Mac Os X@* Security Vulnerabilities and Issues — Page 32 of Mac Os X@* CVE List

7.8CVSS7.8AI score0.00518EPSS

CVE-2016-4681

An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Core Image" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.

7.5CVSS5.9AI score0.00134EPSS

CVE-2016-4693

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the...

7.8CVSS6.6AI score0.00289EPSS

CVE-2016-7584

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "AppleMobileFileIntegrity" component, which allows remote attackers to spoof signed code by using ...

5.5CVSS4.9AI score0.00046EPSS

CVE-2016-7603

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "CoreStorage" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

5.5CVSS4.5AI score0.00978EPSS

CVE-2016-7608

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOFireWireFamily" component, which allows local users to obtain sensitive information from kernel memory via unspecified vectors.

6.2CVSS5.3AI score0.00048EPSS

CVE-2016-7609

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

9.3CVSS6.8AI score0.00173EPSS

CVE-2016-7616

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Disk Images" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (mem...

7.8CVSS7.6AI score0.01226EPSS

CVE-2016-7622

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Grapher" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .gcx file.

7.5CVSS5.7AI score0.00209EPSS

CVE-2016-7662

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows remote attackers to spoof certificates via unspecified vectors.

6.1CVSS5.4AI score0.06176EPSS

CVE-2017-2361

An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site.

CVE•added 2017/05/22 5:29 a.m.•55 views

CVE-2017-2497

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book.

6.1CVSS6.3AI score0.00289EPSS

CVE•added 2017/05/22 5:29 a.m.•55 views

CVE-2017-2527

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "CoreAnimation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via crafted data.

9.8CVSS8.6AI score0.09359EPSS

CVE•added 2017/05/22 5:29 a.m.•55 views

CVE-2017-6987

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a craf...

5.5CVSS5.4AI score0.00242EPSS

CVE•added 2017/10/23 1:29 a.m.•55 views

CVE-2017-7138

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Directory Utility" component. It allows local users to discover the Apple ID of the computer's owner.

3.3CVSS4.7AI score0.00064EPSS

CVE•added 2020/10/27 8:15 p.m.•55 views

CVE-2018-4452

A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra. A malicious applic...

9.3CVSS7.3AI score0.00358EPSS

CVE•added 2019/04/03 6:29 p.m.•55 views

CVE-2018-4460

A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.

6.5CVSS6.1AI score0.00702EPSS

CVE•added 2019/04/03 6:29 p.m.•55 views

CVE-2018-4470

A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6.

4.3CVSS4.4AI score0.0019EPSS

CVE•added 2020/10/27 8:15 p.m.•55 views

CVE-2019-8539

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. A malicious application may be able to execute arbitrary code with system privileges.

9.3CVSS7.3AI score0.00279EPSS

CVE•added 2020/10/27 8:15 p.m.•55 views

CVE-2019-8618

A logic issue was addressed with improved restrictions. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A sandboxed process may be able to circumvent sandbox restrictions.

7.5CVSS6.8AI score0.00289EPSS

5.5CVSS4.6AI score0.0006EPSS

CVE-2019-8692

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.

7.8CVSS7.6AI score0.00131EPSS

CVE-2019-8758

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges.

5.5CVSS5.5AI score0.00227EPSS

CVE-2019-8770

The issue was addressed with improved permissions logic. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access recent documents.

9.3CVSS8.1AI score0.00317EPSS

CVE-2019-8807

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1. An application may be able to execute arbitrary code with system privileges.

CVE•added 2021/04/02 6:15 p.m.•55 views

CVE-2020-29621

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to bypass Privacy preferences.

5.5CVSS5.2AI score0.00051EPSS

CVE•added 2020/04/01 6:15 p.m.•55 views

CVE-2020-9769

Multiple issues were addressed by updating to version 8.1.1850. This issue is fixed in macOS Catalina 10.15.4. Multiple issues in Vim.

9.8CVSS8.2AI score0.00504EPSS

CVE•added 2020/10/22 7:15 p.m.•55 views

CVE-2020-9927

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.8AI score0.00049EPSS

CVE•added 2011/10/14 10:55 a.m.•54 views

CVE-2011-3215

The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state.

2.1CVSS7.8AI score0.00068EPSS

CVE•added 2013/10/24 3:48 a.m.•54 views

CVE-2013-5170

Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

6.8CVSS7.6AI score0.01768EPSS

CVE•added 2014/02/27 1:55 a.m.•54 views

CVE-2014-1254

Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document.

6.8CVSS7.6AI score0.01256EPSS

CVE•added 2014/09/18 10:55 a.m.•54 views

CVE-2014-4375

Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.

7.8CVSS7.3AI score0.00054EPSS

CVE•added 2015/01/30 11:59 a.m.•54 views

CVE-2014-4481

Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

6.8CVSS5.1AI score0.08613EPSS

CVE•added 2015/01/30 11:59 a.m.•54 views

CVE-2014-8817

coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value ...

10CVSS4.4AI score0.01162EPSS

CVE•added 2015/04/10 2:59 p.m.•54 views

CVE-2015-1095

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.

7.2CVSS7.2AI score0.00216EPSS

CVE•added 2015/07/03 1:59 a.m.•54 views

CVE-2015-3663

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3666, ...

6.8CVSS5.2AI score0.03642EPSS

CVE•added 2015/07/03 1:59 a.m.•54 views

CVE-2015-3669

QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3665.

6.8CVSS7.5AI score0.02022EPSS

CVE•added 2015/07/03 1:59 a.m.•54 views

CVE-2015-3694

FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719.

6.8CVSS5.2AI score0.01404EPSS

CVE•added 2015/08/17 12:0 a.m.•54 views

CVE-2015-5755

CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.

6.8CVSS8.7AI score0.0281EPSS

CVE•added 2015/09/18 11:0 a.m.•54 views

CVE-2015-5847

The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2CVSS6AI score0.00073EPSS

CVE•added 2015/09/18 12:0 p.m.•54 views

CVE-2015-5869

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

3.3CVSS5.8AI score0.00452EPSS

CVE•added 2015/09/18 12:0 p.m.•54 views

CVE-2015-5899

libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2CVSS5.9AI score0.00093EPSS

CVE•added 2015/10/09 5:59 a.m.•54 views

CVE-2015-5901

The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive.

2.1CVSS5.1AI score0.00061EPSS

CVE•added 2015/10/23 9:59 p.m.•54 views

CVE-2015-7023

CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.

5.8CVSS8.1AI score0.00742EPSS

4.3CVSS7.6AI score0.01078EPSS

CVE-2015-7041

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7042, and CVE-2015-7043.

2.6CVSS7.8AI score0.00738EPSS

CVE-2015-7046

The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges.

6.8CVSS9AI score0.02828EPSS

CVE-2015-7074

CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.