Mac Os X Security Vulnerabilities and Issues — Page 2 of Mac Os X CVE List

Lucene search

AppleMac Os X

439 matches found

CVE•added 2015/08/11 2:59 p.m.•82 views

CVE-2015-5522

Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.

6.8CVSS6.8AI score0.04193EPSS

CVE•added 2015/07/03 2:0 a.m.•81 views

CVE-2015-3717

Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

7.5CVSS6.5AI score0.01438EPSS

CVE•added 2015/08/11 2:59 p.m.•80 views

CVE-2015-5523

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

4.3CVSS6.3AI score0.04271EPSS

CVE•added 2015/05/13 11:0 a.m.•75 views

CVE-2015-3072

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE...

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/07/03 1:59 a.m.•75 views

CVE-2015-3668

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, ...

6.8CVSS5.2AI score0.03642EPSS

CVE•added 2015/09/18 12:0 p.m.•74 views

CVE-2015-5896

The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5903.

7.2CVSS6AI score0.02023EPSS

CVE•added 2015/10/09 5:59 a.m.•74 views

CVE-2015-5922

Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors.

10CVSS8.5AI score0.01986EPSS

CVE•added 2015/03/18 10:59 p.m.•73 views

CVE-2015-1069

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS8.8AI score0.00872EPSS

CVE•added 2015/01/18 6:59 p.m.•72 views

CVE-2015-0973

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.

8.8CVSS7.3AI score0.02533EPSS

CVE•added 2015/05/13 10:59 a.m.•72 views

CVE-2015-3048

Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unknown vectors.

10CVSS7.7AI score0.11897EPSS

CVE•added 2015/05/13 11:0 a.m.•72 views

CVE-2015-3073

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•71 views

CVE-2015-3066

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/07/03 1:59 a.m.•71 views

CVE-2015-3687

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3688, and CVE-2015-3689.

6.8CVSS5.1AI score0.02635EPSS

CVE•added 2015/10/09 5:59 a.m.•70 views

CVE-2015-5889

rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.

7.2CVSS6.7AI score0.127EPSS

CVE•added 2015/04/10 2:59 p.m.•69 views

CVE-2015-1096

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

1.9CVSS4.7AI score0.00074EPSS

CVE•added 2015/07/03 1:59 a.m.•69 views

CVE-2015-3666

6.8CVSS5.2AI score0.03642EPSS

CVE•added 2015/05/28 1:59 a.m.•68 views

CVE-2015-1157

CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2...

7.8CVSS3.8AI score0.03098EPSS

CVE•added 2015/05/13 10:59 a.m.•68 views

CVE-2015-3055

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3059, and CVE-2015-3075.

7.5CVSS7.4AI score0.06245EPSS

CVE•added 2015/05/13 11:0 a.m.•68 views

CVE-2015-3074

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/07/03 1:59 a.m.•68 views

CVE-2015-3661

6.8CVSS5.2AI score0.03642EPSS

CVE•added 2015/07/03 1:59 a.m.•68 views

CVE-2015-3686

6.8CVSS5.1AI score0.02635EPSS

CVE•added 2015/03/12 10:59 a.m.•66 views

CVE-2015-1065

Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.

5.4CVSS7.1AI score0.00231EPSS

CVE•added 2015/04/10 2:59 p.m.•66 views

CVE-2015-1117

The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted...

6.9CVSS6.6AI score0.00126EPSS

CVE•added 2015/02/12 4:59 p.m.•66 views

CVE-2015-1546

Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.

5CVSS6.3AI score0.10383EPSS

CVE•added 2015/05/13 10:59 a.m.•66 views

CVE-2015-3047

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors.

5CVSS6.3AI score0.03993EPSS

CVE•added 2015/05/13 10:59 a.m.•66 views

CVE-2015-3051

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE...

10CVSS7.6AI score0.10445EPSS

CVE•added 2015/04/10 2:59 p.m.•65 views

CVE-2015-1100

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app.

5.4CVSS6.1AI score0.00252EPSS

CVE•added 2015/04/10 2:59 p.m.•64 views

CVE-2015-1099

Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.

4CVSS6AI score0.00072EPSS

CVE•added 2015/05/13 10:59 a.m.•64 views

CVE-2015-3050

10CVSS7.6AI score0.10445EPSS

CVE•added 2015/05/13 10:59 a.m.•64 views

CVE-2015-3062

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•64 views

CVE-2015-3070

10CVSS7.6AI score0.10445EPSS

CVE•added 2015/09/18 12:0 p.m.•64 views

CVE-2015-5903

10CVSS6AI score0.02023EPSS

CVE•added 2015/04/10 2:59 p.m.•63 views

CVE-2015-1132

fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.

10CVSS6.6AI score0.01099EPSS

CVE•added 2015/05/13 10:59 a.m.•63 views

CVE-2015-3061

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE...

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 10:59 a.m.•63 views

CVE-2015-3064

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•63 views

CVE-2015-3071

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/07/03 1:59 a.m.•63 views

CVE-2015-3667

6.8CVSS5.2AI score0.03642EPSS

CVE•added 2015/07/03 1:59 a.m.•63 views

CVE-2015-3688

6.8CVSS5.1AI score0.02635EPSS

CVE•added 2015/08/16 11:59 p.m.•63 views

CVE-2015-3772

IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3771.

7.2CVSS8.2AI score0.00053EPSS

CVE•added 2015/10/23 10:59 a.m.•63 views

CVE-2015-6992

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.

7.5CVSS7.4AI score0.02129EPSS

CVE•added 2015/08/16 11:59 p.m.•62 views

CVE-2013-7422

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regula...

7.5CVSS7.7AI score0.00836EPSS

CVE•added 2015/05/13 10:59 a.m.•62 views

CVE-2015-3053

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3054, CVE-2015-3055, CVE-2015-3059, and CVE-2015-3075.

10CVSS7.4AI score0.06245EPSS

CVE•added 2015/05/13 11:0 a.m.•62 views

CVE-2015-3068

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•62 views

CVE-2015-3069

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•62 views

CVE-2015-3075

10CVSS7.4AI score0.06245EPSS

CVE•added 2015/07/03 1:59 a.m.•62 views

CVE-2015-3696

Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.

7.2CVSS4.1AI score0.0014EPSS

CVE•added 2015/10/23 9:59 p.m.•62 views

CVE-2015-5935

ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5936, CVE-2015-5937, and CVE-2015-5939.

6.8CVSS9.1AI score0.02828EPSS

CVE•added 2015/10/23 9:59 p.m.•62 views

CVE-2015-6976

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7...

6.8CVSS7.4AI score0.03768EPSS

CVE•added 2015/04/10 2:59 p.m.•61 views

CVE-2015-1140

Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors.

7.2CVSS6.6AI score0.00888EPSS

CVE•added 2015/05/13 10:59 a.m.•61 views

CVE-2015-3058

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors.

5CVSS5.9AI score0.05648EPSS

Total number of security vulnerabilities439