Mac Os X Security Vulnerabilities and Issues — Page 3 of Mac Os X CVE List

Lucene search

AppleMac Os X

439 matches found

CVE•added 2015/07/03 1:59 a.m.•61 views

CVE-2015-3658

The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypa...

6.8CVSS7.6AI score0.00273EPSS

CVE•added 2015/09/18 12:0 p.m.•61 views

CVE-2015-5874

CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

7.5CVSS7.4AI score0.03213EPSS

CVE•added 2015/10/23 9:59 p.m.•61 views

CVE-2015-5925

The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926.

6.8CVSS7.5AI score0.01866EPSS

CVE•added 2015/10/23 10:59 a.m.•61 views

CVE-2015-6975

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.

7.5CVSS9AI score0.02129EPSS

CVE•added 2015/03/12 10:59 a.m.•60 views

CVE-2015-1061

IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.

9.3CVSS6.8AI score0.05405EPSS

CVE•added 2015/04/10 2:59 p.m.•60 views

CVE-2015-1105

The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.

5CVSS6.2AI score0.06234EPSS

CVE•added 2015/05/13 10:59 a.m.•60 views

CVE-2015-3046

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE...

10CVSS7.6AI score0.10445EPSS

CVE•added 2015/05/13 11:0 a.m.•60 views

CVE-2015-3065

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE...

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•60 views

CVE-2015-3067

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/07/03 1:59 a.m.•60 views

CVE-2015-3701

Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, and CVE-2015-3702.

7.2CVSS4.1AI score0.0014EPSS

CVE•added 2015/07/03 2:0 a.m.•60 views

CVE-2015-3719

TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694.

6.8CVSS5.2AI score0.01404EPSS

CVE•added 2015/08/17 12:0 a.m.•60 views

CVE-2015-5761

CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.

6.8CVSS8.7AI score0.0281EPSS

CVE•added 2015/09/18 12:0 p.m.•60 views

CVE-2015-5868

The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903.

7.2CVSS6AI score0.02023EPSS

CVE•added 2015/10/23 9:59 p.m.•60 views

CVE-2015-7010

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6...

6.8CVSS7.4AI score0.03768EPSS

CVE•added 2015/01/30 11:59 a.m.•59 views

CVE-2014-8819

The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8820 and CVE-2014-8821.

7.2CVSS3.5AI score0.00055EPSS

CVE•added 2015/01/30 11:59 a.m.•59 views

CVE-2014-8826

LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive.

5CVSS3.6AI score0.21692EPSS

CVE•added 2015/05/13 10:59 a.m.•59 views

CVE-2015-3049

10CVSS7.6AI score0.10445EPSS

CVE•added 2015/05/13 10:59 a.m.•59 views

CVE-2015-3056

10CVSS7.6AI score0.10445EPSS

CVE•added 2015/05/13 10:59 a.m.•59 views

CVE-2015-3063

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•59 views

CVE-2015-3076

10CVSS7.6AI score0.10445EPSS

CVE•added 2015/07/03 1:59 a.m.•59 views

CVE-2015-3679

Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3680, CVE-2015-3681, and CVE-2015-3682.

6.8CVSS5.2AI score0.02022EPSS

CVE•added 2015/07/03 1:59 a.m.•59 views

CVE-2015-3702

7.2CVSS4.1AI score0.0014EPSS

CVE•added 2015/10/23 9:59 p.m.•59 views

CVE-2015-5939

ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5937.

6.8CVSS7.5AI score0.02828EPSS

CVE•added 2015/10/23 9:59 p.m.•59 views

CVE-2015-5944

CoreText in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

6.8CVSS8.9AI score0.01158EPSS

CVE•added 2015/10/23 9:59 p.m.•59 views

CVE-2015-7009

6.8CVSS7.4AI score0.03768EPSS

CVE•added 2015/12/11 11:59 a.m.•59 views

CVE-2015-7043

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7042.

4.3CVSS7.6AI score0.01078EPSS

CVE•added 2015/12/11 11:59 a.m.•59 views

CVE-2015-7083

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7084.

7.2CVSS7.9AI score0.00335EPSS

CVE•added 2015/04/10 2:59 p.m.•58 views

CVE-2015-1101

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

6.9CVSS7AI score0.00071EPSS

CVE•added 2015/07/03 1:59 a.m.•58 views

CVE-2015-3685

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689.

6.8CVSS5.1AI score0.02635EPSS

CVE•added 2015/07/03 1:59 a.m.•58 views

CVE-2015-3700

7.2CVSS4.1AI score0.0014EPSS

CVE•added 2015/08/17 12:0 a.m.•58 views

CVE-2015-5756

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775.

6.8CVSS8.7AI score0.02102EPSS

CVE•added 2015/09/18 12:0 p.m.•58 views

CVE-2015-5912

The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.

5CVSS5.8AI score0.00524EPSS

CVE•added 2015/10/23 9:59 p.m.•58 views

CVE-2015-5936

6.8CVSS7.5AI score0.02828EPSS

CVE•added 2015/10/23 9:59 p.m.•58 views

CVE-2015-5937

6.8CVSS7.5AI score0.02828EPSS

CVE•added 2015/10/23 9:59 p.m.•58 views

CVE-2015-5938

ImageIO in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image.

6.8CVSS9.1AI score0.01237EPSS

CVE•added 2015/10/23 9:59 p.m.•58 views

CVE-2015-5942

FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5927.

6.8CVSS7.4AI score0.01866EPSS

CVE•added 2015/10/23 9:59 p.m.•58 views

CVE-2015-6989

Grand Central Dispatch in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted package that is mishandled during dispatch calls.

6.8CVSS8.8AI score0.00996EPSS

CVE•added 2015/10/23 10:59 a.m.•58 views

CVE-2015-7017

7.5CVSS9AI score0.02129EPSS

CVE•added 2015/12/11 11:59 a.m.•58 views

CVE-2015-7040

4.3CVSS7.6AI score0.01078EPSS

CVE•added 2015/12/11 11:59 a.m.•58 views

CVE-2015-7084

7.2CVSS7.9AI score0.00335EPSS

CVE•added 2015/04/10 2:59 p.m.•57 views

CVE-2015-1089

CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

5CVSS6.3AI score0.00498EPSS

CVE•added 2015/04/10 2:59 p.m.•57 views

CVE-2015-1104

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.

5CVSS6AI score0.01373EPSS

CVE•added 2015/04/10 2:59 p.m.•57 views

CVE-2015-1133

fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135.

7.2CVSS6.6AI score0.01099EPSS

CVE•added 2015/04/10 2:59 p.m.•57 views

CVE-2015-1136

Use-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code by leveraging improper use of a mutex.

6.8CVSS7.2AI score0.02114EPSS

CVE•added 2015/04/10 2:59 p.m.•57 views

CVE-2015-1145

The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146.

1.9CVSS6.3AI score0.00073EPSS

CVE•added 2015/05/13 10:59 a.m.•57 views

CVE-2015-3059

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, and CVE-2015-3075.

10CVSS7.4AI score0.06245EPSS

CVE•added 2015/08/17 12:0 a.m.•57 views

CVE-2015-3796

The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3797 and CVE-2015-3...

7.5CVSS8.6AI score0.22389EPSS

CVE•added 2015/08/17 12:0 a.m.•57 views

CVE-2015-5776

Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.

7.5CVSS8.8AI score0.03016EPSS

CVE•added 2015/10/23 9:59 p.m.•57 views

CVE-2015-5926

6.8CVSS7.5AI score0.01866EPSS

CVE•added 2015/10/23 9:59 p.m.•57 views

CVE-2015-6978

6.8CVSS7.4AI score0.03768EPSS

Total number of security vulnerabilities439