Mac Os X@* Security Vulnerabilities and Issues — Page 24 of Mac Os X@* CVE List

Lucene search

AppleMac Os X*

2420 matches found

CVE•added 2016/01/12 7:59 p.m.•63 views

CVE-2015-8659

The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.

10CVSS7.2AI score0.02061EPSS

CVE•added 2016/09/25 11:0 a.m.•63 views

CVE-2016-4774

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776.

7.1CVSS6.8AI score0.00196EPSS

CVE•added 2017/02/20 8:59 a.m.•63 views

CVE-2016-7617

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (type confusion) via a crafted app.

9.3CVSS6.8AI score0.02663EPSS

CVE•added 2017/11/13 3:29 a.m.•63 views

CVE-2017-13810

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to obtain sensitive information by leveraging an error in packet counters.

5.5CVSS5.4AI score0.00059EPSS

CVE•added 2017/11/13 3:29 a.m.•63 views

CVE-2017-13813

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file.

7.8CVSS8.5AI score0.00636EPSS

CVE•added 2017/11/13 3:29 a.m.•63 views

CVE-2017-13841

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

5.5CVSS5.6AI score0.00197EPSS

CVE•added 2017/11/13 3:29 a.m.•63 views

CVE-2017-13846

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

10CVSS8.8AI score0.01839EPSS

CVE•added 2017/04/02 1:59 a.m.•63 views

CVE-2017-2390

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change arbitrary directory p...

5.5CVSS5.5AI score0.00086EPSS

CVE•added 2017/04/02 1:59 a.m.•63 views

CVE-2017-2489

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.

5.5CVSS5.2AI score0.01649EPSS

CVE•added 2017/10/23 1:29 a.m.•63 views

CVE-2017-7127

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. iCloud before 7.0 on Windows is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "SQLite" component. It allows attackers to execute arbitrary code ...

9.3CVSS8.1AI score0.00172EPSS

CVE•added 2017/11/13 3:29 a.m.•63 views

CVE-2017-7132

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted Office document.

7.8CVSS8.4AI score0.01103EPSS

CVE•added 2018/04/03 6:29 a.m.•63 views

CVE-2018-4131

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass the Secure Input Mode protection mechanism, and log keystrokes of arbitrary apps, via a crafted app that s...

7.8CVSS7AI score0.00224EPSS

CVE•added 2018/04/03 6:29 a.m.•63 views

CVE-2018-4174

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface.

5.9CVSS5.5AI score0.00846EPSS

CVE•added 2019/04/03 6:29 p.m.•63 views

CVE-2018-4389

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to macOS Mojave 10.14.1.

6.5CVSS6.3AI score0.00255EPSS

CVE•added 2020/10/27 8:15 p.m.•63 views

CVE-2018-4433

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of the ...

5.5CVSS5.7AI score0.00302EPSS

CVE•added 2020/10/27 8:15 p.m.•63 views

CVE-2019-8708

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. A local user may be able to check for the existence of arbitrary files.

5.5CVSS5.8AI score0.00061EPSS

CVE•added 2019/12/18 6:15 p.m.•63 views

CVE-2019-8772

An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF.

7.5CVSS7.5AI score0.00348EPSS

CVE•added 2020/12/08 8:15 p.m.•63 views

CVE-2020-10007

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to determine kernel memory layout.

5.5CVSS5.2AI score0.00159EPSS

CVE•added 2020/12/08 10:15 p.m.•63 views

CVE-2020-27896

A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to modify the file system.

5.5CVSS5.5AI score0.01021EPSS

CVE•added 2021/04/02 6:15 p.m.•63 views

CVE-2020-27922

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted font file may lead to a...

7.8CVSS7.7AI score0.00482EPSS

CVE•added 2020/04/01 7:15 p.m.•63 views

CVE-2020-3850

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

9.8CVSS9.1AI score0.0118EPSS

CVE•added 2020/10/22 6:15 p.m.•63 views

CVE-2020-3918

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may be able to view sensitive user information.

5.5CVSS5.3AI score0.00067EPSS

CVE•added 2020/10/22 7:15 p.m.•63 views

CVE-2020-9920

A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files.

9.1CVSS7.9AI score0.00698EPSS

CVE•added 2021/10/19 2:15 p.m.•63 views

CVE-2021-30829

A URI parsing issue was addressed with improved parsing. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to execute arbitrary files.

7.8CVSS7AI score0.00039EPSS

CVE•added 2021/08/24 7:15 p.m.•63 views

CVE-2021-30938

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A local user may be able to cause unexpected system termination or read kernel memory.

7.7CVSS6.8AI score0.0005EPSS

CVE•added 2013/06/05 2:39 p.m.•62 views

CVE-2013-3951

sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-gua...

4.6CVSS5.7AI score0.00061EPSS

CVE•added 2015/08/16 11:59 p.m.•62 views

CVE-2013-7422

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regula...

7.5CVSS7.7AI score0.00836EPSS

CVE•added 2014/09/18 10:55 a.m.•62 views

CVE-2014-4405

IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.

9.3CVSS8AI score0.01754EPSS

CVE•added 2015/05/13 10:59 a.m.•62 views

CVE-2015-3053

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3054, CVE-2015-3055, CVE-2015-3059, and CVE-2015-3075.

10CVSS7.4AI score0.06245EPSS

CVE•added 2015/05/13 11:0 a.m.•62 views

CVE-2015-3068

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE...

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•62 views

CVE-2015-3069

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/05/13 11:0 a.m.•62 views

CVE-2015-3075

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, and CVE-2015-3059.

10CVSS7.4AI score0.06245EPSS

CVE•added 2015/07/03 1:59 a.m.•62 views

CVE-2015-3696

Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.

7.2CVSS4.1AI score0.0014EPSS

CVE•added 2015/10/23 9:59 p.m.•62 views

CVE-2015-5935

ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5936, CVE-2015-5937, and CVE-2015-5939.

6.8CVSS9.1AI score0.02828EPSS

CVE•added 2015/10/23 9:59 p.m.•62 views

CVE-2015-6976

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7...

6.8CVSS7.4AI score0.03768EPSS

CVE•added 2016/07/22 2:59 a.m.•62 views

CVE-2016-1863

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.

7.8CVSS7.6AI score0.00268EPSS

CVE•added 2016/09/25 10:59 a.m.•62 views

CVE-2016-4726

IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.3AI score0.00262EPSS

CVE•added 2016/09/25 11:0 a.m.•62 views

CVE-2016-4778

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.2AI score0.00262EPSS

CVE•added 2017/11/13 3:29 a.m.•62 views

CVE-2017-13807

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted QuickTime file.

7.8CVSS8.3AI score0.00518EPSS

CVE•added 2017/04/02 1:59 a.m.•62 views

CVE-2017-2439

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial...

7.1CVSS6.8AI score0.00614EPSS

CVE•added 2017/10/23 1:29 a.m.•62 views

CVE-2017-7074

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "AppSandbox" component. It allows attackers to cause a denial of service via a crafted app.

5.5CVSS5.7AI score0.00183EPSS

CVE•added 2019/01/11 6:29 p.m.•62 views

CVE-2018-4189

In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling.

10CVSS8.6AI score0.00757EPSS

CVE•added 2019/04/03 6:29 p.m.•62 views

CVE-2018-4248

An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.

7.5CVSS5.8AI score0.02821EPSS

CVE•added 2019/04/03 6:29 p.m.•62 views

CVE-2018-4289

An information disclosure issue was addressed by removing the vulnerable code. This issue affected versions prior to macOS High Sierra 10.13.6.

7.1CVSS5.6AI score0.00216EPSS

CVE•added 2019/04/03 6:29 p.m.•62 views

CVE-2018-4403

This issue was addressed by removing additional entitlements. This issue affected versions prior to macOS Mojave 10.14.1.

5.5CVSS6.3AI score0.00226EPSS

CVE•added 2019/12/18 6:15 p.m.•62 views

CVE-2019-8522

A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4. An encrypted volume may be unmounted and remounted by a different user without prompting for the password.

5.5CVSS5.9AI score0.00107EPSS

CVE•added 2019/12/18 6:15 p.m.•62 views

CVE-2019-8555

A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to execute arbitrary code with kernel privileges.

9.3CVSS8AI score0.00465EPSS

CVE•added 2019/12/18 6:15 p.m.•62 views

CVE-2019-8590

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.3AI score0.00404EPSS

CVE•added 2019/12/18 6:15 p.m.•62 views

CVE-2019-8603

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5. An application may be able to read restricted memory.

8.8CVSS6.4AI score0.00441EPSS

CVE•added 2021/12/23 8:15 p.m.•62 views

CVE-2019-8703

This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.

9.8CVSS7.9AI score0.00868EPSS

Total number of security vulnerabilities2420