Lucene search

K
AppleMac Os X

3225 matches found

CVE
CVE
added 2016/07/22 2:59 a.m.40 views

CVE-2016-4601

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SGI image.

8.8CVSS9AI score0.00836EPSS
CVE
CVE
added 2016/07/22 2:59 a.m.40 views

CVE-2016-4629

ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image.

10CVSS9.3AI score0.11075EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.40 views

CVE-2018-4091

An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Sandbox" component. It allows bypass of a sandbox protection mechanism.

10CVSS8AI score0.01887EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.40 views

CVE-2018-4093

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a craf...

5.5CVSS5.4AI score0.0027EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.40 views

CVE-2018-4138

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

5.5CVSS5.6AI score0.00249EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.40 views

CVE-2018-4152

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Notes" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

7.6CVSS7.3AI score0.00148EPSS
CVE
CVE
added 2018/06/08 6:29 p.m.40 views

CVE-2018-4219

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "ATS" component. It allows attackers to gain privileges via a crafted app that leverages type confusion.

7.8CVSS6.6AI score0.00189EPSS
CVE
CVE
added 2020/10/22 6:15 p.m.40 views

CVE-2020-9853

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to determine kernel memory layout.

7.8CVSS6.8AI score0.00347EPSS
CVE
CVE
added 2020/10/22 7:15 p.m.40 views

CVE-2020-9924

A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may be able to cause a denial of service.

7.5CVSS7.2AI score0.00598EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.39 views

CVE-2003-1005

The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences.

5CVSS6.7AI score0.00763EPSS
CVE
CVE
added 2004/03/03 5:0 a.m.39 views

CVE-2004-0088

The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087.

2.1CVSS7.3AI score0.00087EPSS
CVE
CVE
added 2004/05/04 4:0 a.m.39 views

CVE-2004-0382

Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 and Mac OS X 10.2.8 with unknown impact, possibly related to a configuration file setting.

7.2CVSS7AI score0.00073EPSS
CVE
CVE
added 2004/05/04 4:0 a.m.39 views

CVE-2004-0383

Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unknown impact, related to "the handling of HTML-formatted email."

7.2CVSS7AI score0.00073EPSS
CVE
CVE
added 2004/08/18 4:0 a.m.39 views

CVE-2004-0514

Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups."

7.2CVSS6.5AI score0.00057EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.39 views

CVE-2004-1084

Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.

5CVSS8AI score0.00518EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.39 views

CVE-2004-1123

Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte.

5CVSS9.2AI score0.00786EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.39 views

CVE-2005-0712

Mac OS X before 10.3.8 users world-writable permissions for certain directories, which may allow local users to gain privileges, possibly via the receipt cache or ColorSync profiles.

4.6CVSS9.2AI score0.00044EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.39 views

CVE-2005-0975

Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafted mach-o header.

2.1CVSS6.2AI score0.00099EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.39 views

CVE-2005-2505

Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via command line arguments to an application that uses CoreFoundation.

7.5CVSS9.9AI score0.0092EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.39 views

CVE-2005-2509

Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.

2.1CVSS9.4AI score0.00076EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.39 views

CVE-2005-2511

Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window.

10CVSS9.7AI score0.00397EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.39 views

CVE-2005-2519

slpd in Directory Services in Mac OS X 10.3.9 creates insecure temporary files as root, which allows local users to gain privileges.

7.2CVSS9AI score0.0004EPSS
CVE
CVE
added 2005/10/26 12:2 a.m.39 views

CVE-2005-2746

Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages.

5CVSS6.2AI score0.0032EPSS
CVE
CVE
added 2005/11/01 12:47 p.m.39 views

CVE-2005-2751

memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group.

2.1CVSS6.6AI score0.00093EPSS
CVE
CVE
added 2006/02/14 10:6 p.m.39 views

CVE-2006-0382

Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call.

2.1CVSS5.9AI score0.00066EPSS
CVE
CVE
added 2006/05/12 9:2 p.m.39 views

CVE-2006-1445

Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 and 10.4.6 allows remote authenticated users to execute arbitrary code via vectors related to "FTP server path name handling."

6.5CVSS7.2AI score0.02924EPSS
CVE
CVE
added 2006/09/21 9:7 p.m.39 views

CVE-2006-3508

Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates.

7.2CVSS7.7AI score0.00195EPSS
CVE
CVE
added 2006/11/30 4:28 p.m.39 views

CVE-2006-4396

The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack.

4.6CVSS6.1AI score0.00089EPSS
CVE
CVE
added 2006/11/30 4:28 p.m.39 views

CVE-2006-4401

Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI.

5.1CVSS7.4AI score0.02895EPSS
CVE
CVE
added 2006/11/30 4:28 p.m.39 views

CVE-2006-4406

Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors.

7.5CVSS7.6AI score0.21031EPSS
CVE
CVE
added 2007/01/31 1:28 a.m.39 views

CVE-2007-0465

Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename.

7.6CVSS7.3AI score0.35132EPSS
CVE
CVE
added 2007/04/24 4:19 p.m.39 views

CVE-2007-0725

Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitrary code by "sending malformed control commands."

7.2CVSS7.2AI score0.00085EPSS
CVE
CVE
added 2007/03/13 10:19 p.m.39 views

CVE-2007-0731

Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.

9.3CVSS8.1AI score0.04502EPSS
CVE
CVE
added 2007/04/24 5:19 p.m.39 views

CVE-2007-0736

Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap.

9.3CVSS7.6AI score0.18668EPSS
CVE
CVE
added 2007/11/15 1:46 a.m.39 views

CVE-2007-4697

Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.

6.8CVSS7.5AI score0.02383EPSS
CVE
CVE
added 2007/12/19 9:46 p.m.39 views

CVE-2007-5855

Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity.

6.4CVSS8.9AI score0.00483EPSS
CVE
CVE
added 2008/02/12 8:0 p.m.39 views

CVE-2008-0041

Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls.

5CVSS6AI score0.00404EPSS
CVE
CVE
added 2008/02/12 8:0 p.m.39 views

CVE-2008-0042

Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes.

6.8CVSS7.6AI score0.04013EPSS
CVE
CVE
added 2008/03/18 11:44 p.m.39 views

CVE-2008-0052

CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.

6.8CVSS8.5AI score0.01834EPSS
CVE
CVE
added 2008/03/18 11:44 p.m.39 views

CVE-2008-0059

Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic."

5.8CVSS9AI score0.00963EPSS
CVE
CVE
added 2008/06/02 9:30 p.m.39 views

CVE-2008-1028

Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit.

9.3CVSS7.4AI score0.06121EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.39 views

CVE-2008-1517

Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues.

7.2CVSS6.9AI score0.00064EPSS
CVE
CVE
added 2008/08/04 1:41 a.m.39 views

CVE-2008-2324

The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs.

4.6CVSS8.4AI score0.00047EPSS
CVE
CVE
added 2008/09/16 11:0 p.m.39 views

CVE-2008-2331

Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator.

5CVSS6AI score0.00208EPSS
CVE
CVE
added 2008/09/16 11:0 p.m.39 views

CVE-2008-3617

Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer.

5CVSS6.3AI score0.0032EPSS
CVE
CVE
added 2008/09/16 11:0 p.m.39 views

CVE-2008-3618

The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files for which sharing wa...

9CVSS6.3AI score0.006EPSS
CVE
CVE
added 2008/09/16 11:0 p.m.39 views

CVE-2008-3622

Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection."

4.3CVSS5.8AI score0.00453EPSS
CVE
CVE
added 2008/10/10 10:30 a.m.39 views

CVE-2008-3646

The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.

6.8CVSS6.4AI score0.00755EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.39 views

CVE-2009-0015

Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management."

4.9CVSS6.2AI score0.0007EPSS
CVE
CVE
added 2009/04/02 5:30 p.m.39 views

CVE-2009-1237

Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.

4.9CVSS6.2AI score0.00237EPSS
Total number of security vulnerabilities3225