Lucene search

K
AppleMac Os X

3225 matches found

CVE
CVE
added 2010/09/29 5:0 p.m.38 views

CVE-2010-2530

Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2)...

4.9CVSS6.1AI score0.00047EPSS
CVE
CVE
added 2011/01/10 8:0 p.m.38 views

CVE-2010-4013

Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scripts.

6.8CVSS7.4AI score0.00717EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.38 views

CVE-2012-3718

Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.

2.1CVSS5.8AI score0.00061EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.38 views

CVE-2013-5178

LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence.

5CVSS5.8AI score0.00351EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.38 views

CVE-2013-5189

Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security configuration after the compl...

5.8CVSS6.2AI score0.0017EPSS
CVE
CVE
added 2014/10/05 10:55 a.m.38 views

CVE-2014-7861

The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site.

9.3CVSS5.1AI score0.02604EPSS
CVE
CVE
added 2015/08/17 12:0 a.m.38 views

CVE-2015-5772

Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file.

6.8CVSS9.1AI score0.02529EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.38 views

CVE-2016-1843

The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors.

7.5CVSS6.8AI score0.0073EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.38 views

CVE-2016-1844

The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors.

5.3CVSS5.8AI score0.00447EPSS
CVE
CVE
added 2016/09/25 10:59 a.m.38 views

CVE-2016-4706

cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors.

5.5CVSS6AI score0.00136EPSS
CVE
CVE
added 2016/09/25 10:59 a.m.38 views

CVE-2016-4715

The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app.

4.3CVSS5.1AI score0.00327EPSS
CVE
CVE
added 2017/05/22 5:29 a.m.38 views

CVE-2017-2543

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.7AI score0.00247EPSS
CVE
CVE
added 2004/03/03 5:0 a.m.37 views

CVE-2004-0087

The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088.

2.1CVSS7.3AI score0.00087EPSS
CVE
CVE
added 2005/03/02 5:0 a.m.37 views

CVE-2004-0428

Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact.

5CVSS7.3AI score0.00666EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.37 views

CVE-2004-1089

Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users.

4.6CVSS8.2AI score0.00093EPSS
CVE
CVE
added 2005/05/04 4:0 a.m.37 views

CVE-2005-1335

Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain privileges via (1) chfn, (2) chpass, and (3) chsh, which "use external helper programs in an insecure manner."

7.2CVSS6.6AI score0.00082EPSS
CVE
CVE
added 2005/06/09 4:0 a.m.37 views

CVE-2005-1472

Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories.

2.1CVSS6AI score0.00048EPSS
CVE
CVE
added 2006/08/05 1:0 a.m.37 views

CVE-2005-1726

The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users with console access to gain privileges by "launching commands into root sessions."

4.6CVSS6.8AI score0.00074EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.37 views

CVE-2005-2520

The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords.

2.1CVSS9.5AI score0.00078EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.37 views

CVE-2005-2521

Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to execute arbitrary code via unknown vectors.

4.6CVSS9.3AI score0.00096EPSS
CVE
CVE
added 2005/11/01 12:47 p.m.37 views

CVE-2005-2749

Unspecified vulnerability in the Finder Get Info window for Mac OS X 10.4 up to 10.4.2 causes Finder to misrepresent file and group ownership information. NOTE: it is not clear whether this issue satisfies the CVE definition of a vulnerability.

2.1CVSS6.5AI score0.00083EPSS
CVE
CVE
added 2005/12/01 2:7 a.m.37 views

CVE-2005-3704

System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL).

5CVSS6.7AI score0.00647EPSS
CVE
CVE
added 2006/05/19 10:0 p.m.37 views

CVE-2005-3782

Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequenc...

2.1CVSS6.8AI score0.00068EPSS
CVE
CVE
added 2006/05/12 9:2 p.m.37 views

CVE-2006-1443

Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving conversions from string to file system representation within (1) CFStringGetFileSystemRepresentation or (2) getFileSystemRepresentat...

6.5CVSS7.3AI score0.00694EPSS
CVE
CVE
added 2006/05/12 9:2 p.m.37 views

CVE-2006-1455

QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference.

7.8CVSS6.2AI score0.01382EPSS
CVE
CVE
added 2007/01/08 8:0 p.m.37 views

CVE-2006-6906

Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900.

7.2CVSS6.3AI score0.00334EPSS
CVE
CVE
added 2007/12/06 2:46 a.m.37 views

CVE-2007-6261

Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary.

4.9CVSS5.9AI score0.00146EPSS
CVE
CVE
added 2008/02/12 8:0 p.m.37 views

CVE-2008-0037

X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server.

4.3CVSS6.1AI score0.00306EPSS
CVE
CVE
added 2008/03/18 11:44 p.m.37 views

CVE-2008-0989

Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.

6.9CVSS8.7AI score0.00066EPSS
CVE
CVE
added 2008/03/18 11:44 p.m.37 views

CVE-2008-0996

The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.

1.7CVSS8.1AI score0.00059EPSS
CVE
CVE
added 2008/03/18 11:44 p.m.37 views

CVE-2008-0998

Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.

6.9CVSS8.5AI score0.00057EPSS
CVE
CVE
added 2008/06/02 9:30 p.m.37 views

CVE-2008-1031

CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable.

9.3CVSS7.4AI score0.03194EPSS
CVE
CVE
added 2008/09/16 11:0 p.m.37 views

CVE-2008-3611

Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new pa...

6.3CVSS6.4AI score0.00055EPSS
CVE
CVE
added 2008/09/26 4:21 p.m.37 views

CVE-2008-3637

The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue."

9.3CVSS8.6AI score0.12476EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.37 views

CVE-2009-0145

CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption.

6.8CVSS7.7AI score0.053EPSS
CVE
CVE
added 2010/08/25 8:0 p.m.37 views

CVE-2010-1800

CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses.

5CVSS7.8AI score0.00297EPSS
CVE
CVE
added 2020/02/20 3:15 p.m.37 views

CVE-2012-5366

The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.

7.8CVSS6.7AI score0.00941EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.37 views

CVE-2013-5165

socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured.

6.4CVSS6.2AI score0.00154EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.37 views

CVE-2013-5182

Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message.

5CVSS6.2AI score0.00345EPSS
CVE
CVE
added 2014/10/18 1:55 a.m.37 views

CVE-2014-4427

App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API.

7.5CVSS8.3AI score0.00463EPSS
CVE
CVE
added 2014/10/18 1:55 a.m.37 views

CVE-2014-4432

fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement.

4.7CVSS8.2AI score0.00041EPSS
CVE
CVE
added 2014/10/18 1:55 a.m.37 views

CVE-2014-4436

IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application.

4.3CVSS7.8AI score0.00449EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.37 views

CVE-2014-8816

CoreGraphics in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PDF document.

6.8CVSS5.3AI score0.01581EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.37 views

CVE-2014-8828

Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path.

7.5CVSS3.4AI score0.0036EPSS
CVE
CVE
added 2015/08/17 12:0 a.m.37 views

CVE-2015-5763

ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2CVSS8AI score0.00056EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.37 views

CVE-2016-1797

Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app.

9.3CVSS7.4AI score0.00143EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.37 views

CVE-2016-1799

Audio in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8AI score0.00363EPSS
CVE
CVE
added 2016/07/22 2:59 a.m.37 views

CVE-2016-4599

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop document.

7.8CVSS8.6AI score0.00676EPSS
CVE
CVE
added 2016/07/22 3:0 a.m.37 views

CVE-2016-4640

Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.1AI score0.00307EPSS
CVE
CVE
added 2016/09/25 10:59 a.m.37 views

CVE-2016-4752

The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation.

5.5CVSS6.1AI score0.00254EPSS
Total number of security vulnerabilities3225