Mac Os X@* Security Vulnerabilities and Issues — Page 25 of Mac Os X@* CVE List

Lucene search

AppleMac Os X*

2420 matches found

CVE•added 2015/10/23 9:59 p.m.•63 views

CVE-2015-5935

ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5936, CVE-2015-5937, and CVE-2015-5939.

6.8CVSS9.1AI score0.02828EPSS

CVE•added 2015/10/23 9:59 p.m.•63 views

CVE-2015-6976

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7...

6.8CVSS7.4AI score0.03768EPSS

CVE•added 2016/07/22 2:59 a.m.•63 views

CVE-2016-1863

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.

7.8CVSS7.6AI score0.00181EPSS

CVE•added 2016/09/25 10:59 a.m.•63 views

CVE-2016-4707

CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.

4CVSS5.1AI score0.00059EPSS

CVE•added 2016/09/25 10:59 a.m.•63 views

CVE-2016-4726

IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.3AI score0.00262EPSS

CVE•added 2016/09/25 11:0 a.m.•63 views

CVE-2016-4778

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.2AI score0.00262EPSS

CVE•added 2017/11/13 3:29 a.m.•63 views

CVE-2017-13807

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted QuickTime file.

7.8CVSS8.3AI score0.00518EPSS

CVE•added 2017/04/02 1:59 a.m.•63 views

CVE-2017-2439

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial...

7.1CVSS6.8AI score0.00614EPSS

CVE•added 2017/05/22 5:29 a.m.•63 views

CVE-2017-2541

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.1AI score0.00402EPSS

CVE•added 2017/10/23 1:29 a.m.•63 views

CVE-2017-7074

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "AppSandbox" component. It allows attackers to cause a denial of service via a crafted app.

5.5CVSS5.7AI score0.00183EPSS

CVE•added 2018/04/03 6:29 a.m.•63 views

CVE-2018-4094

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of s...

7.8CVSS8.6AI score0.00516EPSS

CVE•added 2019/01/11 6:29 p.m.•63 views

CVE-2018-4189

In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling.

10CVSS8.6AI score0.00757EPSS

CVE•added 2019/04/03 6:29 p.m.•63 views

CVE-2018-4289

An information disclosure issue was addressed by removing the vulnerable code. This issue affected versions prior to macOS High Sierra 10.13.6.

7.1CVSS5.6AI score0.00216EPSS

CVE•added 2019/04/03 6:29 p.m.•63 views

CVE-2018-4403

This issue was addressed by removing additional entitlements. This issue affected versions prior to macOS Mojave 10.14.1.

5.5CVSS6.3AI score0.00226EPSS

CVE•added 2019/12/18 6:15 p.m.•63 views

CVE-2019-8522

A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4. An encrypted volume may be unmounted and remounted by a different user without prompting for the password.

5.5CVSS5.9AI score0.00107EPSS

CVE•added 2019/12/18 6:15 p.m.•63 views

CVE-2019-8555

A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to execute arbitrary code with kernel privileges.

9.3CVSS8AI score0.00465EPSS

CVE•added 2019/12/18 6:15 p.m.•63 views

CVE-2019-8590

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.3AI score0.00404EPSS

CVE•added 2019/12/18 6:15 p.m.•63 views

CVE-2019-8603

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5. An application may be able to read restricted memory.

8.8CVSS6.4AI score0.00441EPSS

CVE•added 2019/12/18 6:15 p.m.•63 views

CVE-2019-8701

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges.

7.8CVSS7.9AI score0.00131EPSS

CVE•added 2020/10/27 8:15 p.m.•63 views

CVE-2019-8715

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. An application may be able to execute arbitrary code with system privileges.

9.3CVSS8.2AI score0.00257EPSS

CVE•added 2020/10/27 8:15 p.m.•63 views

CVE-2019-8753

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. Processing maliciously crafted web content may lead to a cross site scripting attack.

6.1CVSS6.1AI score0.00433EPSS

CVE•added 2020/12/08 8:15 p.m.•63 views

CVE-2020-10014

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to break out of its sandbox.

6.3CVSS5.8AI score0.00789EPSS

CVE•added 2020/02/27 9:15 p.m.•63 views

CVE-2020-3827

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. Viewing a maliciously crafted JPEG file may lead to arbitrary code execution.

9.3CVSS8.4AI score0.00374EPSS

CVE•added 2021/08/24 7:15 p.m.•63 views

CVE-2021-30935

A logic issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges.

8.8CVSS8AI score0.00517EPSS

CVE•added 2021/08/24 7:15 p.m.•63 views

CVE-2021-30982

A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A remote attacker may be able to cause unexpected application termination or heap corruption.

5.9CVSS6.1AI score0.00312EPSS

CVE•added 2011/03/23 2:0 a.m.•62 views

CVE-2011-0173

Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an Appl...

6.8CVSS6.8AI score0.00659EPSS

CVE•added 2014/09/18 10:55 a.m.•62 views

CVE-2014-4388

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-...

9.3CVSS7.5AI score0.00543EPSS

CVE•added 2014/12/10 9:59 p.m.•62 views

CVE-2014-8446

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE...

10CVSS7.6AI score0.27545EPSS

CVE•added 2014/12/10 9:59 p.m.•62 views

CVE-2014-9158

10CVSS7.6AI score0.27545EPSS

CVE•added 2015/03/12 10:59 a.m.•62 views

CVE-2015-1061

IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.

9.3CVSS6.8AI score0.05405EPSS

CVE•added 2015/05/13 10:59 a.m.•62 views

CVE-2015-3063

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3064, CVE-2015-3065, CVE...

10CVSS6.4AI score0.31105EPSS

CVE•added 2015/09/18 12:0 p.m.•62 views

CVE-2015-5874

CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

7.5CVSS7.4AI score0.03213EPSS

CVE•added 2015/10/23 9:59 p.m.•62 views

CVE-2015-5925

The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926.

6.8CVSS7.5AI score0.01866EPSS

CVE•added 2015/10/23 10:59 a.m.•62 views

CVE-2015-6975

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.

7.5CVSS9AI score0.02129EPSS

CVE•added 2016/06/26 1:59 a.m.•62 views

CVE-2015-7988

The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.

9.8CVSS9.7AI score0.01933EPSS

CVE•added 2016/03/24 1:59 a.m.•62 views

CVE-2016-1769

QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.

7.8CVSS6.7AI score0.04565EPSS

CVE•added 2016/07/22 2:59 a.m.•62 views

CVE-2016-4631

ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.

8.8CVSS8.9AI score0.0271EPSS

CVE•added 2017/02/20 8:59 a.m.•62 views

CVE-2016-4673

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial o...

7.8CVSS8.1AI score0.00732EPSS

CVE•added 2016/09/25 10:59 a.m.•62 views

CVE-2016-4725

IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site.

8.1CVSS7.7AI score0.01307EPSS

CVE•added 2017/11/13 3:29 a.m.•62 views

CVE-2017-13808

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Remote Management" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.2AI score0.00164EPSS

CVE•added 2017/12/25 9:29 p.m.•62 views

CVE-2017-13848

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS7AI score0.00176EPSS

CVE•added 2017/04/02 1:59 a.m.•62 views

CVE-2017-2403

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL.

8.8CVSS8.5AI score0.01022EPSS

CVE•added 2017/04/02 1:59 a.m.•62 views

CVE-2017-2426

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "iBooks" component. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file.

4.3CVSS4.5AI score0.00257EPSS

CVE•added 2017/04/02 1:59 a.m.•62 views

CVE-2017-2436

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.1AI score0.00183EPSS

CVE•added 2017/04/02 1:59 a.m.•62 views

CVE-2017-2477

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "libxslt" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

9.8CVSS8.7AI score0.00829EPSS

CVE•added 2017/10/23 1:29 a.m.•62 views

CVE-2017-7124

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

9.8CVSS8.8AI score0.00788EPSS

CVE•added 2017/10/23 1:29 a.m.•62 views

CVE-2017-7141

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via an...

5.3CVSS5.9AI score0.00194EPSS

CVE•added 2018/04/03 6:29 a.m.•62 views

CVE-2018-4124

An issue was discovered in certain Apple products. iOS before 11.2.6 is affected. macOS before 10.13.3 Supplemental Update is affected. tvOS before 11.2.6 is affected. watchOS before 4.2.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of serv...

9.8CVSS8.9AI score0.27168EPSS

CVE•added 2019/04/03 6:29 p.m.•62 views

CVE-2018-4421

A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.

9.3CVSS6.9AI score0.00251EPSS

CVE•added 2019/03/05 4:29 p.m.•62 views

CVE-2019-6200

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. An attacker in a privileged network position may be able to execute arbitrary code.

8.8CVSS7.1AI score0.00165EPSS

Total number of security vulnerabilities2420