Mac Os X@* Security Vulnerabilities and Issues — Page 32 of Mac Os X@* CVE List

Lucene search

AppleMac Os X*

2420 matches found

CVE•added 2018/04/03 6:29 a.m.•54 views

CVE-2018-4151

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

7.6CVSS7.2AI score0.00169EPSS

CVE•added 2020/10/27 8:15 p.m.•54 views

CVE-2018-4452

A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra. A malicious applic...

9.3CVSS7.3AI score0.00358EPSS

CVE•added 2019/04/03 6:29 p.m.•54 views

CVE-2018-4470

A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6.

4.3CVSS4.4AI score0.0019EPSS

CVE•added 2020/10/27 8:15 p.m.•54 views

CVE-2019-8539

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. A malicious application may be able to execute arbitrary code with system privileges.

9.3CVSS7.3AI score0.00279EPSS

CVE•added 2019/12/18 6:15 p.m.•54 views

CVE-2019-8758

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges.

7.8CVSS7.6AI score0.00131EPSS

CVE•added 2019/12/18 6:15 p.m.•54 views

CVE-2019-8807

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1. An application may be able to execute arbitrary code with system privileges.

9.3CVSS8.1AI score0.00317EPSS

CVE•added 2021/04/02 6:15 p.m.•54 views

CVE-2020-29621

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to bypass Privacy preferences.

5.5CVSS5.2AI score0.00051EPSS

CVE•added 2020/04/01 6:15 p.m.•54 views

CVE-2020-9769

Multiple issues were addressed by updating to version 8.1.1850. This issue is fixed in macOS Catalina 10.15.4. Multiple issues in Vim.

9.8CVSS8.2AI score0.00504EPSS

CVE•added 2020/06/09 5:15 p.m.•54 views

CVE-2020-9833

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.5. A local user may be able to read kernel memory.

5.5CVSS5.1AI score0.00129EPSS

CVE•added 2020/10/22 7:15 p.m.•54 views

CVE-2020-9927

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.8AI score0.00049EPSS

CVE•added 2007/11/15 1:46 a.m.•53 views

CVE-2007-4682

CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer.

6.8CVSS7.6AI score0.02778EPSS

CVE•added 2011/03/11 5:55 p.m.•53 views

CVE-2011-1417

Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a c...

6.8CVSS6.3AI score0.04317EPSS

CVE•added 2012/03/30 10:55 p.m.•53 views

CVE-2011-3058

Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

4.3CVSS5.3AI score0.00753EPSS

CVE•added 2013/10/24 3:48 a.m.•53 views

CVE-2013-5170

Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

6.8CVSS7.6AI score0.0207EPSS

CVE•added 2014/02/27 1:55 a.m.•53 views

CVE-2014-1254

Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document.

6.8CVSS7.6AI score0.01256EPSS

CVE•added 2014/09/18 10:55 a.m.•53 views

CVE-2014-4375

Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.

7.8CVSS7.3AI score0.00054EPSS

CVE•added 2015/01/30 11:59 a.m.•53 views

CVE-2014-8817

coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value ...

10CVSS4.4AI score0.01162EPSS

CVE•added 2015/01/30 11:59 a.m.•53 views

CVE-2014-8820

The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821.

7.2CVSS3.5AI score0.00055EPSS

CVE•added 2015/04/10 2:59 p.m.•53 views

CVE-2015-1095

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.

7.2CVSS7.2AI score0.00216EPSS

CVE•added 2015/07/03 1:59 a.m.•53 views

CVE-2015-3669

QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3665.

6.8CVSS7.5AI score0.02022EPSS

CVE•added 2015/07/03 1:59 a.m.•53 views

CVE-2015-3694

FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719.

6.8CVSS5.2AI score0.01404EPSS

CVE•added 2015/08/17 12:0 a.m.•53 views

CVE-2015-5755

CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.

6.8CVSS8.7AI score0.0281EPSS

CVE•added 2015/09/18 11:0 a.m.•53 views

CVE-2015-5847

The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2CVSS6AI score0.00073EPSS

CVE•added 2015/09/18 12:0 p.m.•53 views

CVE-2015-5869

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

3.3CVSS5.8AI score0.00452EPSS

CVE•added 2015/09/18 12:0 p.m.•53 views

CVE-2015-5899

libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2CVSS5.9AI score0.00093EPSS

CVE•added 2015/10/09 5:59 a.m.•53 views

CVE-2015-5901

The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive.

2.1CVSS5.1AI score0.00061EPSS

CVE•added 2015/10/23 9:59 p.m.•53 views

CVE-2015-7023

CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.

5.8CVSS8.1AI score0.00742EPSS

CVE•added 2015/12/11 11:59 a.m.•53 views

CVE-2015-7041

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7042, and CVE-2015-7043.

4.3CVSS7.6AI score0.01078EPSS

CVE•added 2015/12/11 11:59 a.m.•53 views

CVE-2015-7046

The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges.

2.6CVSS7.8AI score0.00738EPSS

CVE•added 2015/12/11 11:59 a.m.•53 views

CVE-2015-7074

CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.

6.8CVSS9AI score0.02828EPSS

CVE•added 2015/12/11 11:59 a.m.•53 views

CVE-2015-7081

iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5CVSS8AI score0.00529EPSS

CVE•added 2016/03/24 1:59 a.m.•53 views

CVE-2016-1741

The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

10CVSS7.3AI score0.17312EPSS

CVE•added 2016/05/20 10:59 a.m.•53 views

CVE-2016-1829

The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, ...

9.3CVSS7.5AI score0.09639EPSS

CVE•added 2016/07/22 2:59 a.m.•53 views

CVE-2016-4582

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.

7.8CVSS7.6AI score0.00268EPSS

CVE•added 2016/07/22 2:59 a.m.•53 views

CVE-2016-4596

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602.

8.8CVSS8.6AI score0.00836EPSS

CVE•added 2017/02/20 8:59 a.m.•53 views

CVE-2016-7584

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "AppleMobileFileIntegrity" component, which allows remote attackers to spoof signed code by using ...

7.8CVSS6.6AI score0.00289EPSS

CVE•added 2017/02/20 8:59 a.m.•53 views

CVE-2016-7596

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.1AI score0.00482EPSS

CVE•added 2017/02/20 8:59 a.m.•53 views

CVE-2016-7605

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.

5.5CVSS5.1AI score0.00322EPSS

CVE•added 2017/02/20 8:59 a.m.•53 views

CVE-2016-7607

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows attackers to obtain sensitive information from kernel memory via a crafted app.

5.5CVSS4.9AI score0.00221EPSS

CVE•added 2017/02/20 8:59 a.m.•53 views

CVE-2016-7609

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

6.2CVSS5.3AI score0.00048EPSS

CVE•added 2021/12/23 8:15 p.m.•53 views

CVE-2017-13909

An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens.

5.5CVSS6.5AI score0.0005EPSS

CVE•added 2017/02/20 8:59 a.m.•53 views

CVE-2017-2357

An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "IOAudioFamily" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

4.3CVSS3.6AI score0.00198EPSS

CVE•added 2017/04/02 1:59 a.m.•53 views

CVE-2017-2408

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOATAFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.1AI score0.00183EPSS

CVE•added 2017/04/02 1:59 a.m.•53 views

CVE-2017-2421

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "AppleGraphicsPowerManagement" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS7.8AI score0.00152EPSS

CVE•added 2017/04/02 1:59 a.m.•53 views

CVE-2017-2443

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.1AI score0.01118EPSS

CVE•added 2017/05/22 5:29 a.m.•53 views

CVE-2017-2522

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute arbitrary code or cause a de...

9.8CVSS8.7AI score0.13046EPSS

CVE•added 2017/05/22 5:29 a.m.•53 views

CVE-2017-6979

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privil...

7.6CVSS7.3AI score0.02343EPSS

CVE•added 2017/05/22 5:29 a.m.•53 views

CVE-2017-6987

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a craf...

5.5CVSS5.4AI score0.00242EPSS

CVE•added 2017/07/20 4:29 p.m.•53 views

CVE-2017-7031

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file.

7.8CVSS7.8AI score0.00502EPSS

CVE•added 2017/07/20 4:29 p.m.•53 views

CVE-2017-7045

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

5.5CVSS5.6AI score0.00249EPSS

Total number of security vulnerabilities2420