Mac Os X Security Vulnerabilities and Issues — Mac Os X CVE List

Lucene search

AppleMac Os X

20 matches found

CVE•added 2015/08/24 1:59 a.m.•1642 views

CVE-2015-6563

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a craf...

1.9CVSS5.4AI score0.00126EPSS

CVE•added 2015/04/10 2:59 p.m.•69 views

CVE-2015-1096

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

1.9CVSS4.7AI score0.00074EPSS

CVE•added 2013/06/05 2:39 p.m.•64 views

CVE-2013-0982

The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.

1.7CVSS6.3AI score0.00053EPSS

CVE•added 2014/09/18 10:55 a.m.•59 views

CVE-2014-4371

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4...

1.9CVSS3.6AI score0.00078EPSS

CVE•added 2014/09/18 10:55 a.m.•58 views

CVE-2014-4420

1.9CVSS3.6AI score0.00078EPSS

CVE•added 2015/04/10 2:59 p.m.•57 views

CVE-2015-1145

The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146.

1.9CVSS6.3AI score0.00073EPSS

CVE•added 2015/04/10 2:59 p.m.•56 views

CVE-2015-1146

1.9CVSS6.3AI score0.00073EPSS

CVE•added 2014/09/18 10:55 a.m.•54 views

CVE-2014-4421

1.9CVSS3.6AI score0.00078EPSS

CVE•added 2014/09/18 10:55 a.m.•50 views

CVE-2014-4419

1.9CVSS3.6AI score0.00078EPSS

CVE•added 2009/02/12 11:30 p.m.•48 views

CVE-2009-0142

Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic."

1.9CVSS6.4AI score0.00055EPSS

CVE•added 2015/10/09 5:59 a.m.•48 views

CVE-2015-3785

The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.

1.9CVSS5.6AI score0.00094EPSS

CVE•added 2006/03/03 10:2 p.m.•45 views

CVE-2006-0391

Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper.

1.7CVSS6.7AI score0.00628EPSS

CVE•added 2008/09/16 11:0 p.m.•44 views

CVE-2008-2329

Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.

1.9CVSS6AI score0.00086EPSS

CVE•added 2011/03/04 11:0 p.m.•44 views

CVE-2011-1073

crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXX...

1.9CVSS6.1AI score0.00021EPSS

CVE•added 2006/03/03 10:2 p.m.•42 views

CVE-2006-0386

FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled.

1.7CVSS6.3AI score0.00068EPSS

CVE•added 2013/10/24 3:48 a.m.•39 views

CVE-2013-5187

The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that shoul...

1.9CVSS5.5AI score0.00131EPSS

CVE•added 2008/03/18 11:44 p.m.•37 views

CVE-2008-0996

The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.

1.7CVSS8.1AI score0.00059EPSS

CVE•added 2008/03/18 10:44 p.m.•36 views

CVE-2008-0049

AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications.

1.9CVSS8.6AI score0.00193EPSS

CVE•added 2008/02/12 8:0 p.m.•35 views

CVE-2008-0038

Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application.

1.9CVSS6.1AI score0.00073EPSS

CVE•added 2013/10/24 3:48 a.m.•35 views

CVE-2013-5169

CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.

1.9CVSS5.4AI score0.00131EPSS