Mac Os X@* Security Vulnerabilities and Issues — Page 23 of Mac Os X@* CVE List

Lucene search

AppleMac Os X*

2420 matches found

CVE•added 2017/10/23 1:29 a.m.•66 views

CVE-2017-7150

An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "Security" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click.

5.5CVSS5.2AI score0.00069EPSS

CVE•added 2017/12/27 5:8 p.m.•66 views

CVE-2017-7159

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.4AI score0.00229EPSS

CVE•added 2019/04/03 6:29 p.m.•66 views

CVE-2018-4324

A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. This issue affected versions prior to macOS Mojave 10.14.

5.5CVSS5.5AI score0.00146EPSS

CVE•added 2019/04/03 6:29 p.m.•66 views

CVE-2018-4336

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

9.3CVSS7.9AI score0.00185EPSS

CVE•added 2019/04/03 6:29 p.m.•66 views

CVE-2018-4427

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to: iOS 12.1, watchOS 5.1.2, tvOS 12.1.1, macOS High Sierra 10.13.6 Security Update 2018-003 High Sierra, macOS Sierra 10.12.6 Security Update 2018-006.

9.3CVSS7.2AI score0.00185EPSS

CVE•added 2019/03/05 4:29 p.m.•66 views

CVE-2019-6211

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.2AI score0.00643EPSS

CVE•added 2019/12/18 6:15 p.m.•66 views

CVE-2019-6239

This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojave 10.14.4. A malicious application may bypass Gatekeeper checks.

7.8CVSS7.2AI score0.0005EPSS

CVE•added 2019/12/18 6:15 p.m.•66 views

CVE-2019-8520

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to read restricted memory.

5.5CVSS5.7AI score0.0006EPSS

CVE•added 2019/12/18 6:15 p.m.•66 views

CVE-2019-8606

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mojave 10.14.5. A local user may be able to load unsigned kernel extensions.

7CVSS5.8AI score0.00098EPSS

CVE•added 2020/12/08 8:15 p.m.•66 views

CVE-2020-10003

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.

7.8CVSS6.4AI score0.00288EPSS

CVE•added 2020/04/01 7:15 p.m.•66 views

CVE-2020-3849

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

9.8CVSS9.1AI score0.00857EPSS

CVE•added 2020/06/09 5:15 p.m.•66 views

CVE-2020-9788

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.5. A file may be incorrectly rendered to execute JavaScript.

9.3CVSS6.8AI score0.00179EPSS

CVE•added 2020/06/09 5:15 p.m.•66 views

CVE-2020-9793

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause arbitrary code execution.

9.3CVSS7.6AI score0.01193EPSS

CVE•added 2020/10/22 6:15 p.m.•66 views

CVE-2020-9828

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to leak sensitive user information.

7.5CVSS6.5AI score0.00281EPSS

CVE•added 2020/10/22 6:15 p.m.•66 views

CVE-2020-9881

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

7.8CVSS8.3AI score0.01044EPSS

CVE•added 2020/10/22 7:15 p.m.•66 views

CVE-2020-9902

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to determine kernel memory layout.

7.1CVSS5.5AI score0.00328EPSS

CVE•added 2021/09/08 2:15 p.m.•66 views

CVE-2021-30772

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to gain root privileges.

9.3CVSS7.5AI score0.00345EPSS

CVE•added 2021/08/24 7:15 p.m.•66 views

CVE-2021-30972

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-001 Catalina, macOS Big Sur 11.6.3. A malicious application may be able to bypass certain Privacy preferences.

5.5CVSS5.6AI score0.00055EPSS

CVE•added 2010/03/30 5:30 p.m.•65 views

CVE-2010-0533

Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors.

7.5CVSS8.3AI score0.00241EPSS

CVE•added 2014/11/18 11:59 a.m.•65 views

CVE-2014-4459

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.

6.8CVSS7.1AI score0.02966EPSS

CVE•added 2015/04/10 2:59 p.m.•65 views

CVE-2015-1099

Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.

4CVSS6AI score0.00072EPSS

CVE•added 2015/05/13 10:59 a.m.•65 views

CVE-2015-3050

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3051, CVE...

10CVSS7.6AI score0.10445EPSS

CVE•added 2015/05/13 11:0 a.m.•65 views

CVE-2015-3068

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE...

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•65 views

CVE-2015-3069

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/08/16 11:59 p.m.•65 views

CVE-2015-3772

IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3771.

7.2CVSS8.2AI score0.00053EPSS

CVE•added 2015/09/18 12:0 p.m.•65 views

CVE-2015-5903

The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896.

10CVSS6AI score0.02023EPSS

CVE•added 2016/06/26 1:59 a.m.•65 views

CVE-2015-7987

Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.

9.8CVSS9.3AI score0.03085EPSS

CVE•added 2016/03/24 1:59 a.m.•65 views

CVE-2016-1758

The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.

4.3CVSS4.4AI score0.00276EPSS

CVE•added 2017/02/20 8:59 a.m.•65 views

CVE-2016-4688

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute ar...

8.8CVSS7.6AI score0.01334EPSS

CVE•added 2016/09/25 10:59 a.m.•65 views

CVE-2016-4712

CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.

9.3CVSS8.4AI score0.00263EPSS

CVE•added 2016/09/25 11:0 a.m.•65 views

CVE-2016-4772

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.

7.5CVSS7.2AI score0.03175EPSS

CVE•added 2016/09/25 11:0 a.m.•65 views

CVE-2016-4776

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774.

7.1CVSS6.8AI score0.00196EPSS

CVE•added 2017/02/20 8:59 a.m.•65 views

CVE-2016-7620

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOSurface" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

3.3CVSS3.3AI score0.00144EPSS

CVE•added 2017/11/13 3:29 a.m.•65 views

CVE-2017-13841

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

5.5CVSS5.6AI score0.00197EPSS

CVE•added 2017/04/02 1:59 a.m.•65 views

CVE-2017-2458

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Keyboards" component. A buffer overflow allows attackers to execute arbitrary code in a privileged ...

9.3CVSS7.9AI score0.00701EPSS

CVE•added 2017/04/02 1:59 a.m.•65 views

CVE-2017-2467

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of servi...

7.8CVSS8.6AI score0.00808EPSS

CVE•added 2017/07/20 4:29 p.m.•65 views

CVE-2017-7068

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial...

8.8CVSS8.5AI score0.01802EPSS

CVE•added 2017/10/23 1:29 a.m.•65 views

CVE-2017-7127

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. iCloud before 7.0 on Windows is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "SQLite" component. It allows attackers to execute arbitrary code ...

9.3CVSS8.1AI score0.00172EPSS

CVE•added 2018/04/03 6:29 a.m.•65 views

CVE-2018-4089

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of ...

8.8CVSS7.5AI score0.02333EPSS

CVE•added 2018/06/08 6:29 p.m.•65 views

CVE-2018-4141

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

5.5CVSS5.5AI score0.00197EPSS

CVE•added 2018/04/03 6:29 a.m.•65 views

CVE-2018-4174

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface.

5.9CVSS5.5AI score0.00846EPSS

CVE•added 2019/04/03 6:29 p.m.•65 views

CVE-2018-4248

An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.

7.5CVSS5.8AI score0.02821EPSS

CVE•added 2019/04/03 6:29 p.m.•65 views

CVE-2018-4410

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.1.

9.3CVSS6.9AI score0.00171EPSS

CVE•added 2019/04/03 6:29 p.m.•65 views

CVE-2018-4422

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.

9.3CVSS7.2AI score0.00387EPSS

CVE•added 2019/12/18 6:15 p.m.•65 views

CVE-2019-8508

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges.

7.8CVSS8.2AI score0.00118EPSS

CVE•added 2019/12/18 6:15 p.m.•65 views

CVE-2019-8510

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

5.5CVSS5.3AI score0.00068EPSS

CVE•added 2020/10/27 8:15 p.m.•65 views

CVE-2019-8631

A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state.

7.5CVSS6.6AI score0.00289EPSS

CVE•added 2021/04/02 6:15 p.m.•65 views

CVE-2020-27922

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted font file may lead to a...

7.8CVSS7.7AI score0.00482EPSS

CVE•added 2020/04/01 7:15 p.m.•65 views

CVE-2020-3847

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory.

10CVSS7.9AI score0.01337EPSS

CVE•added 2020/04/01 7:15 p.m.•65 views

CVE-2020-3850

9.8CVSS9.1AI score0.0118EPSS

Total number of security vulnerabilities2420