7.8CVSS8.3AI score0.00667EPSS

CVE•added 2021/04/02 6:15 p.m.•72 views

CVE-2020-9960

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted audio file may ...

7.8CVSS7.6AI score0.00395EPSS

CVE•added 2020/10/22 7:15 p.m.•72 views

CVE-2020-9984

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to a...

7.8CVSS8.1AI score0.00424EPSS

CVE•added 2021/09/08 3:15 p.m.•72 views

CVE-2021-1762

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or a...

7.8CVSS7.8AI score0.0032EPSS

CVE•added 2021/04/02 6:15 p.m.•72 views

CVE-2021-1777

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

7.8CVSS8AI score0.00402EPSS

CVE•added 2021/09/08 3:15 p.m.•72 views

CVE-2021-1784

A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to modify protected parts of the file system.

7.5CVSS7.3AI score0.00382EPSS

CVE•added 2021/08/24 7:15 p.m.•72 views

CVE-2021-30941

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may disclose memory contents.

5.5CVSS5.8AI score0.00305EPSS

CVE•added 2022/03/18 6:15 p.m.•72 views

CVE-2022-22583

A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.

5.5CVSS5.5AI score0.00065EPSS

CVE•added 2008/03/18 11:44 p.m.•71 views

CVE-2008-1000

Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments.

8.5CVSS8.3AI score0.02682EPSS

CVE•added 2009/11/10 7:30 p.m.•71 views

CVE-2009-2820

The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related ...

4.3CVSS6.8AI score0.01726EPSS

CVE•added 2010/06/22 5:30 p.m.•71 views

CVE-2010-1637

The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.

6.5CVSS5.9AI score0.00128EPSS

CVE•added 2015/05/13 11:0 a.m.•71 views

CVE-2015-3066

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/07/03 1:59 a.m.•71 views

CVE-2015-3687

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3688, and CVE-2015-3689.

6.8CVSS5.1AI score0.02635EPSS

CVE•added 2017/02/20 8:59 a.m.•71 views

CVE-2016-7644

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-afte...

9.3CVSS6.8AI score0.0359EPSS

CVE•added 2017/11/13 3:29 a.m.•71 views

CVE-2017-13830

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.2AI score0.00175EPSS

CVE•added 2017/12/25 9:29 p.m.•71 views

CVE-2017-13871

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an S/MIME certificate by the...

7.5CVSS6.5AI score0.00538EPSS

CVE•added 2017/04/02 1:59 a.m.•71 views

CVE-2017-2482

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A buffer overflow allows attackers to execute arbitrary code in a privileged con...

9.3CVSS7.9AI score0.05787EPSS

CVE•added 2017/07/20 4:29 p.m.•71 views

CVE-2017-7029

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a craf...

5.5CVSS5.4AI score0.00265EPSS

CVE•added 2017/10/23 1:29 a.m.•71 views

CVE-2017-7114

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial ...

9.3CVSS8.1AI score0.00183EPSS

CVE•added 2019/04/03 6:29 p.m.•71 views

CVE-2018-4332

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

10CVSS8.4AI score0.00992EPSS

Total number of security vulnerabilities3225