Lucene search

K
AppleMac Os X

3225 matches found

CVE
CVE
added 2014/10/18 1:55 a.m.41 views

CVE-2014-4435

The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots.

4.4CVSS8.1AI score0.00061EPSS
CVE
CVE
added 2014/11/18 11:59 a.m.41 views

CVE-2014-4458

The "System Profiler About This Mac" component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors.

5CVSS5.5AI score0.0056EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.41 views

CVE-2014-4497

Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app.

10CVSS4.7AI score0.01099EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.41 views

CVE-2014-8836

The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app.

10CVSS4.7AI score0.01199EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.41 views

CVE-2015-1138

Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors.

4.9CVSS6.2AI score0.00045EPSS
CVE
CVE
added 2015/07/03 1:59 a.m.41 views

CVE-2015-3682

Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3680, and CVE-2015-3681.

6.8CVSS5.2AI score0.02022EPSS
CVE
CVE
added 2015/08/17 12:0 a.m.41 views

CVE-2015-3806

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.

7.2CVSS7.5AI score0.00052EPSS
CVE
CVE
added 2015/08/17 12:1 a.m.41 views

CVE-2015-5778

CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.

6.8CVSS8.7AI score0.01866EPSS
CVE
CVE
added 2015/10/09 5:59 a.m.41 views

CVE-2015-5870

The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors.

2.1CVSS5AI score0.00082EPSS
CVE
CVE
added 2015/10/23 9:59 p.m.41 views

CVE-2015-6984

libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack.

8.8CVSS6.4AI score0.00351EPSS
CVE
CVE
added 2016/01/11 11:59 a.m.41 views

CVE-2015-7024

Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature.

6.9CVSS5.8AI score0.00062EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.41 views

CVE-2015-7052

kext tools in Apple OS X before 10.11.2 mishandles kernel-extension loading, which allows local users to gain privileges via unspecified vectors.

7.2CVSS7.7AI score0.00047EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.41 views

CVE-2015-7076

The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.

7.2CVSS7.8AI score0.00047EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.41 views

CVE-2015-7094

CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.

2.6CVSS7.7AI score0.00336EPSS
CVE
CVE
added 2015/12/11 12:0 p.m.41 views

CVE-2015-7107

QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.

6.8CVSS8.8AI score0.02388EPSS
CVE
CVE
added 2015/12/11 12:0 p.m.41 views

CVE-2015-7108

The Bluetooth HCI interface in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2CVSS7.9AI score0.00243EPSS
CVE
CVE
added 2016/03/24 1:59 a.m.41 views

CVE-2016-1745

IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

5.5CVSS4.8AI score0.00048EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.41 views

CVE-2016-1811

ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

6.5CVSS6AI score0.01746EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.41 views

CVE-2016-1812

Buffer overflow in Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS7.9AI score0.00515EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.41 views

CVE-2016-1822

IOFireWireFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8AI score0.00423EPSS
CVE
CVE
added 2016/06/19 8:59 p.m.41 views

CVE-2016-1862

Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860.

4.3CVSS3.6AI score0.00166EPSS
CVE
CVE
added 2016/07/22 3:0 a.m.41 views

CVE-2016-4645

CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.

3.3CVSS4.9AI score0.00102EPSS
CVE
CVE
added 2016/07/22 3:0 a.m.41 views

CVE-2016-4649

Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

5.5CVSS6.1AI score0.00132EPSS
CVE
CVE
added 2016/07/22 3:0 a.m.41 views

CVE-2016-4652

CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors.

6.3CVSS6.6AI score0.00139EPSS
CVE
CVE
added 2016/09/25 10:59 a.m.41 views

CVE-2016-4748

Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable.

5.3CVSS5.9AI score0.00058EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.41 views

CVE-2016-7580

An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted URL.

6.5CVSS6.4AI score0.00331EPSS
CVE
CVE
added 2017/05/22 5:29 a.m.41 views

CVE-2017-2534

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks via a crafted app.

8.6CVSS6.8AI score0.00217EPSS
CVE
CVE
added 2017/05/22 5:29 a.m.41 views

CVE-2017-2546

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.1AI score0.00247EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.41 views

CVE-2018-4434

An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2.

7.1CVSS6.2AI score0.00044EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.41 views

CVE-2018-4461

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.

9.3CVSS7.2AI score0.00185EPSS
CVE
CVE
added 2003/11/03 5:0 a.m.40 views

CVE-2003-0878

slpd daemon in Mac OS X before 10.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2003-0875.

2.1CVSS6.8AI score0.00242EPSS
CVE
CVE
added 2004/03/29 5:0 a.m.40 views

CVE-2003-1007

AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed requests, with unknown impact.

5CVSS6.2AI score0.00503EPSS
CVE
CVE
added 2004/03/03 5:0 a.m.40 views

CVE-2004-0086

Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085.

5CVSS7.6AI score0.00384EPSS
CVE
CVE
added 2005/01/27 5:0 a.m.40 views

CVE-2004-0923

CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords.

2.1CVSS5.7AI score0.00121EPSS
CVE
CVE
added 2005/01/27 5:0 a.m.40 views

CVE-2004-0927

ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions.

5CVSS6.7AI score0.00186EPSS
CVE
CVE
added 2005/05/12 4:0 a.m.40 views

CVE-2005-0969

Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via crafted parameters.

4.6CVSS7.7AI score0.00069EPSS
CVE
CVE
added 2005/05/12 4:0 a.m.40 views

CVE-2005-0972

Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters.

7.2CVSS7.5AI score0.0006EPSS
CVE
CVE
added 2005/05/04 4:0 a.m.40 views

CVE-2005-1336

Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable.

4.6CVSS7.5AI score0.00084EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.40 views

CVE-2005-2504

The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.

7.2CVSS9.4AI score0.00069EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.40 views

CVE-2005-2514

Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code.

7.5CVSS9.3AI score0.00987EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.40 views

CVE-2005-2518

Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.

7.5CVSS9.9AI score0.02992EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.40 views

CVE-2005-2523

Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3CVSS8AI score0.0046EPSS
CVE
CVE
added 2006/03/02 7:0 p.m.40 views

CVE-2005-2714

passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file.

6.8CVSS6.3AI score0.00025EPSS
CVE
CVE
added 2006/08/03 1:4 a.m.40 views

CVE-2006-0392

Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image.

5.1CVSS7.4AI score0.00747EPSS
CVE
CVE
added 2006/04/05 10:4 a.m.40 views

CVE-2006-0401

Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors.

4.6CVSS6.5AI score0.00081EPSS
CVE
CVE
added 2006/05/12 9:2 p.m.40 views

CVE-2006-1439

NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not re-enable secure event input under certain circumstances, which could allow other applications in the window session to monitor input characters and keyboard events.

2.1CVSS6.2AI score0.00097EPSS
CVE
CVE
added 2006/08/02 4:4 p.m.40 views

CVE-2006-1472

Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results.

5CVSS6AI score0.00387EPSS
CVE
CVE
added 2006/04/21 10:2 p.m.40 views

CVE-2006-1982

Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images.

7.5CVSS8.1AI score0.44857EPSS
CVE
CVE
added 2006/08/02 4:4 p.m.40 views

CVE-2006-3496

AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition.

5CVSS6.2AI score0.01903EPSS
CVE
CVE
added 2006/08/03 1:4 a.m.40 views

CVE-2006-3500

The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that leads to use of "dangerous paths," probably related to an untrusted search path vulnerability.

7.2CVSS7AI score0.00066EPSS
Total number of security vulnerabilities3225