Lucene search

K
AppleMac Os X

3225 matches found

CVE
CVE
added 2007/01/18 2:28 a.m.40 views

CVE-2007-0345

The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local ad...

6.8CVSS6.6AI score0.00029EPSS
CVE
CVE
added 2007/01/23 2:28 a.m.40 views

CVE-2007-0430

The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value.

4.9CVSS5.7AI score0.00147EPSS
CVE
CVE
added 2007/01/31 2:28 a.m.40 views

CVE-2007-0467

crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.

6.2CVSS7.4AI score0.00124EPSS
CVE
CVE
added 2007/04/24 5:19 p.m.40 views

CVE-2007-0737

The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not properly check certain environment variables, which allows local users to gain privileges via unspecified vectors.

4.6CVSS6AI score0.00074EPSS
CVE
CVE
added 2007/11/15 2:46 a.m.40 views

CVE-2007-4701

WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.

2.1CVSS6.7AI score0.00073EPSS
CVE
CVE
added 2007/11/15 8:46 p.m.40 views

CVE-2007-4702

The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.

9.3CVSS6.1AI score0.00665EPSS
CVE
CVE
added 2007/12/19 9:46 p.m.40 views

CVE-2007-5851

iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.

3.6CVSS8.5AI score0.00237EPSS
CVE
CVE
added 2007/12/19 9:46 p.m.40 views

CVE-2007-5857

Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack.

6.4CVSS8.4AI score0.00587EPSS
CVE
CVE
added 2008/03/18 10:44 p.m.40 views

CVE-2008-0051

Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data.

6.9CVSS8.8AI score0.00058EPSS
CVE
CVE
added 2008/03/18 11:44 p.m.40 views

CVE-2008-0058

Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.

5.8CVSS9.1AI score0.04862EPSS
CVE
CVE
added 2008/03/18 11:44 p.m.40 views

CVE-2008-0992

Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.

5.8CVSS9AI score0.01263EPSS
CVE
CVE
added 2008/06/02 9:30 p.m.40 views

CVE-2008-1574

Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow.

9.3CVSS7.8AI score0.06438EPSS
CVE
CVE
added 2008/06/02 9:30 p.m.40 views

CVE-2008-1578

The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.

2.1CVSS5.1AI score0.00065EPSS
CVE
CVE
added 2008/09/16 11:0 p.m.40 views

CVE-2008-2305

Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."

9.3CVSS6.9AI score0.0871EPSS
CVE
CVE
added 2008/09/16 11:0 p.m.40 views

CVE-2008-3613

Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network.

6.1CVSS6.1AI score0.00295EPSS
CVE
CVE
added 2008/10/10 10:30 a.m.40 views

CVE-2008-4214

Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files.

4.6CVSS6.1AI score0.00069EPSS
CVE
CVE
added 2008/12/17 1:30 a.m.40 views

CVE-2008-4221

The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation.

10CVSS7.4AI score0.0089EPSS
CVE
CVE
added 2008/12/17 1:30 a.m.40 views

CVE-2008-4237

Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting.

10CVSS5.9AI score0.00524EPSS
CVE
CVE
added 2008/10/01 3:38 p.m.40 views

CVE-2008-4368

The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE.

5CVSS6.2AI score0.00262EPSS
CVE
CVE
added 2009/08/06 3:30 p.m.40 views

CVE-2009-0151

The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors.

7.2CVSS6AI score0.00055EPSS
CVE
CVE
added 2009/06/05 4:0 p.m.40 views

CVE-2009-1717

Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow.

6.8CVSS8AI score0.02622EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.40 views

CVE-2009-2819

AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors.

9.3CVSS7.9AI score0.00729EPSS
CVE
CVE
added 2010/03/30 6:30 p.m.40 views

CVE-2010-0500

Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue."

7.8CVSS8.3AI score0.00428EPSS
CVE
CVE
added 2011/03/23 2:0 a.m.40 views

CVE-2011-0172

AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162.

4.9CVSS5.7AI score0.01975EPSS
CVE
CVE
added 2011/06/24 8:55 p.m.40 views

CVE-2011-0198

Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font.

6.8CVSS6.4AI score0.11351EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.40 views

CVE-2011-0229

Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access.

6.8CVSS8.3AI score0.01825EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.40 views

CVE-2011-3227

libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-m...

6.8CVSS8.5AI score0.0063EPSS
CVE
CVE
added 2012/02/02 6:55 p.m.40 views

CVE-2011-3450

CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL.

6.8CVSS6.9AI score0.00867EPSS
CVE
CVE
added 2013/02/23 9:55 p.m.40 views

CVE-2013-0886

Google Chrome before 25.0.1364.99 on Mac OS X does not properly implement signal handling for Native Client (aka NaCl) code, which has unspecified impact and attack vectors.

7.5CVSS6.3AI score0.00195EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.40 views

CVE-2013-5174

Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation.

4.9CVSS5.7AI score0.00138EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.40 views

CVE-2013-5188

The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the hibernating state.

4CVSS6.2AI score0.00131EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.40 views

CVE-2013-5190

Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the revocation-check procedure.

4.3CVSS6.3AI score0.00366EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.40 views

CVE-2013-5191

The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions.

2.1CVSS5.3AI score0.00131EPSS
CVE
CVE
added 2014/10/18 1:55 a.m.40 views

CVE-2014-4351

Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file.

6.8CVSS9.2AI score0.03213EPSS
CVE
CVE
added 2014/10/18 1:55 a.m.40 views

CVE-2014-4417

Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification.

5CVSS7.9AI score0.00818EPSS
CVE
CVE
added 2014/10/18 1:55 a.m.40 views

CVE-2014-4438

Race condition in LoginWindow in Apple OS X before 10.10 allows physically proximate attackers to obtain access by leveraging an unattended workstation on which screen locking had been attempted.

6.9CVSS8.2AI score0.00041EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.40 views

CVE-2014-8833

SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query.

2.1CVSS3.3AI score0.00051EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.40 views

CVE-2014-8839

Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image's URL.

5CVSS3.6AI score0.0048EPSS
CVE
CVE
added 2015/07/03 1:59 a.m.40 views

CVE-2015-3706

IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3705.

9.3CVSS5AI score0.01126EPSS
CVE
CVE
added 2015/08/16 11:59 p.m.40 views

CVE-2015-3775

Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors.

7.2CVSS7.6AI score0.00043EPSS
CVE
CVE
added 2015/08/17 12:0 a.m.40 views

CVE-2015-3795

libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.

9.3CVSS8.3AI score0.01575EPSS
CVE
CVE
added 2015/08/17 12:0 a.m.40 views

CVE-2015-5768

AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

4.3CVSS7.6AI score0.003EPSS
CVE
CVE
added 2015/08/17 12:1 a.m.40 views

CVE-2015-5784

runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS8.6AI score0.28238EPSS
CVE
CVE
added 2015/10/09 5:59 a.m.40 views

CVE-2015-5891

The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2CVSS6.1AI score0.00053EPSS
CVE
CVE
added 2015/10/23 9:59 p.m.40 views

CVE-2015-5924

The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

6.8CVSS7.4AI score0.01866EPSS
CVE
CVE
added 2016/03/24 1:59 a.m.40 views

CVE-2016-1737

Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file.

6.8CVSS6.4AI score0.00741EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.40 views

CVE-2016-1821

IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

9.3CVSS8AI score0.01757EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.40 views

CVE-2016-1823

The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDRe...

9.3CVSS7.6AI score0.05778EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.40 views

CVE-2016-1831

The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.5AI score0.00402EPSS
CVE
CVE
added 2016/05/20 11:0 a.m.40 views

CVE-2016-1853

Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support.

7.5CVSS7AI score0.0073EPSS
Total number of security vulnerabilities3225