Mac Os X Security Vulnerabilities and Issues — Page 28 of Mac Os X CVE List

Lucene search

AppleMac Os X

3225 matches found

CVE•added 2015/10/23 10:59 a.m.•61 views

CVE-2015-6975

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.

7.5CVSS9AI score0.02129EPSS

CVE•added 2016/06/26 1:59 a.m.•61 views

CVE-2015-7988

The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.

9.8CVSS9.7AI score0.03714EPSS

CVE•added 2016/03/24 1:59 a.m.•61 views

CVE-2016-1769

QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.

7.8CVSS6.7AI score0.05269EPSS

CVE•added 2016/07/22 2:59 a.m.•61 views

CVE-2016-4607

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors...

9.8CVSS9.2AI score

CVE•added 2017/02/20 8:59 a.m.•61 views

CVE-2016-4673

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial o...

7.8CVSS8.1AI score0.00732EPSS

CVE•added 2016/09/25 10:59 a.m.•61 views

CVE-2016-4707

CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.

4CVSS5.1AI score0.00059EPSS

CVE•added 2016/09/25 10:59 a.m.•61 views

CVE-2016-4725

IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site.

8.1CVSS7.7AI score0.01307EPSS

CVE•added 2018/04/03 6:29 a.m.•61 views

CVE-2017-13827

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that performs kext loading.

9.3CVSS7.7AI score0.00232EPSS

CVE•added 2017/12/25 9:29 p.m.•61 views

CVE-2017-13848

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS7AI score0.00176EPSS

CVE•added 2017/04/02 1:59 a.m.•61 views

CVE-2017-2403

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL.

8.8CVSS8.5AI score0.01022EPSS

CVE•added 2017/04/02 1:59 a.m.•61 views

CVE-2017-2436

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.1AI score0.00183EPSS

CVE•added 2017/04/02 1:59 a.m.•61 views

CVE-2017-2477

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "libxslt" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

9.8CVSS8.7AI score0.00829EPSS

CVE•added 2017/10/23 1:29 a.m.•61 views

CVE-2017-7141

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via an...

5.3CVSS5.9AI score0.00194EPSS

CVE•added 2018/04/03 6:29 a.m.•61 views

CVE-2018-4094

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of s...

7.8CVSS8.6AI score0.00516EPSS

CVE•added 2019/04/03 6:29 p.m.•61 views

CVE-2018-4343

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

9.3CVSS7.9AI score0.03814EPSS

CVE•added 2019/04/03 6:29 p.m.•61 views

CVE-2018-4421

A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.

9.3CVSS6.9AI score0.00251EPSS

CVE•added 2019/03/05 4:29 p.m.•61 views

CVE-2019-6200

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. An attacker in a privileged network position may be able to execute arbitrary code.

8.8CVSS7.1AI score0.00165EPSS

CVE•added 2019/12/18 6:15 p.m.•61 views

CVE-2019-8533

A lock handling issue was addressed with improved lock handling. This issue is fixed in macOS Mojave 10.14.4. A Mac may not lock when disconnecting from an external monitor.

7.8CVSS7.2AI score0.00118EPSS

CVE•added 2019/12/18 6:15 p.m.•61 views

CVE-2019-8561

A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to elevate privileges.

7.8CVSS7.1AI score0.53EPSS

CVE•added 2019/12/18 6:15 p.m.•61 views

CVE-2019-8616

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.

7.8CVSS7.6AI score0.00119EPSS

CVE•added 2019/12/18 6:15 p.m.•61 views

CVE-2019-8701

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges.

7.8CVSS7.9AI score0.00131EPSS

CVE•added 2020/10/27 9:15 p.m.•61 views

CVE-2019-8858

A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A user who shares their screen may not be able to end screen sharing.

5.3CVSS5.7AI score0.00241EPSS

CVE•added 2020/12/08 8:15 p.m.•61 views

CVE-2020-10006

This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files.

5.5CVSS5.3AI score0.00314EPSS

CVE•added 2020/12/08 8:15 p.m.•61 views

CVE-2020-10011

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination...

7.8CVSS7.3AI score0.00748EPSS

CVE•added 2021/04/02 6:15 p.m.•61 views

CVE-2020-27914

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges.

9.3CVSS7.7AI score0.00235EPSS

CVE•added 2020/10/27 9:15 p.m.•61 views

CVE-2020-9774

An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed.

7.5CVSS7.8AI score0.00151EPSS

CVE•added 2020/06/09 5:15 p.m.•61 views

CVE-2020-9832

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout.

5.5CVSS5.2AI score0.00226EPSS

CVE•added 2020/06/09 5:15 p.m.•61 views

CVE-2020-9841

An integer overflow was addressed through improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.5AI score0.00264EPSS

CVE•added 2020/12/08 8:15 p.m.•61 views

CVE-2020-9974

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to determine kernel memory layout.

5.5CVSS4.9AI score0.00349EPSS

CVE•added 2021/10/19 2:15 p.m.•61 views

CVE-2021-30830

A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.5AI score0.00195EPSS

CVE•added 2021/08/24 7:15 p.m.•61 views

CVE-2021-30961

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.

5.5CVSS6AI score0.00235EPSS

CVE•added 2002/11/04 5:0 a.m.•60 views

CVE-2002-0666

IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness error...

5CVSS6.7AI score0.00969EPSS

CVE•added 2005/07/18 4:0 a.m.•60 views

CVE-2005-1689

Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.

9.8CVSS9.7AI score0.55203EPSS

CVE•added 2008/03/19 10:44 a.m.•60 views

CVE-2008-0063

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

7.5CVSS8.6AI score0.04745EPSS

CVE•added 2010/11/16 10:0 p.m.•60 views

CVE-2010-3788

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file.

6.8CVSS9AI score0.01058EPSS

CVE•added 2010/11/16 10:0 p.m.•60 views

CVE-2010-3792

Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.

6.8CVSS9AI score0.01058EPSS

CVE•added 2014/09/18 10:55 a.m.•60 views

CVE-2014-4371

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4...

1.9CVSS3.6AI score0.00078EPSS

CVE•added 2014/09/18 10:55 a.m.•60 views

CVE-2014-4380

The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application.

9.3CVSS8.5AI score0.02385EPSS

CVE•added 2014/09/18 10:55 a.m.•60 views

CVE-2014-4413

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA...

6.8CVSS7.8AI score0.01114EPSS

CVE•added 2015/03/12 10:59 a.m.•60 views

CVE-2015-1061

IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.

9.3CVSS6.8AI score0.05405EPSS

CVE•added 2015/04/10 2:59 p.m.•60 views

CVE-2015-1105

The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.

5CVSS6.2AI score0.06234EPSS

CVE•added 2015/05/13 10:59 a.m.•60 views

CVE-2015-3046

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE...

10CVSS7.6AI score0.10445EPSS

CVE•added 2015/05/13 11:0 a.m.•60 views

CVE-2015-3065

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE...

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•60 views

CVE-2015-3067

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/07/03 1:59 a.m.•60 views

CVE-2015-3701

Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, and CVE-2015-3702.

7.2CVSS4.1AI score0.0014EPSS

CVE•added 2015/07/03 2:0 a.m.•60 views

CVE-2015-3719

TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694.

6.8CVSS5.2AI score0.01404EPSS

CVE•added 2015/08/17 12:0 a.m.•60 views

CVE-2015-5761

CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.

6.8CVSS8.7AI score0.0281EPSS

CVE•added 2015/09/18 12:0 p.m.•60 views

CVE-2015-5868

The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903.

7.2CVSS6AI score0.02023EPSS

CVE•added 2015/10/23 9:59 p.m.•60 views

CVE-2015-7010

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6...

6.8CVSS7.4AI score0.03768EPSS

CVE•added 2016/03/24 1:59 a.m.•60 views

CVE-2016-1740

FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.

9.3CVSS7.4AI score0.0135EPSS

Total number of security vulnerabilities3225