2420 matches found
CVE-2015-7038
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7039.
CVE-2015-7039
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7038.
CVE-2016-1806
Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2016-4614
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors...
CVE-2016-4635
FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors.
CVE-2016-4660
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a deni...
CVE-2016-4697
Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-4701
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.
CVE-2016-4739
mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface.
CVE-2017-13801
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search.
CVE-2017-13835
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated privileges.
CVE-2017-13889
In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a logic error existed in the validation of credentials. This was addressed with improved credential validation.
CVE-2017-13910
An access issue was addressed with additional sandbox restrictions on applications. This issue is fixed in macOS High Sierra 10.13. An application may be able to access restricted files.
CVE-2017-2449
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
CVE-2017-2524
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "TextInput" component. It allows remote attackers to execute arbitrary code or cause a denial ...
CVE-2017-2545
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-7016
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "afclip" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.
CVE-2017-7021
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-7033
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "afclip" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.
CVE-2018-4085
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "QuartzCore" component. It allows remote attackers to execute arbitrary code or cause a denial...
CVE-2018-4092
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to bypass intended memory-read restricti...
CVE-2018-4105
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "APFS" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection.
CVE-2019-8824
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with kernel privileges.
CVE-2021-30690
Multiple issues in apache were addressed by updating apache to version 2.4.46. This issue is fixed in Security Update 2021-004 Mojave. Multiple issues in apache.
CVE-2023-42959
A race condition was addressed with improved state handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.
CVE-2024-44237
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to unexpected app termination.
CVE-2003-0881
Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password.
CVE-2010-0057
AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.
CVE-2010-0509
SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts.
CVE-2011-3422
The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by ...
CVE-2011-3459
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.
CVE-2013-0990
SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.
CVE-2014-1258
Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image.
CVE-2014-1373
Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application.
CVE-2014-4483
Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.
CVE-2014-8829
SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
CVE-2015-3684
The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL.
CVE-2015-3698
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
CVE-2015-3705
IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3706.
CVE-2015-3713
QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file.
CVE-2015-3781
Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search.
CVE-2015-5775
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.
CVE-2015-5863
IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors.
CVE-2015-5865
IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
CVE-2015-5872
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890.
CVE-2015-5887
The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data.
CVE-2015-5913
Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request.
CVE-2015-5932
The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing.
CVE-2015-5934
Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5933.
CVE-2015-6994
The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app.