VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2016-4773HigSep 25, 2016
    risk 0.46cvss 7.1epss 0.01

    The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and…

  • CVE-2016-4639HigJul 22, 2016
    risk 0.46cvss 7.0epss 0.00

    Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors.

  • CVE-2016-1762HigMar 24, 2016
    risk 0.46cvss 8.1epss 0.06

    The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

  • CVE-2016-7585MedApr 2, 2017
    risk 0.44cvss 6.8epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the "EFI" component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter.

  • CVE-2017-2361MedFeb 20, 2017
    risk 0.44cvss 6.1epss 0.17

    An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site.

  • CVE-2016-1840HigMay 20, 2016
    risk 0.44cvss 7.8epss 0.03

    Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory…

  • CVE-2016-1834HigMay 20, 2016
    risk 0.44cvss 7.8epss 0.05

    Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)…

  • CVE-2016-1734MedMar 24, 2016
    risk 0.44cvss 6.8epss 0.01

    AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device.

  • CVE-2015-7024MedJan 11, 2016
    risk 0.44cvss 6.7epss 0.00

    Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature.

  • CVE-2020-8285HigDec 14, 2020
    risk 0.43cvss 7.5epss 0.10

    curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

  • CVE-2016-4708MedSep 25, 2016
    risk 0.43cvss 6.5epss 0.04

    CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.

  • CVE-2017-7158MedDec 27, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Screen Sharing Server" component. It allows attackers to obtain root privileges for reading files by leveraging screen-sharing access.

  • CVE-2017-2418MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Hypervisor" component. It allows guest OS users to obtain sensitive information from the CR8 control register via unspecified vectors.

  • CVE-2016-7627MedFeb 20, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreGraphics" component. It allows attackers to cause a denial of service (NULL pointer dereference and…

  • CVE-2016-7591MedFeb 20, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a…

  • CVE-2016-7580MedFeb 20, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted URL.

  • CVE-2016-4718MedSep 25, 2016
    risk 0.42cvss 6.5epss 0.03

    Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.

  • CVE-2016-4646MedJul 22, 2016
    risk 0.42cvss 6.5epss 0.02

    Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file.

  • CVE-2016-1811MedMay 20, 2016
    risk 0.42cvss 6.5epss 0.02

    ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

  • CVE-2016-1770MedMar 24, 2016
    risk 0.42cvss 6.5epss 0.01

    The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.

Page 22 of 105