Mac Os X Security Vulnerabilities and Issues — Mac Os X CVE List

Lucene search

AppleMac Os X

41 matches found

CVE•added 2016/07/23 7:59 p.m.•294 views

CVE-2016-5131

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

8.8CVSS7.8AI score0.04288EPSS

CVE•added 2016/07/22 2:59 a.m.•116 views

CVE-2014-9862

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.

7.8CVSS7.9AI score0.11018EPSS

CVE•added 2016/07/22 2:59 a.m.•86 views

CVE-2016-4609

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors...

9.8CVSS9.2AI score

CVE•added 2016/07/22 2:59 a.m.•72 views

CVE-2016-4615

libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors...

9.8CVSS9.1AI score

CVE•added 2016/07/22 3:0 a.m.•69 views

CVE-2016-4653

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.

7.8CVSS7.6AI score0.00268EPSS

CVE•added 2016/07/22 2:59 a.m.•62 views

CVE-2016-1863

7.8CVSS7.6AI score0.00268EPSS

CVE•added 2016/07/22 2:59 a.m.•61 views

CVE-2016-4607

9.8CVSS9.2AI score

CVE•added 2016/07/22 2:59 a.m.•59 views

CVE-2016-4631

ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.

8.8CVSS8.9AI score0.03745EPSS

CVE•added 2016/07/22 2:59 a.m.•57 views

CVE-2016-1865

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

5.5CVSS5.7AI score0.00107EPSS

CVE•added 2016/07/22 2:59 a.m.•56 views

CVE-2016-4616

9.8CVSS9.1AI score

CVE•added 2016/07/22 2:59 a.m.•53 views

CVE-2016-4582

7.8CVSS7.6AI score0.00268EPSS

CVE•added 2016/07/22 2:59 a.m.•53 views

CVE-2016-4596

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602.

8.8CVSS8.6AI score0.00836EPSS

CVE•added 2016/07/22 2:59 a.m.•52 views

CVE-2016-4637

CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.

8.8CVSS8.9AI score0.02898EPSS

CVE•added 2016/07/22 2:59 a.m.•50 views

CVE-2016-4614

9.8CVSS9.1AI score

CVE•added 2016/07/22 2:59 a.m.•50 views

CVE-2016-4635

FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors.

5.3CVSS5.8AI score0.00397EPSS

CVE•added 2016/07/22 2:59 a.m.•49 views

CVE-2016-4600

8.8CVSS8.6AI score0.00836EPSS

CVE•added 2016/07/22 2:59 a.m.•48 views

CVE-2016-4632

ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

7.5CVSS7.4AI score0.03107EPSS

CVE•added 2016/07/22 2:59 a.m.•47 views

CVE-2016-4639

Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors.

7CVSS6.9AI score0.00139EPSS

CVE•added 2016/07/22 2:59 a.m.•45 views

CVE-2016-4626

IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.

7.8CVSS7.6AI score0.00101EPSS

CVE•added 2016/07/22 2:59 a.m.•44 views

CVE-2016-4597

8.8CVSS8.6AI score0.00836EPSS

CVE•added 2016/07/22 2:59 a.m.•44 views

CVE-2016-4625

Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors.

7.8CVSS7.7AI score0.0186EPSS

CVE•added 2016/07/22 3:0 a.m.•44 views

CVE-2016-4648

Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.

5.5CVSS6AI score0.0013EPSS

CVE•added 2016/07/22 2:59 a.m.•43 views

CVE-2016-4594

The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.

7.8CVSS7.3AI score0.00209EPSS

CVE•added 2016/07/22 3:0 a.m.•43 views

CVE-2016-4641

Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion."

9.3CVSS7.9AI score0.00325EPSS

CVE•added 2016/07/22 2:59 a.m.•42 views

CVE-2016-4598

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.

9.8CVSS9.1AI score0.0169EPSS

CVE•added 2016/07/22 2:59 a.m.•42 views

CVE-2016-4602

8.8CVSS8.6AI score0.00836EPSS

CVE•added 2016/07/22 2:59 a.m.•42 views

CVE-2016-4621

libc++abi in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.4AI score0.00363EPSS

CVE•added 2016/07/22 2:59 a.m.•42 views

CVE-2016-4630

ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EXR image with B44 compression.

8.8CVSS9AI score0.01109EPSS

CVE•added 2016/07/22 2:59 a.m.•42 views

CVE-2016-4638

Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion."

9.3CVSS7.4AI score0.00311EPSS

CVE•added 2016/07/22 3:0 a.m.•42 views

CVE-2016-4649

Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

5.5CVSS6.1AI score0.00132EPSS

CVE•added 2016/07/22 2:59 a.m.•41 views

CVE-2016-4601

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SGI image.

8.8CVSS9AI score0.00836EPSS

CVE•added 2016/07/22 3:0 a.m.•41 views

CVE-2016-4645

CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.

3.3CVSS4.9AI score0.00102EPSS

CVE•added 2016/07/22 3:0 a.m.•41 views

CVE-2016-4652

CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors.

6.3CVSS6.6AI score0.00139EPSS

CVE•added 2016/07/22 2:59 a.m.•40 views

CVE-2016-4629

ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image.

10CVSS9.3AI score0.11075EPSS

CVE•added 2016/07/22 2:59 a.m.•39 views

CVE-2016-4595

Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure.

4.6CVSS6AI score0.00147EPSS

CVE•added 2016/07/22 2:59 a.m.•39 views

CVE-2016-4634

The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.8CVSS7.8AI score0.00151EPSS

CVE•added 2016/07/22 2:59 a.m.•37 views

CVE-2016-4599

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop document.

7.8CVSS8.6AI score0.00676EPSS

CVE•added 2016/07/22 3:0 a.m.•37 views

CVE-2016-4640

Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.1AI score0.00307EPSS

CVE•added 2016/07/22 3:0 a.m.•36 views

CVE-2016-4647

Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file.

7.8CVSS7.3AI score0.00108EPSS

CVE•added 2016/07/22 3:0 a.m.•35 views

CVE-2016-4646

Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file.

6.5CVSS6.8AI score0.00538EPSS

CVE•added 2016/07/22 2:59 a.m.•34 views

CVE-2016-4633

Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

7.8CVSS8.4AI score0.00222EPSS