Lucene search

K
AppleMac Os X

35 matches found

CVE
CVE
added 2020/10/27 8:15 p.m.284 views

CVE-2019-8842

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.

3.3CVSS4.6AI score0.0017EPSS
CVE
CVE
added 2021/04/02 6:15 p.m.266 views

CVE-2020-29623

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete b...

3.3CVSS4.9AI score0.00053EPSS
CVE
CVE
added 2020/02/05 5:15 p.m.253 views

CVE-2019-15126

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a di...

3.1CVSS6.2AI score0.07993EPSS
CVE
CVE
added 2022/03/18 6:15 p.m.104 views

CVE-2022-22656

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen.

3.3CVSS4.6AI score0.00148EPSS
CVE
CVE
added 2020/02/27 9:15 p.m.94 views

CVE-2020-3830

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to overwrite arbitrary files.

3.6CVSS5.1AI score0.00181EPSS
CVE
CVE
added 2020/10/27 8:15 p.m.79 views

CVE-2019-8809

A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier.

3.3CVSS4.4AI score0.00071EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.64 views

CVE-2016-7620

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOSurface" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

3.3CVSS3.3AI score0.00144EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.59 views

CVE-2019-8730

The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes.

3.3CVSS4.7AI score0.00115EPSS
CVE
CVE
added 2011/06/24 8:55 p.m.56 views

CVE-2009-5044

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.

3.3CVSS6.5AI score0.00067EPSS
CVE
CVE
added 2015/11/14 3:59 a.m.55 views

CVE-2013-5229

The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box.

3.7CVSS6.3AI score0.00055EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.55 views

CVE-2016-7714

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

3.3CVSS3.1AI score0.00054EPSS
CVE
CVE
added 2017/10/23 1:29 a.m.54 views

CVE-2017-7138

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Directory Utility" component. It allows local users to discover the Apple ID of the computer's owner.

3.3CVSS4.7AI score0.00064EPSS
CVE
CVE
added 2015/08/16 11:59 p.m.53 views

CVE-2015-3787

The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets.

3.3CVSS8.2AI score0.003EPSS
CVE
CVE
added 2015/09/18 12:0 p.m.53 views

CVE-2015-5869

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

3.3CVSS5.8AI score0.00452EPSS
CVE
CVE
added 2014/02/27 1:55 a.m.51 views

CVE-2014-1264

Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL.

3.3CVSS6.6AI score0.00054EPSS
CVE
CVE
added 2015/10/09 5:59 a.m.50 views

CVE-2015-5884

The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment.

3.3CVSS5.5AI score0.00106EPSS
CVE
CVE
added 2017/11/13 3:29 a.m.50 views

CVE-2017-13801

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search.

3.3CVSS4.6AI score0.00062EPSS
CVE
CVE
added 2015/10/09 5:59 a.m.48 views

CVE-2015-5853

AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors.

3.3CVSS5.7AI score0.0013EPSS
CVE
CVE
added 2010/06/17 4:30 p.m.47 views

CVE-2010-1381

The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926.

3.5CVSS6.6AI score0.38234EPSS
CVE
CVE
added 2014/04/23 11:52 a.m.47 views

CVE-2014-1321

Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action.

3.3CVSS6.1AI score0.00062EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.47 views

CVE-2016-7625

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

3.3CVSS3.3AI score0.0006EPSS
CVE
CVE
added 2010/06/17 4:30 p.m.46 views

CVE-2010-0546

Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder.

3.3CVSS6.8AI score0.00031EPSS
CVE
CVE
added 2010/06/17 4:30 p.m.46 views

CVE-2010-1382

Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field.

3.5CVSS5.9AI score0.00324EPSS
CVE
CVE
added 2013/09/16 1:2 p.m.46 views

CVE-2013-1031

Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of ...

3.3CVSS6AI score0.00042EPSS
CVE
CVE
added 2014/02/27 1:55 a.m.46 views

CVE-2014-1257

CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.

3.6CVSS6AI score0.00061EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.46 views

CVE-2016-7624

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

3.3CVSS3.3AI score0.00063EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.45 views

CVE-2001-0806

Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages.

3.6CVSS6.3AI score0.00084EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.45 views

CVE-2016-4670

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log.

3.3CVSS4.3AI score0.0006EPSS
CVE
CVE
added 2006/10/03 4:2 a.m.44 views

CVE-2006-4393

Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users.

3.7CVSS6.1AI score0.00077EPSS
CVE
CVE
added 2015/08/16 11:59 p.m.44 views

CVE-2015-3778

bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.

3.3CVSS7.3AI score0.00351EPSS
CVE
CVE
added 2005/05/03 4:0 a.m.41 views

CVE-2005-1430

Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.

3.6CVSS6.3AI score0.00048EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.41 views

CVE-2013-5171

CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration.

3.3CVSS6.1AI score0.00047EPSS
CVE
CVE
added 2016/07/22 3:0 a.m.41 views

CVE-2016-4645

CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.

3.3CVSS4.9AI score0.00102EPSS
CVE
CVE
added 2007/12/19 9:46 p.m.40 views

CVE-2007-5851

iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.

3.6CVSS8.5AI score0.00237EPSS
CVE
CVE
added 2016/03/24 1:59 a.m.39 views

CVE-2016-1773

The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.

3.3CVSS4AI score0.00054EPSS