Mac Os X@* Security Vulnerabilities and Issues — Page 28 of Mac Os X@* CVE List

Lucene search

AppleMac Os X*

2420 matches found

CVE•added 2015/09/18 12:0 p.m.•59 views

CVE-2015-5912

The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.

5CVSS5.8AI score0.00524EPSS

CVE•added 2015/10/23 9:59 p.m.•59 views

CVE-2015-5926

The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5925.

6.8CVSS7.5AI score0.01866EPSS

CVE•added 2015/10/23 9:59 p.m.•59 views

CVE-2015-5936

ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5937, and CVE-2015-5939.

6.8CVSS7.5AI score0.02828EPSS

CVE•added 2015/10/23 9:59 p.m.•59 views

CVE-2015-5937

6.8CVSS7.5AI score0.02828EPSS

CVE•added 2015/10/23 9:59 p.m.•59 views

CVE-2015-5938

ImageIO in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image.

6.8CVSS9.1AI score0.01237EPSS

CVE•added 2015/10/23 9:59 p.m.•59 views

CVE-2015-5942

FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5927.

6.8CVSS7.4AI score0.01866EPSS

CVE•added 2015/10/23 9:59 p.m.•59 views

CVE-2015-6978

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7...

6.8CVSS7.4AI score0.03768EPSS

CVE•added 2015/10/23 10:59 a.m.•59 views

CVE-2015-7017

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.

7.5CVSS9AI score0.02129EPSS

CVE•added 2015/12/11 11:59 a.m.•59 views

CVE-2015-7040

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7041, CVE-2015-7042, and CVE-2015-7043.

4.3CVSS7.6AI score0.01078EPSS

CVE•added 2015/12/11 11:59 a.m.•59 views

CVE-2015-7084

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083.

7.2CVSS7.9AI score0.00335EPSS

CVE•added 2016/02/01 11:59 a.m.•59 views

CVE-2016-1718

The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.3CVSS6.7AI score0.00044EPSS

CVE•added 2016/03/24 1:59 a.m.•59 views

CVE-2016-1753

Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS6.8AI score0.00362EPSS

CVE•added 2017/02/20 8:59 a.m.•59 views

CVE-2016-4691

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and...

8.8CVSS7.9AI score0.00885EPSS

CVE•added 2016/09/25 10:59 a.m.•59 views

CVE-2016-4702

Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10CVSS9.2AI score0.14118EPSS

CVE•added 2016/09/25 10:59 a.m.•59 views

CVE-2016-4718

Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.

6.5CVSS6.5AI score0.0232EPSS

CVE•added 2016/09/25 10:59 a.m.•59 views

CVE-2016-4753

Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS8.1AI score0.00365EPSS

CVE•added 2016/09/25 11:0 a.m.•59 views

CVE-2016-4775

The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.8CVSS7.7AI score0.00065EPSS

CVE•added 2017/04/02 1:59 a.m.•59 views

CVE-2016-7585

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the "EFI" component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter.

6.8CVSS6.6AI score0.0004EPSS

CVE•added 2017/11/13 3:29 a.m.•59 views

CVE-2017-13800

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.6AI score0.00175EPSS

CVE•added 2018/04/03 6:29 a.m.•59 views

CVE-2017-13853

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "AppleGraphicsControl" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.7AI score0.00247EPSS

CVE•added 2021/12/23 8:15 p.m.•59 views

CVE-2017-13907

A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked.

6.8CVSS6.2AI score0.00061EPSS

CVE•added 2017/04/02 1:59 a.m.•59 views

CVE-2017-2487

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of se...

7.8CVSS8.6AI score0.00774EPSS

CVE•added 2017/05/22 5:29 a.m.•59 views

CVE-2017-6991

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we...

8.8CVSS8.4AI score0.00958EPSS

CVE•added 2018/04/03 6:29 a.m.•59 views

CVE-2018-4086

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Security" component. It allows remote attackers to spoof certificate validation via crafted n...

5.9CVSS5.8AI score0.00326EPSS

CVE•added 2019/04/03 6:29 p.m.•59 views

CVE-2018-4285

A type confusion issue was addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.

9.3CVSS6AI score0.00151EPSS

CVE•added 2019/01/11 6:29 p.m.•59 views

CVE-2018-4298

In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed in Remote Management. This issue was addressed through improved permission validation.

10CVSS8.8AI score0.00334EPSS

CVE•added 2019/12/18 6:15 p.m.•59 views

CVE-2019-8507

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.4. Processing malicious data may lead to unexpected application termination.

5.5CVSS6.6AI score0.00059EPSS

CVE•added 2019/12/18 6:15 p.m.•59 views

CVE-2019-8604

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.

8.8CVSS7.9AI score0.0021EPSS

CVE•added 2019/12/18 6:15 p.m.•59 views

CVE-2019-8694

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS8.2AI score0.00297EPSS

CVE•added 2020/10/27 8:15 p.m.•59 views

CVE-2019-8737

A denial of service issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged position may be able to perform a denial of service attack.

6.5CVSS6.4AI score0.00447EPSS

CVE•added 2020/02/27 9:15 p.m.•59 views

CVE-2020-3871

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS8.2AI score0.00374EPSS

CVE•added 2020/04/01 6:15 p.m.•59 views

CVE-2020-3892

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.8AI score0.00302EPSS

CVE•added 2020/06/09 5:15 p.m.•59 views

CVE-2020-9824

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A non-privileged user may be able to modify restricted network settings.

7.5CVSS6.5AI score0.00241EPSS

CVE•added 2020/06/09 5:15 p.m.•59 views

CVE-2020-9855

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.5. A local attacker may be able to elevate their privileges.

7.8CVSS6.5AI score0.00051EPSS

CVE•added 2020/10/22 6:15 p.m.•59 views

CVE-2020-9882

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

7.8CVSS8.3AI score0.01044EPSS

CVE•added 2021/08/24 7:15 p.m.•59 views

CVE-2021-30959

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.

5.5CVSS6AI score0.00235EPSS

CVE•added 2021/08/24 7:15 p.m.•59 views

CVE-2021-30976

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks.

5.5CVSS5.7AI score0.00227EPSS

CVE•added 2021/08/24 7:15 p.m.•59 views

CVE-2021-30981

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.8AI score0.00747EPSS

CVE•added 2011/03/23 2:0 a.m.•58 views

CVE-2011-0175

Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font.

6.8CVSS6.4AI score0.01577EPSS

CVE•added 2011/03/23 2:0 a.m.•58 views

CVE-2011-0178

The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory.

2.1CVSS5.2AI score0.00049EPSS

CVE•added 2011/03/23 2:0 a.m.•58 views

CVE-2011-0187

The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect.

4.3CVSS5.7AI score0.00598EPSS

CVE•added 2011/06/21 2:52 a.m.•58 views

CVE-2011-1755

jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

7.5CVSS6.9AI score0.08459EPSS

CVE•added 2012/09/20 9:55 p.m.•58 views

CVE-2012-3722

The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

6.8CVSS7.5AI score0.02122EPSS

CVE•added 2013/09/16 1:2 p.m.•58 views

CVE-2013-1032

QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file.

6.8CVSS7.7AI score0.0202EPSS

CVE•added 2014/12/10 9:59 p.m.•58 views

CVE-2014-8452

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5CVSS6.5AI score0.10317EPSS

CVE•added 2015/04/10 2:59 p.m.•58 views

CVE-2015-1089

CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

5CVSS6.3AI score0.00498EPSS

CVE•added 2015/04/10 2:59 p.m.•58 views

CVE-2015-1104

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.

5CVSS6AI score0.01373EPSS

CVE•added 2015/04/10 2:59 p.m.•58 views

CVE-2015-1133

fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135.

7.2CVSS6.6AI score0.01099EPSS

CVE•added 2015/04/10 2:59 p.m.•58 views

CVE-2015-1145

The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146.

1.9CVSS6.3AI score0.00073EPSS

CVE•added 2015/05/13 10:59 a.m.•58 views

CVE-2015-3059

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, and CVE-2015-3075.

10CVSS7.4AI score0.06245EPSS

Total number of security vulnerabilities2420