Mac Os X Security Vulnerabilities and Issues — Mac Os X CVE List

Lucene search

AppleMac Os X

220 matches found

CVE•added 2016/01/14 10:59 p.m.•3144 views

CVE-2016-0777

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

6.5CVSS6.4AI score0.79763EPSS

CVE•added 2016/01/14 10:59 p.m.•1893 views

CVE-2016-0778

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-...

8.1CVSS7.3AI score0.02711EPSS

CVE•added 2016/09/25 10:59 a.m.•374 views

CVE-2016-4658

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free a...

10CVSS8AI score0.19344EPSS

CVE•added 2016/05/26 4:59 p.m.•310 views

CVE-2016-0718

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

9.8CVSS8.7AI score0.02267EPSS

CVE•added 2016/05/20 10:59 a.m.•288 views

CVE-2015-8865

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application ...

7.5CVSS8.2AI score0.00887EPSS

CVE•added 2016/07/23 7:59 p.m.•287 views

CVE-2016-5131

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

8.8CVSS7.8AI score0.04288EPSS

CVE•added 2016/03/31 4:59 p.m.•239 views

CVE-2016-3141

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data contai...

9.8CVSS7.9AI score0.3389EPSS

CVE•added 2016/03/31 4:59 p.m.•215 views

CVE-2016-3142

The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an inv...

8.2CVSS7AI score0.01992EPSS

CVE•added 2016/05/20 11:0 a.m.•212 views

CVE-2016-4071

Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.

9.8CVSS8AI score0.16168EPSS

CVE•added 2016/06/09 4:59 p.m.•211 views

CVE-2016-4447

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

7.5CVSS8.1AI score0.01024EPSS

CVE•added 2016/03/13 6:59 p.m.•206 views

CVE-2016-1950

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

8.8CVSS7.9AI score0.01752EPSS

CVE•added 2016/05/05 1:59 a.m.•189 views

CVE-2016-2105

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

7.5CVSS7.7AI score0.43192EPSS

CVE•added 2016/05/20 11:0 a.m.•185 views

CVE-2016-4072

The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c.

9.8CVSS7.8AI score0.04643EPSS

CVE•added 2016/05/20 11:0 a.m.•185 views

CVE-2016-4073

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.

9.8CVSS8.2AI score0.06555EPSS

CVE•added 2016/06/09 4:59 p.m.•182 views

CVE-2016-4448

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

10CVSS9.5AI score0.02596EPSS

CVE•added 2016/02/07 1:59 a.m.•169 views

CVE-2016-0801

The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.

9.8CVSS7.6AI score0.46032EPSS

CVE•added 2016/01/21 3:59 p.m.•168 views

CVE-2015-8472

Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a smal...

7.5CVSS7.4AI score0.04755EPSS

CVE•added 2016/05/20 10:59 a.m.•144 views

CVE-2016-1839

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.4AI score0.03399EPSS

CVE•added 2016/09/25 10:59 a.m.•136 views

CVE-2016-4738

libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

9.3CVSS8.7AI score0.07628EPSS

CVE•added 2016/03/24 1:59 a.m.•133 views

CVE-2016-1757

Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS5.9AI score0.58452EPSS

CVE•added 2016/03/24 1:59 a.m.•125 views

CVE-2016-1762

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

8.1CVSS7AI score0.04124EPSS

CVE•added 2016/07/22 2:59 a.m.•116 views

CVE-2014-9862

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.

7.8CVSS7.9AI score0.11018EPSS

CVE•added 2016/05/20 10:59 a.m.•113 views

CVE-2016-1834

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML do...

9.3CVSS8.6AI score0.01714EPSS

CVE•added 2016/03/24 1:59 a.m.•107 views

CVE-2016-1764

The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.

4.3CVSS4.1AI score0.06683EPSS

CVE•added 2016/05/20 10:59 a.m.•106 views

CVE-2016-1840

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a cr...

7.8CVSS8.6AI score0.0103EPSS

CVE•added 2016/05/20 10:59 a.m.•105 views

CVE-2016-1837

Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a cr...

5.5CVSS6.6AI score0.00412EPSS

CVE•added 2016/05/20 10:59 a.m.•103 views

CVE-2016-1833

The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.00399EPSS

CVE•added 2016/05/20 10:59 a.m.•101 views

CVE-2016-1838

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.03485EPSS

CVE•added 2016/05/20 10:59 a.m.•99 views

CVE-2016-1836

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

5.5CVSS6.5AI score0.00847EPSS

CVE•added 2016/09/25 10:59 a.m.•99 views

CVE-2016-4694

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an applicati...

9.1CVSS7.7AI score0.59195EPSS

CVE•added 2016/05/20 10:59 a.m.•98 views

CVE-2016-1835

Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.

8.8CVSS7.2AI score0.06172EPSS

CVE•added 2016/07/22 2:59 a.m.•86 views

CVE-2016-4609

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors...

9.8CVSS9.2AI score

CVE•added 2016/05/20 10:59 a.m.•77 views

CVE-2016-1841

libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8CVSS8.3AI score0.04075EPSS

CVE•added 2016/03/24 1:59 a.m.•75 views

CVE-2015-7551

The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of se...

8.4CVSS6.7AI score0.46054EPSS

CVE•added 2016/07/22 2:59 a.m.•72 views

CVE-2016-4615

libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors...

9.8CVSS9.1AI score

CVE•added 2016/09/25 11:0 a.m.•70 views

CVE-2016-4773

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776.

7.1CVSS6.8AI score0.00196EPSS

CVE•added 2016/05/20 10:59 a.m.•69 views

CVE-2016-1827

The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1828, CVE-2016-1829, ...

9.3CVSS7.5AI score0.09639EPSS

CVE•added 2016/07/22 3:0 a.m.•69 views

CVE-2016-4653

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.

7.8CVSS7.6AI score0.00268EPSS

CVE•added 2016/09/25 10:59 a.m.•69 views

CVE-2016-4708

CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.

6.5CVSS6.4AI score0.04174EPSS

CVE•added 2016/03/24 1:59 a.m.•66 views

CVE-2016-1743

The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1744.

9.3CVSS6.5AI score0.02745EPSS

CVE•added 2016/03/24 1:59 a.m.•66 views

CVE-2016-1744

9.3CVSS6.5AI score0.02745EPSS

CVE•added 2016/03/24 1:59 a.m.•66 views

CVE-2016-1755

The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.

9.3CVSS7.1AI score0.03453EPSS

CVE•added 2016/05/20 10:59 a.m.•66 views

CVE-2016-1828

9.3CVSS7.5AI score0.09639EPSS

CVE•added 2016/06/26 1:59 a.m.•64 views

CVE-2015-7987

Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.

9.8CVSS9.3AI score0.03085EPSS

CVE•added 2016/03/24 1:59 a.m.•64 views

CVE-2016-1758

The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.

4.3CVSS4.4AI score0.00276EPSS

CVE•added 2016/09/25 10:59 a.m.•64 views

CVE-2016-4712

CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.

9.3CVSS8.4AI score0.00263EPSS

CVE•added 2016/09/25 11:0 a.m.•64 views

CVE-2016-4772

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.

7.5CVSS7.2AI score0.03175EPSS

CVE•added 2016/09/25 11:0 a.m.•64 views

CVE-2016-4776

7.1CVSS6.8AI score0.00196EPSS

CVE•added 2016/01/12 7:59 p.m.•63 views

CVE-2015-8659

The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.

10CVSS7.2AI score0.02313EPSS

CVE•added 2016/09/25 11:0 a.m.•63 views

CVE-2016-4774

7.1CVSS6.8AI score0.00196EPSS

Total number of security vulnerabilities220