VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2017-13786MedNov 13, 2017
    risk 0.30cvss 4.6epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It does not properly restrict the DMA mapping time of FileVault decryption buffers, which allows attackers to read cleartext APFS data via a crafted…

  • CVE-2016-4595MedJul 22, 2016
    risk 0.30cvss 4.6epss 0.00

    Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure.

  • CVE-2016-1851MedMay 20, 2016
    risk 0.30cvss 4.6epss 0.00

    The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors.

  • CVE-2016-1837MedMay 20, 2016
    risk 0.29cvss 5.5epss 0.04

    Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial…

  • CVE-2016-1836MedMay 20, 2016
    risk 0.29cvss 5.5epss 0.04

    Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

  • CVE-2016-1833MedMay 20, 2016
    risk 0.29cvss 5.5epss 0.03

    The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

  • CVE-1999-0524MedAug 1, 1997
    risk 0.29cvss 4.0epss 0.32

    ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

  • CVE-2021-22925MedAug 5, 2021
    risk 0.28cvss 5.3epss 0.05

    curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized…

  • CVE-2016-1764MedMar 24, 2016
    risk 0.28cvss 4.3epss 0.03

    The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.

  • CVE-2015-7116MedJan 10, 2016
    risk 0.28cvss 4.3epss 0.02

    libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115.

  • CVE-2015-7115MedJan 10, 2016
    risk 0.28cvss 4.3epss 0.02

    libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116.

  • CVE-2016-4707MedSep 25, 2016
    risk 0.26cvss 4.0epss 0.00

    CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.

  • CVE-2020-8284LowDec 14, 2020
    risk 0.24cvss 3.7epss 0.04

    A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port…

  • CVE-2017-7084LowOct 23, 2017
    risk 0.24cvss 3.7epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Application Firewall" component. It allows remote attackers to bypass intended settings in opportunistic circumstances by leveraging incorrect handling of a denied setting…

  • CVE-2016-7577LowFeb 20, 2017
    risk 0.24cvss 3.7epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended.

  • CVE-2017-13852LowNov 13, 2017
    risk 0.22cvss 3.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted…

  • CVE-2017-2426LowApr 2, 2017
    risk 0.22cvss 3.3epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "iBooks" component. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file.

  • CVE-2017-2357LowFeb 20, 2017
    risk 0.22cvss 3.3epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "IOAudioFamily" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

  • CVE-2016-7657LowFeb 20, 2017
    risk 0.22cvss 3.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.

  • CVE-2016-4717LowSep 25, 2016
    risk 0.22cvss 3.3epss 0.01

    The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app.

Page 28 of 105