Mac Os X@* Security Vulnerabilities and Issues — Page 49 of Mac Os X@* CVE List

Lucene search

AppleMac Os X*

2420 matches found

CVE•added 2014/10/18 1:55 a.m.•37 views

CVE-2014-4425

CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation.

4.6CVSS8.4AI score0.00061EPSS

CVE•added 2014/10/18 1:55 a.m.•37 views

CVE-2014-4441

NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled.

6.8CVSS8.2AI score0.00666EPSS

CVE•added 2015/01/30 11:59 a.m.•37 views

CVE-2014-8823

The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument.

4.7CVSS3.5AI score0.00064EPSS

CVE•added 2015/01/30 11:59 a.m.•37 views

CVE-2014-8824

The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

10CVSS4.2AI score0.00982EPSS

CVE•added 2016/05/20 10:59 a.m.•37 views

CVE-2016-1816

IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

9.3CVSS8AI score0.00228EPSS

CVE•added 2016/07/22 3:0 a.m.•37 views

CVE-2016-4647

Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file.

7.8CVSS7.3AI score0.00108EPSS

CVE•added 2016/09/25 10:59 a.m.•37 views

CVE-2016-4745

The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack.

5.3CVSS6.3AI score0.00503EPSS

CVE•added 2019/01/11 6:29 p.m.•37 views

CVE-2018-4169

In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, an out-of-bounds read was addressed with improved input validation.

10CVSS8.3AI score0.00442EPSS

CVE•added 2006/08/05 1:0 a.m.•36 views

CVE-2005-2194

Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing.

5CVSS6.2AI score0.00574EPSS

CVE•added 2006/11/30 4:28 p.m.•36 views

CVE-2006-4404

The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges.

10CVSS6.1AI score0.00545EPSS

CVE•added 2008/08/01 2:41 p.m.•36 views

CVE-2008-3438

Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

8.1CVSS7.9AI score0.0043EPSS

CVE•added 2013/10/24 3:48 a.m.•36 views

CVE-2013-5169

CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.

1.9CVSS5.4AI score0.00131EPSS

CVE•added 2013/10/24 3:48 a.m.•36 views

CVE-2013-5175

The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file.

6.6CVSS5.7AI score0.00138EPSS

CVE•added 2014/10/18 1:55 a.m.•36 views

CVE-2014-4437

LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object.

6.8CVSS8.2AI score0.00463EPSS

CVE•added 2016/05/20 11:0 a.m.•36 views

CVE-2016-1851

The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors.

4.6CVSS5.5AI score0.00088EPSS

CVE•added 2016/07/22 3:0 a.m.•36 views

CVE-2016-4646

Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file.

6.5CVSS6.8AI score0.00538EPSS

CVE•added 2012/02/02 6:55 p.m.•35 views

CVE-2011-3449

Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.

6.8CVSS6.8AI score0.00872EPSS

CVE•added 2015/12/11 11:59 a.m.•35 views

CVE-2015-7044

The System Integrity Protection feature in Apple OS X before 10.11.2 mishandles union mounts, which allows attackers to execute arbitrary code in a privileged context via a crafted app with root privileges.

7.6CVSS8.5AI score0.00867EPSS

CVE•added 2016/07/22 2:59 a.m.•35 views

CVE-2016-4633

Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

7.8CVSS8.4AI score0.00222EPSS

CVE•added 2016/09/25 10:59 a.m.•35 views

CVE-2016-4716

diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors.

7.8CVSS7.7AI score0.00137EPSS

Total number of security vulnerabilities2420