Mac OS X
by Apple Inc.
CVEs (2,090)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4715 | Low | 0.22 | 3.3 | 0.01 | Sep 25, 2016 | The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app. | ||
| CVE-2016-1798 | Low | 0.22 | 3.3 | 0.01 | May 20, 2016 | Audio in Apple OS X before 10.11.5 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. | ||
| CVE-2016-1796 | Low | 0.22 | 3.3 | 0.01 | May 20, 2016 | Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app. | ||
| CVE-2016-1791 | Low | 0.22 | 3.3 | 0.01 | May 20, 2016 | The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | ||
| CVE-2016-1758 | Low | 0.22 | 3.3 | 0.01 | Mar 24, 2016 | The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app. | ||
| CVE-2016-1748 | Low | 0.22 | 3.3 | 0.01 | Mar 24, 2016 | IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | ||
| CVE-2014-4407 | Low | 0.22 | 3.3 | 0.01 | Sep 18, 2014 | IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls. | ||
| CVE-2017-13801 | Low | 0.21 | 3.3 | 0.00 | Nov 13, 2017 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search. | ||
| CVE-2017-7138 | Low | 0.21 | 3.3 | 0.00 | Oct 23, 2017 | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Directory Utility" component. It allows local users to discover the Apple ID of the computer's owner. | ||
| CVE-2016-7714 | Low | 0.21 | 3.3 | 0.00 | Feb 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via… | ||
| CVE-2016-7625 | Low | 0.21 | 3.3 | 0.00 | Feb 20, 2017 | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | ||
| CVE-2016-7624 | Low | 0.21 | 3.3 | 0.00 | Feb 20, 2017 | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | ||
| CVE-2016-7620 | Low | 0.21 | 3.3 | 0.00 | Feb 20, 2017 | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOSurface" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | ||
| CVE-2016-4670 | Low | 0.21 | 3.3 | 0.00 | Feb 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log. | ||
| CVE-2016-4645 | Low | 0.21 | 3.3 | 0.00 | Jul 22, 2016 | CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors. | ||
| CVE-2016-1862 | Low | 0.21 | 3.3 | 0.01 | Jun 19, 2016 | Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860. | ||
| CVE-2016-1860 | Low | 0.21 | 3.3 | 0.01 | Jun 19, 2016 | Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862. | ||
| CVE-2016-1773 | Low | 0.21 | 3.3 | 0.00 | Mar 24, 2016 | The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. | ||
| CVE-2017-7082 | Low | 0.16 | 2.4 | 0.00 | Oct 23, 2017 | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Screen Lock" component. It allows physically proximate attackers to read Application Firewall prompts. | ||
| CVE-2015-0235 | 0.11 | — | 0.95 | Jan 28, 2015 | Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." |
- risk 0.22cvss 3.3epss 0.01
The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app.
- risk 0.22cvss 3.3epss 0.01
Audio in Apple OS X before 10.11.5 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
- risk 0.22cvss 3.3epss 0.01
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app.
- risk 0.22cvss 3.3epss 0.01
The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
- risk 0.22cvss 3.3epss 0.01
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.
- risk 0.22cvss 3.3epss 0.01
IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
- risk 0.22cvss 3.3epss 0.01
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.
- risk 0.21cvss 3.3epss 0.00
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search.
- risk 0.21cvss 3.3epss 0.00
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Directory Utility" component. It allows local users to discover the Apple ID of the computer's owner.
- risk 0.21cvss 3.3epss 0.00
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via…
- risk 0.21cvss 3.3epss 0.00
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
- risk 0.21cvss 3.3epss 0.00
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
- risk 0.21cvss 3.3epss 0.00
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOSurface" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
- risk 0.21cvss 3.3epss 0.00
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log.
- risk 0.21cvss 3.3epss 0.00
CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.
- risk 0.21cvss 3.3epss 0.01
Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860.
- risk 0.21cvss 3.3epss 0.01
Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862.
- risk 0.21cvss 3.3epss 0.00
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
- risk 0.16cvss 2.4epss 0.00
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Screen Lock" component. It allows physically proximate attackers to read Application Firewall prompts.
- CVE-2015-0235Jan 28, 2015risk 0.11cvss —epss 0.95
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
Page 29 of 105