Lucene search

K
AppleMac Os X

3225 matches found

CVE
CVE
added 2004/03/03 5:0 a.m.36 views

CVE-2004-0085

Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086.

5CVSS7.6AI score0.00384EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.36 views

CVE-2005-2526

CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.

5CVSS9AI score0.00739EPSS
CVE
CVE
added 2006/03/02 7:6 p.m.36 views

CVE-2006-0384

automount in Mac OS X 10.4.5 and earlier allows remote file servers to cause a denial of service (unresponsiveness) or execute arbitrary code via unspecified vectors that cause automount to "mount file systems with reserved names".

7.5CVSS7.8AI score0.01873EPSS
CVE
CVE
added 2006/05/24 1:2 a.m.36 views

CVE-2006-1466

Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service.

4CVSS6.7AI score0.00678EPSS
CVE
CVE
added 2006/11/30 4:28 p.m.36 views

CVE-2006-4398

Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests.

7.2CVSS7.1AI score0.00096EPSS
CVE
CVE
added 2006/12/05 11:28 a.m.36 views

CVE-2006-6292

Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, MacBook, and MacBook Pro with Core Duo hardware allows remote attackers to cause a denial of service (out-of-bounds memory access and kernel panic) and have possibly other security-related impact via certain beacon frames.

5.7CVSS6.5AI score0.00927EPSS
CVE
CVE
added 2007/04/24 5:19 p.m.36 views

CVE-2007-0741

Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets.

7.5CVSS7.6AI score0.04389EPSS
CVE
CVE
added 2007/04/24 5:19 p.m.36 views

CVE-2007-0742

The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information.

7.8CVSS5.9AI score0.0049EPSS
CVE
CVE
added 2007/04/24 5:19 p.m.36 views

CVE-2007-0743

URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may allow local users to obtain sensitive information by listing the process.

4.9CVSS5.7AI score0.00071EPSS
CVE
CVE
added 2008/03/18 10:44 p.m.36 views

CVE-2008-0049

AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications.

1.9CVSS8.6AI score0.00193EPSS
CVE
CVE
added 2008/07/01 6:41 p.m.36 views

CVE-2008-2313

Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory.

4.6CVSS6AI score0.00052EPSS
CVE
CVE
added 2008/09/16 11:0 p.m.36 views

CVE-2008-3616

Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions.

10CVSS6.9AI score0.01065EPSS
CVE
CVE
added 2010/03/30 6:30 p.m.36 views

CVE-2010-0062

Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an incorrect buffer length calc...

6.8CVSS9.4AI score0.03588EPSS
CVE
CVE
added 2010/03/30 6:30 p.m.36 views

CVE-2010-0512

The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials.

9.3CVSS8.2AI score0.00414EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.36 views

CVE-2011-3216

The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call.

2.1CVSS7.5AI score0.00058EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.36 views

CVE-2012-3720

Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers to determine passwords via unspecified access to a mobile account.

4.3CVSS6.4AI score0.00236EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.36 views

CVE-2013-5167

CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers.

5CVSS6.3AI score0.00351EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.36 views

CVE-2013-5173

The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers.

2.1CVSS5.9AI score0.00131EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.36 views

CVE-2013-5183

Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.

2.6CVSS5.9AI score0.00443EPSS
CVE
CVE
added 2014/07/01 10:17 a.m.36 views

CVE-2014-1380

The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke observers, which allows physically proximate attackers to bypass the screen-lock protection mechanism, and enter characters into an arbitrary window under the lock window, via keyboard input.

2.6CVSS6.2AI score0.00067EPSS
CVE
CVE
added 2014/10/18 1:55 a.m.36 views

CVE-2014-4430

CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount.

4.7CVSS8AI score0.00041EPSS
CVE
CVE
added 2014/10/18 1:55 a.m.36 views

CVE-2014-4431

Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation.

2.1CVSS8.2AI score0.00073EPSS
CVE
CVE
added 2014/10/18 1:55 a.m.36 views

CVE-2014-4443

Apple OS X before 10.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted ASN.1 data.

7.8CVSS8.1AI score0.00977EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.36 views

CVE-2014-8823

The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument.

4.7CVSS3.5AI score0.00064EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.36 views

CVE-2014-8824

The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

10CVSS4.2AI score0.00982EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.36 views

CVE-2016-1798

Audio in Apple OS X before 10.11.5 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.

4.3CVSS5.3AI score0.00327EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.36 views

CVE-2016-1816

IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

9.3CVSS8AI score0.0036EPSS
CVE
CVE
added 2016/07/22 3:0 a.m.36 views

CVE-2016-4647

Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file.

7.8CVSS7.3AI score0.00108EPSS
CVE
CVE
added 2016/09/25 10:59 a.m.36 views

CVE-2016-4745

The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack.

5.3CVSS6.3AI score0.00503EPSS
CVE
CVE
added 2004/03/03 5:0 a.m.35 views

CVE-2004-0092

Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.

10CVSS7.5AI score0.00467EPSS
CVE
CVE
added 2005/03/02 5:0 a.m.35 views

CVE-2004-0429

Unknown vulnerability related to "the handling of large requests" in RAdmin for Apple Mac OS X 10.3.3 and Mac OS X 10.2.8 may allow attackers to have unknown impact via unknown attack vectors.

10CVSS6.6AI score0.0064EPSS
CVE
CVE
added 2006/08/05 1:0 a.m.35 views

CVE-2005-2194

Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing.

5CVSS6.2AI score0.00552EPSS
CVE
CVE
added 2006/08/21 7:4 p.m.35 views

CVE-2006-3506

Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to "processing a path name."

4.6CVSS7.5AI score0.00176EPSS
CVE
CVE
added 2006/11/30 4:28 p.m.35 views

CVE-2006-4404

The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges.

10CVSS6.1AI score0.00545EPSS
CVE
CVE
added 2006/11/30 4:28 p.m.35 views

CVE-2006-4411

The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors.

7.2CVSS6AI score0.00048EPSS
CVE
CVE
added 2007/05/24 10:30 p.m.35 views

CVE-2007-0740

Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display files with the same name in mounted disk images that have the same name, which might allow user-assisted attackers to trick a user into executing malicious files.

6.8CVSS7AI score0.00664EPSS
CVE
CVE
added 2007/11/15 1:46 a.m.35 views

CVE-2007-4680

CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.

6.8CVSS6.8AI score0.01065EPSS
CVE
CVE
added 2007/12/19 9:46 p.m.35 views

CVE-2007-5861

Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer.

6.8CVSS9.2AI score0.00751EPSS
CVE
CVE
added 2008/02/12 8:0 p.m.35 views

CVE-2008-0038

Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application.

1.9CVSS6.1AI score0.00073EPSS
CVE
CVE
added 2008/06/02 9:30 p.m.35 views

CVE-2008-1027

Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.

4.3CVSS6.2AI score0.00524EPSS
CVE
CVE
added 2008/08/01 2:41 p.m.35 views

CVE-2008-3438

Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

8.1CVSS7.9AI score0.0043EPSS
CVE
CVE
added 2008/09/16 11:0 p.m.35 views

CVE-2008-3610

Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account fro...

7.6CVSS6.5AI score0.00261EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.35 views

CVE-2009-0161

The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate.

6.4CVSS6.8AI score0.00181EPSS
CVE
CVE
added 2011/06/30 3:55 p.m.35 views

CVE-2011-2601

The GPU support functionality in Mac OS X does not properly restrict rendering time, which allows remote attackers to cause a denial of service (desktop hang) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to...

7.1CVSS6.6AI score0.00431EPSS
CVE
CVE
added 2013/06/05 2:39 p.m.35 views

CVE-2013-3952

The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle.

2.1CVSS5.8AI score0.00133EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.35 views

CVE-2013-5169

CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.

1.9CVSS5.4AI score0.00131EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.35 views

CVE-2013-5175

The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file.

6.6CVSS5.7AI score0.00138EPSS
CVE
CVE
added 2014/10/18 1:55 a.m.35 views

CVE-2014-4425

CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation.

4.6CVSS8.4AI score0.00061EPSS
CVE
CVE
added 2014/10/18 1:55 a.m.35 views

CVE-2014-4441

NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled.

6.8CVSS8.2AI score0.00666EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.35 views

CVE-2015-7063

The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname.

7.2CVSS7.6AI score0.00047EPSS
Total number of security vulnerabilities3225