Lucene search

K
AppleMac Os X

3225 matches found

CVE
CVE
added 2009/11/10 7:30 p.m.39 views

CVE-2009-2827

Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image.

6.8CVSS7.8AI score0.01901EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.39 views

CVE-2009-2838

Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow.

6.8CVSS7.8AI score0.01892EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.39 views

CVE-2009-2840

Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors.

4.9CVSS6.7AI score0.00057EPSS
CVE
CVE
added 2010/03/30 6:30 p.m.39 views

CVE-2010-0518

QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding.

6.8CVSS9.3AI score0.02057EPSS
CVE
CVE
added 2010/08/02 8:40 p.m.39 views

CVE-2010-1794

The webdav_mount function in webdav_vfsops.c in the WebDAV kernel extension (aka webdav_fs.kext) for Mac OS X 10.6 allows local users to cause a denial of service (panic) via a mount request with a large integer in the pa_socket_namelen field.

4.9CVSS6.2AI score0.0005EPSS
CVE
CVE
added 2011/06/24 8:55 p.m.39 views

CVE-2011-0199

The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.

5.9CVSS4.9AI score0.00173EPSS
CVE
CVE
added 2012/02/02 6:55 p.m.39 views

CVE-2011-3452

Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network.

4.3CVSS5.7AI score0.0038EPSS
CVE
CVE
added 2012/05/11 3:49 a.m.39 views

CVE-2012-0656

Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password.

6.9CVSS7.8AI score0.00039EPSS
CVE
CVE
added 2013/06/05 2:39 p.m.39 views

CVE-2013-3954

The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive in...

6.9CVSS5.8AI score0.00116EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.39 views

CVE-2013-5172

The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection.

7.1CVSS6AI score0.00525EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.39 views

CVE-2013-5184

The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area.

5.7CVSS6.2AI score0.00503EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.39 views

CVE-2013-5187

The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that shoul...

1.9CVSS5.5AI score0.00131EPSS
CVE
CVE
added 2014/07/01 10:17 a.m.39 views

CVE-2014-1377

Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application.

10CVSS7.1AI score0.01343EPSS
CVE
CVE
added 2014/07/01 10:17 a.m.39 views

CVE-2014-1381

Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted call.

10CVSS7.4AI score0.01329EPSS
CVE
CVE
added 2014/10/18 1:55 a.m.39 views

CVE-2014-4440

The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server.

2.6CVSS7.8AI score0.0084EPSS
CVE
CVE
added 2014/10/18 1:55 a.m.39 views

CVE-2014-4442

The kernel in Apple OS X before 10.10 allows local users to cause a denial of service (panic) via a message to a system control socket.

4.7CVSS7.2AI score0.00045EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.39 views

CVE-2014-8830

Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file.

6.8CVSS5.2AI score0.03594EPSS
CVE
CVE
added 2015/07/03 1:59 a.m.39 views

CVE-2015-3677

The LZVN compression feature in AppleFSCompression in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.

4.3CVSS3.1AI score0.003EPSS
CVE
CVE
added 2015/08/16 11:59 p.m.39 views

CVE-2015-3786

The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired devices via a crafted app.

4.3CVSS8.1AI score0.003EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.39 views

CVE-2015-7071

The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protection mechanism for app scoped bookmarks via a crafted pathname.

10CVSS8.1AI score0.00391EPSS
CVE
CVE
added 2016/03/24 1:59 a.m.39 views

CVE-2016-1773

The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.

3.3CVSS4AI score0.00054EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.39 views

CVE-2016-1793

AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

9.3CVSS8AI score0.02021EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.39 views

CVE-2016-1796

Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app.

4.3CVSS4.5AI score0.00333EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.39 views

CVE-2016-1810

The Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8AI score0.00363EPSS
CVE
CVE
added 2016/07/22 2:59 a.m.39 views

CVE-2016-4595

Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure.

4.6CVSS6AI score0.00147EPSS
CVE
CVE
added 2016/07/22 2:59 a.m.39 views

CVE-2016-4634

The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.8CVSS7.8AI score0.00151EPSS
CVE
CVE
added 2016/09/25 10:59 a.m.39 views

CVE-2016-4696

AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

9.3CVSS8.4AI score0.00215EPSS
CVE
CVE
added 2016/09/25 11:0 a.m.39 views

CVE-2016-4771

The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.

5.5CVSS5.7AI score0.00208EPSS
CVE
CVE
added 2024/10/28 10:15 p.m.39 views

CVE-2024-44145

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen.

6.1CVSS5AI score0.00033EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.38 views

CVE-2002-0676

SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.

7.5CVSS8AI score0.06424EPSS
CVE
CVE
added 2004/12/06 5:0 a.m.38 views

CVE-2004-0622

Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory.

2.1CVSS6AI score0.00115EPSS
CVE
CVE
added 2005/10/25 10:6 p.m.38 views

CVE-2005-2747

Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file.

7.5CVSS7.6AI score0.04651EPSS
CVE
CVE
added 2006/05/10 2:14 a.m.38 views

CVE-2006-2277

Multiple Apple Mac OS X 10.4 applications might allow context-dependent attackers to cause a denial of service (application crash) via a crafted OpenEXR (.exr) image file, which triggers the crash when opening a folder using Finder, displaying the image in Safari, or using Preview to open the file.

5CVSS6.1AI score0.09523EPSS
CVE
CVE
added 2006/09/19 7:7 p.m.38 views

CVE-2006-4866

Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument.

4.6CVSS7.6AI score0.00642EPSS
CVE
CVE
added 2006/11/27 12:7 a.m.38 views

CVE-2006-6127

Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent.

2.1CVSS6.7AI score0.00516EPSS
CVE
CVE
added 2007/01/24 1:28 a.m.38 views

CVE-2007-0023

The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa application...

6.9CVSS5.9AI score0.00216EPSS
CVE
CVE
added 2007/11/15 1:46 a.m.38 views

CVE-2007-4679

CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands.

2.6CVSS7AI score0.0071EPSS
CVE
CVE
added 2007/12/18 8:46 p.m.38 views

CVE-2007-5862

Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.

9.4CVSS6.8AI score0.00207EPSS
CVE
CVE
added 2008/03/18 10:44 p.m.38 views

CVE-2008-0045

Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names.

7.1CVSS8.8AI score0.01187EPSS
CVE
CVE
added 2008/03/18 11:44 p.m.38 views

CVE-2008-0056

Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.

6.8CVSS9.2AI score0.0219EPSS
CVE
CVE
added 2008/03/18 11:44 p.m.38 views

CVE-2008-0995

The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods.

2.6CVSS8.6AI score0.00577EPSS
CVE
CVE
added 2008/03/18 10:44 p.m.38 views

CVE-2008-0997

Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printe...

6.8CVSS9.2AI score0.02724EPSS
CVE
CVE
added 2008/03/18 11:44 p.m.38 views

CVE-2008-0999

Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference.

7.1CVSS8.2AI score0.0092EPSS
CVE
CVE
added 2008/06/02 9:30 p.m.38 views

CVE-2008-1579

Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.

5CVSS5.4AI score0.00531EPSS
CVE
CVE
added 2008/07/01 6:41 p.m.38 views

CVE-2008-2311

Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.

7.6CVSS7.3AI score0.02888EPSS
CVE
CVE
added 2008/10/10 10:30 a.m.38 views

CVE-2008-3643

Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue."

7.8CVSS6.3AI score0.01028EPSS
CVE
CVE
added 2008/10/10 10:30 a.m.38 views

CVE-2008-4212

Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions.

10CVSS6.6AI score0.00803EPSS
CVE
CVE
added 2008/12/17 1:30 a.m.38 views

CVE-2008-4220

Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by Securit...

10CVSS7.6AI score0.0089EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.38 views

CVE-2009-0160

QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.

6.8CVSS7.7AI score0.01375EPSS
CVE
CVE
added 2010/08/25 8:0 p.m.38 views

CVE-2010-1802

libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perform comparisons to domain-name strings in X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a certificate associated with a similar domain name, as demonstrated by use of a www.example.con cert...

6.4CVSS8.1AI score0.00119EPSS
Total number of security vulnerabilities3225