Mac Os X@* Security Vulnerabilities and Issues — Page 24 of Mac Os X@* CVE List

Lucene search

AppleMac Os X*

2420 matches found

CVE•added 2020/10/27 9:15 p.m.•65 views

CVE-2020-3851

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application m...

7.8CVSS7.4AI score0.00195EPSS

CVE•added 2020/06/09 4:15 p.m.•65 views

CVE-2020-3882

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. Importing a maliciously crafted calendar invitation may exfiltrate user information.

6.5CVSS5.9AI score0.00627EPSS

CVE•added 2020/10/22 6:15 p.m.•65 views

CVE-2020-9892

Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges.

9.3CVSS8.3AI score0.00428EPSS

CVE•added 2020/10/22 6:15 p.m.•65 views

CVE-2020-9898

This issue was addressed with improved entitlements. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A sandboxed process may be able to circumvent sandbox restrictions.

9.8CVSS7.7AI score0.00451EPSS

CVE•added 2021/09/08 2:15 p.m.•65 views

CVE-2021-30731

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina. An unprivileged application may be able to capture USB devices.

5.5CVSS5.9AI score0.00259EPSS

CVE•added 2021/09/08 2:15 p.m.•65 views

CVE-2021-30790

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution...

7.8CVSS8.1AI score0.0097EPSS

CVE•added 2021/10/19 2:15 p.m.•65 views

CVE-2021-30829

A URI parsing issue was addressed with improved parsing. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to execute arbitrary files.

7.8CVSS7AI score0.00039EPSS

CVE•added 2021/08/24 7:15 p.m.•65 views

CVE-2021-30950

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks.

5.5CVSS5.7AI score0.00282EPSS

CVE•added 2008/03/19 10:44 a.m.•64 views

CVE-2008-0063

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

7.5CVSS8.6AI score0.04745EPSS

CVE•added 2009/11/10 7:30 p.m.•64 views

CVE-2009-2823

The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.

4.3CVSS5.9AI score0.0032EPSS

CVE•added 2015/08/16 11:59 p.m.•64 views

CVE-2013-7422

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regula...

7.5CVSS7.7AI score0.00836EPSS

CVE•added 2015/04/10 2:59 p.m.•64 views

CVE-2015-1132

fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.

10CVSS6.6AI score0.01099EPSS

CVE•added 2015/04/10 2:59 p.m.•64 views

CVE-2015-1140

Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors.

7.2CVSS6.6AI score0.00888EPSS

CVE•added 2015/05/13 10:59 a.m.•64 views

CVE-2015-3053

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3054, CVE-2015-3055, CVE-2015-3059, and CVE-2015-3075.

10CVSS7.4AI score0.06245EPSS

CVE•added 2015/07/03 1:59 a.m.•64 views

CVE-2015-3667

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, ...

6.8CVSS5.2AI score0.03642EPSS

CVE•added 2015/07/03 1:59 a.m.•64 views

CVE-2015-3688

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689.

6.8CVSS5.1AI score0.02635EPSS

CVE•added 2015/07/03 1:59 a.m.•64 views

CVE-2015-3696

Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.

7.2CVSS4.1AI score0.0014EPSS

CVE•added 2015/10/23 10:59 a.m.•64 views

CVE-2015-6992

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.

7.5CVSS7.4AI score0.02129EPSS

CVE•added 2016/01/12 7:59 p.m.•64 views

CVE-2015-8659

The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.

10CVSS7.2AI score0.02186EPSS

CVE•added 2016/07/22 2:59 a.m.•64 views

CVE-2016-4607

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors...

9.8CVSS9.2AI score

CVE•added 2016/09/25 11:0 a.m.•64 views

CVE-2016-4774

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776.

7.1CVSS6.8AI score0.00196EPSS

CVE•added 2017/02/20 8:59 a.m.•64 views

CVE-2016-7617

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (type confusion) via a crafted app.

9.3CVSS6.8AI score0.02663EPSS

CVE•added 2017/11/13 3:29 a.m.•64 views

CVE-2017-13810

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to obtain sensitive information by leveraging an error in packet counters.

5.5CVSS5.4AI score0.00059EPSS

CVE•added 2017/11/13 3:29 a.m.•64 views

CVE-2017-13813

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file.

7.8CVSS8.5AI score0.00636EPSS

CVE•added 2017/11/13 3:29 a.m.•64 views

CVE-2017-13846

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

10CVSS8.8AI score0.01839EPSS

CVE•added 2017/04/02 1:59 a.m.•64 views

CVE-2017-2390

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change arbitrary directory p...

5.5CVSS5.5AI score0.00086EPSS

CVE•added 2017/04/02 1:59 a.m.•64 views

CVE-2017-2489

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.

5.5CVSS5.2AI score0.01649EPSS

CVE•added 2017/11/13 3:29 a.m.•64 views

CVE-2017-7132

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted Office document.

7.8CVSS8.4AI score0.01103EPSS

CVE•added 2018/04/03 6:29 a.m.•64 views

CVE-2018-4131

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass the Secure Input Mode protection mechanism, and log keystrokes of arbitrary apps, via a crafted app that s...

7.8CVSS7AI score0.00224EPSS

CVE•added 2019/04/03 6:29 p.m.•64 views

CVE-2018-4343

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

9.3CVSS7.9AI score0.03814EPSS

CVE•added 2019/04/03 6:29 p.m.•64 views

CVE-2018-4389

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to macOS Mojave 10.14.1.

6.5CVSS6.3AI score0.00255EPSS

CVE•added 2020/10/27 8:15 p.m.•64 views

CVE-2018-4433

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of the ...

5.5CVSS5.7AI score0.00302EPSS

CVE•added 2019/12/18 6:15 p.m.•64 views

CVE-2019-8561

A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to elevate privileges.

7.8CVSS7.1AI score0.53EPSS

CVE•added 2021/12/23 8:15 p.m.•64 views

CVE-2019-8703

This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.

9.8CVSS7.9AI score0.00868EPSS

CVE•added 2020/10/27 8:15 p.m.•64 views

CVE-2019-8708

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. A local user may be able to check for the existence of arbitrary files.

5.5CVSS5.8AI score0.00061EPSS

CVE•added 2019/12/18 6:15 p.m.•64 views

CVE-2019-8772

An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF.

7.5CVSS7.5AI score0.00348EPSS

CVE•added 2020/12/08 8:15 p.m.•64 views

CVE-2020-10007

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to determine kernel memory layout.

5.5CVSS5.2AI score0.00159EPSS

CVE•added 2020/12/08 10:15 p.m.•64 views

CVE-2020-27896

A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to modify the file system.

5.5CVSS5.5AI score0.01021EPSS

CVE•added 2021/04/02 6:15 p.m.•64 views

CVE-2020-27949

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace.

5.5CVSS5.1AI score0.00215EPSS

CVE•added 2020/10/22 6:15 p.m.•64 views

CVE-2020-3918

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may be able to view sensitive user information.

5.5CVSS5.3AI score0.00067EPSS

CVE•added 2020/10/22 7:15 p.m.•64 views

CVE-2020-9920

A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files.

9.1CVSS7.9AI score0.00698EPSS

CVE•added 2021/08/24 7:15 p.m.•64 views

CVE-2021-30938

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A local user may be able to cause unexpected system termination or read kernel memory.

7.7CVSS6.8AI score0.0005EPSS

CVE•added 2005/07/18 4:0 a.m.•63 views

CVE-2005-1689

Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.

9.8CVSS9.7AI score0.55203EPSS

CVE•added 2013/06/05 2:39 p.m.•63 views

CVE-2013-3951

sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-gua...

4.6CVSS5.7AI score0.00061EPSS

CVE•added 2014/09/18 10:55 a.m.•63 views

CVE-2014-4405

IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.

9.3CVSS8AI score0.01754EPSS

CVE•added 2015/05/13 10:59 a.m.•63 views

CVE-2015-3058

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors.

5CVSS5.9AI score0.0494EPSS

CVE•added 2015/05/13 11:0 a.m.•63 views

CVE-2015-3065

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE...

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•63 views

CVE-2015-3067

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•63 views

CVE-2015-3075

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, and CVE-2015-3059.

10CVSS7.4AI score0.06245EPSS

CVE•added 2015/07/03 1:59 a.m.•63 views

CVE-2015-3658

The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypa...

6.8CVSS7.6AI score0.00273EPSS

Total number of security vulnerabilities2420