Lucene search

K
AppleMac Os X

110 matches found

CVE
CVE
added 2000/02/04 5:0 a.m.446 views

CVE-1999-0524

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

2.1CVSS6.5AI score0.00702EPSS
CVE
CVE
added 2015/11/18 4:59 p.m.315 views

CVE-2015-8035

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

2.6CVSS6.6AI score0.01311EPSS
CVE
CVE
added 2021/08/24 7:15 p.m.94 views

CVE-2021-30915

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A person with physical access to an iOS device may be able to determine characteristic...

2.4CVSS3.5AI score0.00112EPSS
CVE
CVE
added 2013/12/17 3:21 p.m.91 views

CVE-2013-7127

Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file.

2.1CVSS5.2AI score0.00121EPSS
CVE
CVE
added 2020/10/27 8:15 p.m.72 views

CVE-2019-8799

This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications.

2.4CVSS4.6AI score0.0007EPSS
CVE
CVE
added 2005/03/22 5:0 a.m.58 views

CVE-2005-0715

AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Drop Boxes," which allows local users to read the contents of a Drop Box.

2.1CVSS8.6AI score0.00048EPSS
CVE
CVE
added 2011/03/23 2:0 a.m.57 views

CVE-2011-0178

The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory.

2.1CVSS5.2AI score0.00049EPSS
CVE
CVE
added 2014/11/18 11:59 a.m.54 views

CVE-2014-4460

CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.

2.1CVSS2.8AI score0.00072EPSS
CVE
CVE
added 2015/09/18 10:59 a.m.54 views

CVE-2015-5842

XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors.

2.1CVSS4.7AI score0.00063EPSS
CVE
CVE
added 2015/10/09 5:59 a.m.53 views

CVE-2015-5901

The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive.

2.1CVSS5.1AI score0.00061EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.52 views

CVE-2011-3215

The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state.

2.1CVSS7.8AI score0.00068EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.52 views

CVE-2011-3218

The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported...

2.6CVSS7.2AI score0.00662EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.52 views

CVE-2015-7046

The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges.

2.6CVSS7.8AI score0.00738EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.52 views

CVE-2019-8757

A race condition existed when reading and writing user preferences. This was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15. The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics.

2.5CVSS4.2AI score0.00104EPSS
CVE
CVE
added 2020/10/27 8:15 p.m.52 views

CVE-2019-8777

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A local attacker may be able to view contacts from the lock...

2.4CVSS4.2AI score0.00043EPSS
CVE
CVE
added 2003/11/03 5:0 a.m.51 views

CVE-2003-0876

Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended.

2.1CVSS6.5AI score0.00084EPSS
CVE
CVE
added 2011/06/24 8:55 p.m.51 views

CVE-2011-0197

App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions.

2.1CVSS4.7AI score0.00046EPSS
CVE
CVE
added 2015/08/16 11:59 p.m.51 views

CVE-2015-3757

Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane.

2.1CVSS7.7AI score0.0005EPSS
CVE
CVE
added 2017/10/23 1:29 a.m.51 views

CVE-2017-7082

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Screen Lock" component. It allows physically proximate attackers to read Application Firewall prompts.

2.4CVSS4.8AI score0.00075EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.50 views

CVE-2004-1087

Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user.

2.1CVSS8.8AI score0.00091EPSS
CVE
CVE
added 2006/10/03 4:2 a.m.50 views

CVE-2006-4390

CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted.

2.6CVSS6.1AI score0.00277EPSS
CVE
CVE
added 2013/09/16 1:2 p.m.50 views

CVE-2013-1030

mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.

2.1CVSS5.4AI score0.00133EPSS
CVE
CVE
added 2015/10/09 5:59 a.m.50 views

CVE-2015-5864

IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

2.1CVSS4.9AI score0.00096EPSS
CVE
CVE
added 2015/01/30 11:59 a.m.49 views

CVE-2014-8827

LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen.

2.1CVSS2.9AI score0.00058EPSS
CVE
CVE
added 2015/08/17 12:0 a.m.49 views

CVE-2015-5748

The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.

2.1CVSS7.3AI score0.0008EPSS
CVE
CVE
added 2015/09/18 12:0 p.m.49 views

CVE-2015-5863

IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors.

2.1CVSS4.6AI score0.00063EPSS
CVE
CVE
added 2003/11/17 5:0 a.m.48 views

CVE-2001-1412

nidump on MacOS X before 10.3 allows local users to read the encrypted passwords from the password file by specifying passwd as a command line argument.

2.1CVSS6.5AI score0.00231EPSS
CVE
CVE
added 2005/10/25 10:6 p.m.48 views

CVE-2005-2748

The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.

2.1CVSS6AI score0.00101EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.48 views

CVE-2011-3435

Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors.

2.1CVSS7.4AI score0.00117EPSS
CVE
CVE
added 2012/05/11 3:49 a.m.48 views

CVE-2012-0657

Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.

2.1CVSS7.7AI score0.00075EPSS
CVE
CVE
added 2014/09/19 10:55 a.m.48 views

CVE-2014-4403

The kernel in Apple OS X before 10.9.5 allows local users to obtain sensitive address information and bypass the ASLR protection mechanism by leveraging predictability of the location of the CPU Global Descriptor Table.

2.1CVSS6.4AI score0.00071EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.48 views

CVE-2015-1142

LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data.

2.1CVSS6.3AI score0.00056EPSS
CVE
CVE
added 2015/10/09 5:59 a.m.48 views

CVE-2015-5875

Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text.

2.1CVSS5AI score0.00105EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.47 views

CVE-2009-0014

Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder.

2.1CVSS6.7AI score0.0005EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.47 views

CVE-2011-3212

CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device.

2.1CVSS7.5AI score0.00104EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.47 views

CVE-2011-3224

The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.

2.6CVSS8.3AI score0.00534EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.46 views

CVE-2002-1270

Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call.

2.1CVSS6.7AI score0.00069EPSS
CVE
CVE
added 2005/05/12 4:0 a.m.46 views

CVE-2005-0973

Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 and earlier allows local users to cause a denial of service (memory exhaustion) via crafted arguments.

2.1CVSS6.2AI score0.00058EPSS
CVE
CVE
added 2006/05/12 9:2 p.m.46 views

CVE-2006-1440

BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links.

2.1CVSS6.2AI score0.00097EPSS
CVE
CVE
added 2011/03/23 2:0 a.m.46 views

CVE-2011-0180

Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call.

2.1CVSS5.6AI score0.00089EPSS
CVE
CVE
added 2014/07/01 10:17 a.m.46 views

CVE-2014-1317

iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file.

2.1CVSS5AI score0.00069EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.45 views

CVE-2005-2512

Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.

2.1CVSS9.4AI score0.00063EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.45 views

CVE-2005-2517

Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.

2.6CVSS9.4AI score0.00305EPSS
CVE
CVE
added 2006/03/03 10:2 p.m.45 views

CVE-2006-0389

Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds.

2.6CVSS6.1AI score0.00584EPSS
CVE
CVE
added 2006/08/02 4:4 p.m.45 views

CVE-2006-3495

AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users.

2.1CVSS5.8AI score0.00072EPSS
CVE
CVE
added 2008/09/16 11:0 p.m.45 views

CVE-2008-3619

Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files.

2.1CVSS5.8AI score0.00051EPSS
CVE
CVE
added 2013/06/05 2:39 p.m.45 views

CVE-2013-3949

The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the po...

2.1CVSS5.9AI score0.00048EPSS
CVE
CVE
added 2015/10/09 5:59 a.m.45 views

CVE-2015-5878

Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors.

2.1CVSS5AI score0.00082EPSS
CVE
CVE
added 2015/10/09 5:59 a.m.45 views

CVE-2015-5893

SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

2.1CVSS4.9AI score0.00061EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.44 views

CVE-2001-1565

Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command.

2.1CVSS6.9AI score0.00086EPSS
Total number of security vulnerabilities110