VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2016-1807MedMay 20, 2016
    risk 0.36cvss 5.1epss 0.01

    Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.

  • CVE-2016-1802MedMay 20, 2016
    risk 0.36cvss 5.5epss 0.01

    CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.

  • CVE-2016-1752MedMar 24, 2016
    risk 0.36cvss 5.5epss 0.01

    The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.

  • CVE-2016-1745MedMar 24, 2016
    risk 0.36cvss 5.5epss 0.00

    IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

  • CVE-2016-1732MedMar 24, 2016
    risk 0.36cvss 5.5epss 0.00

    AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.

  • CVE-2014-4373MedSep 18, 2014
    risk 0.36cvss 5.5epss 0.01

    The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.

  • CVE-2009-0141MedFeb 13, 2009
    risk 0.36cvss 5.5epss 0.00

    XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user.

  • CVE-2017-7141MedOct 23, 2017
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail…

  • CVE-2017-7078MedOct 23, 2017
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the "Mail Drafts" component. It allows remote attackers to obtain sensitive information by reading unintended cleartext transmissions.

  • CVE-2016-4745MedSep 25, 2016
    risk 0.35cvss 5.3epss 0.02

    The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack.

  • CVE-2016-4713MedSep 25, 2016
    risk 0.35cvss 5.3epss 0.01

    CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access.

  • CVE-2016-4635MedJul 22, 2016
    risk 0.35cvss 5.3epss 0.01

    FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors.

  • CVE-2016-1844MedMay 20, 2016
    risk 0.35cvss 5.3epss 0.02

    The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors.

  • CVE-2015-6563MedAug 24, 2015
    risk 0.35cvss 6.4epss 0.00

    The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the…

  • CVE-2015-4000LowMay 21, 2015
    risk 0.35cvss 3.7epss 1.00

    The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by…

  • CVE-2016-4748MedSep 25, 2016
    risk 0.34cvss 5.3epss 0.00

    Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable.

  • CVE-2014-3566LowOct 15, 2014
    risk 0.33cvss 3.4epss 1.00

    The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

  • CVE-2017-7083MedOct 23, 2017
    risk 0.32cvss 4.9epss 0.02

    An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "CFNetwork Proxies" component. It allows remote attackers to cause a denial of service.

  • CVE-2016-1839MedMay 20, 2016
    risk 0.32cvss 5.5epss 0.07

    The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

  • CVE-2016-1838MedMay 20, 2016
    risk 0.32cvss 5.5epss 0.07

    The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML…

Page 27 of 105