Mac Os X Security Vulnerabilities and Issues — Page 25 of Mac Os X CVE List

Lucene search

AppleMac Os X

3225 matches found

CVE•added 2019/04/03 6:29 p.m.•65 views

CVE-2018-4324

A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. This issue affected versions prior to macOS Mojave 10.14.

5.5CVSS5.5AI score0.00146EPSS

CVE•added 2019/04/03 6:29 p.m.•65 views

CVE-2018-4336

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

9.3CVSS7.9AI score0.00185EPSS

CVE•added 2019/04/03 6:29 p.m.•65 views

CVE-2018-4427

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to: iOS 12.1, watchOS 5.1.2, tvOS 12.1.1, macOS High Sierra 10.13.6 Security Update 2018-003 High Sierra, macOS Sierra 10.12.6 Security Update 2018-006.

9.3CVSS7.2AI score0.00185EPSS

CVE•added 2019/03/05 4:29 p.m.•65 views

CVE-2019-6211

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.2AI score0.00643EPSS

CVE•added 2019/12/18 6:15 p.m.•65 views

CVE-2019-6239

This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojave 10.14.4. A malicious application may bypass Gatekeeper checks.

7.8CVSS7.2AI score0.0005EPSS

CVE•added 2020/10/27 8:15 p.m.•65 views

CVE-2019-8582

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iCloud for Windows 7.12, tvOS 12.3, iTunes 12.9.5 for Windows, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. Processing a maliciously crafted font may r...

5.5CVSS5.8AI score0.00296EPSS

CVE•added 2019/12/18 6:15 p.m.•65 views

CVE-2019-8606

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mojave 10.14.5. A local user may be able to load unsigned kernel extensions.

7CVSS5.8AI score0.00098EPSS

CVE•added 2019/12/18 6:15 p.m.•65 views

CVE-2019-8801

A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.

7.8CVSS7.8AI score0.00161EPSS

CVE•added 2020/12/08 8:15 p.m.•65 views

CVE-2020-10003

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.

7.8CVSS6.4AI score0.00288EPSS

CVE•added 2021/04/02 6:15 p.m.•65 views

CVE-2020-27923

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead...

7.8CVSS7.8AI score0.00482EPSS

CVE•added 2020/04/01 7:15 p.m.•65 views

CVE-2020-3849

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

9.8CVSS9.1AI score0.00857EPSS

CVE•added 2020/06/09 5:15 p.m.•65 views

CVE-2020-9788

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.5. A file may be incorrectly rendered to execute JavaScript.

9.3CVSS6.8AI score0.00179EPSS

CVE•added 2020/06/09 5:15 p.m.•65 views

CVE-2020-9817

A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges.

9.3CVSS6.9AI score0.00227EPSS

CVE•added 2020/10/22 6:15 p.m.•65 views

CVE-2020-9828

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to leak sensitive user information.

7.5CVSS6.5AI score0.00281EPSS

CVE•added 2020/10/22 6:15 p.m.•65 views

CVE-2020-9881

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

7.8CVSS8.3AI score0.01044EPSS

CVE•added 2021/09/08 2:15 p.m.•65 views

CVE-2021-30772

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to gain root privileges.

9.3CVSS7.5AI score0.0033EPSS

CVE•added 2021/08/24 7:15 p.m.•65 views

CVE-2021-30972

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-001 Catalina, macOS Big Sur 11.6.3. A malicious application may be able to bypass certain Privacy preferences.

5.5CVSS5.6AI score0.00055EPSS

CVE•added 2022/09/23 7:15 p.m.•65 views

CVE-2022-32799

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information.

5.9CVSS5.8AI score0.00201EPSS

CVE•added 2004/09/01 4:0 a.m.•64 views

CVE-2002-1265

The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).

5CVSS6.2AI score0.02369EPSS

CVE•added 2007/11/29 1:46 a.m.•64 views

CVE-2007-6165

Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a ...

9.3CVSS9.3AI score0.64008EPSS

CVE•added 2010/03/30 5:30 p.m.•64 views

CVE-2010-0533

Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors.

7.5CVSS8.3AI score0.00241EPSS

CVE•added 2013/06/05 2:39 p.m.•64 views

CVE-2013-0982

The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.

1.7CVSS6.3AI score0.00047EPSS

CVE•added 2014/01/21 6:55 p.m.•64 views

CVE-2013-5987

Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors.

7.2CVSS6.2AI score0.00099EPSS

CVE•added 2014/09/19 10:55 a.m.•64 views

CVE-2014-4394

An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4395, CV...

6.9CVSS7.2AI score0.00257EPSS

CVE•added 2014/11/18 11:59 a.m.•64 views

CVE-2014-4459

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.

6.8CVSS7.1AI score0.02966EPSS

CVE•added 2015/04/10 2:59 p.m.•64 views

CVE-2015-1099

Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.

4CVSS6AI score0.00072EPSS

CVE•added 2015/05/13 10:59 a.m.•64 views

CVE-2015-3050

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3051, CVE...

10CVSS7.6AI score0.10445EPSS

CVE•added 2015/05/13 10:59 a.m.•64 views

CVE-2015-3062

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE...

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•64 views

CVE-2015-3070

10CVSS7.6AI score0.10445EPSS

CVE•added 2015/09/18 12:0 p.m.•64 views

CVE-2015-5903

The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896.

10CVSS6AI score0.02023EPSS

CVE•added 2016/06/26 1:59 a.m.•64 views

CVE-2015-7987

Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.

9.8CVSS9.3AI score0.03085EPSS

CVE•added 2016/03/24 1:59 a.m.•64 views

CVE-2016-1758

The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.

4.3CVSS4.4AI score0.00276EPSS

CVE•added 2017/02/20 8:59 a.m.•64 views

CVE-2016-4688

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute ar...

8.8CVSS7.6AI score0.01334EPSS

CVE•added 2016/09/25 10:59 a.m.•64 views

CVE-2016-4712

CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.

9.3CVSS8.4AI score0.00263EPSS

CVE•added 2016/09/25 11:0 a.m.•64 views

CVE-2016-4772

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.

7.5CVSS7.2AI score0.03175EPSS

CVE•added 2016/09/25 11:0 a.m.•64 views

CVE-2016-4776

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774.

7.1CVSS6.8AI score0.00196EPSS

CVE•added 2017/02/20 8:59 a.m.•64 views

CVE-2016-7620

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOSurface" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

3.3CVSS3.3AI score0.00144EPSS

CVE•added 2017/11/13 3:29 a.m.•64 views

CVE-2017-13824

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Open Scripting Architecture" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted AppleScript file that is mishandle...

7.8CVSS8.1AI score0.00487EPSS

CVE•added 2018/04/03 6:29 a.m.•64 views

CVE-2017-13873

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information about arbitrary app...

4.3CVSS4.8AI score0.00335EPSS

CVE•added 2017/04/02 1:59 a.m.•64 views

CVE-2017-2458

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Keyboards" component. A buffer overflow allows attackers to execute arbitrary code in a privileged ...

9.3CVSS7.9AI score0.00701EPSS

CVE•added 2017/04/02 1:59 a.m.•64 views

CVE-2017-2467

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of servi...

7.8CVSS8.6AI score0.00808EPSS

CVE•added 2017/07/20 4:29 p.m.•64 views

CVE-2017-7068

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial...

8.8CVSS8.5AI score0.01802EPSS

CVE•added 2017/12/27 5:8 p.m.•64 views

CVE-2017-7159

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.4AI score0.00229EPSS

CVE•added 2018/04/03 6:29 a.m.•64 views

CVE-2018-4089

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of ...

8.8CVSS7.5AI score0.02333EPSS

CVE•added 2018/06/08 6:29 p.m.•64 views

CVE-2018-4141

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

5.5CVSS5.5AI score0.00197EPSS

CVE•added 2019/04/03 6:29 p.m.•64 views

CVE-2018-4410

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.1.

9.3CVSS6.9AI score0.00171EPSS

CVE•added 2019/04/03 6:29 p.m.•64 views

CVE-2018-4422

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.

9.3CVSS7.2AI score0.00387EPSS

CVE•added 2019/12/18 6:15 p.m.•64 views

CVE-2019-8508

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges.

7.8CVSS8.2AI score0.00118EPSS

CVE•added 2019/12/18 6:15 p.m.•64 views

CVE-2019-8510

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

5.5CVSS5.3AI score0.00068EPSS

CVE•added 2019/12/18 6:15 p.m.•64 views

CVE-2019-8520

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to read restricted memory.

5.5CVSS5.7AI score0.0006EPSS

Total number of security vulnerabilities3225