VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2015-7077Dec 11, 2015
    risk 0.03cvss epss 0.01

    The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access) via unspecified vectors.

  • CVE-2015-7047Dec 11, 2015
    risk 0.03cvss epss 0.01

    The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.

  • CVE-2015-7036Nov 22, 2015
    risk 0.03cvss epss 0.39

    The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the…

  • CVE-2015-5889Oct 9, 2015
    risk 0.03cvss epss 0.05

    rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.

  • CVE-2015-3760Aug 16, 2015
    risk 0.03cvss epss 0.02

    dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.

  • CVE-2015-3673Jul 3, 2015
    risk 0.03cvss epss 0.06

    Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility.

  • CVE-2015-3329Jun 9, 2015
    risk 0.03cvss epss 0.38

    Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

  • CVE-2015-3145Apr 24, 2015
    risk 0.03cvss epss 0.38

    The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing…

  • CVE-2015-1100Apr 10, 2015
    risk 0.03cvss epss 0.01

    The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app.

  • CVE-2014-0117Jul 20, 2014
    risk 0.03cvss epss 0.36

    The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.

  • CVE-2014-1322Apr 23, 2014
    risk 0.03cvss epss 0.01

    The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.

  • CVE-2013-6799Nov 18, 2013
    risk 0.03cvss epss 0.01

    Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0105.

  • CVE-2013-1775Mar 5, 2013
    risk 0.03cvss epss 0.03

    sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

  • CVE-2011-1516Nov 15, 2011
    risk 0.03cvss epss 0.04

    The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of…

  • CVE-2011-0182Mar 23, 2011
    risk 0.03cvss epss 0.02

    The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry.

  • CVE-2011-0180Mar 23, 2011
    risk 0.03cvss epss 0.01

    Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call.

  • CVE-2010-0105Apr 27, 2010
    risk 0.03cvss epss 0.01

    The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application…

  • CVE-2009-2820Nov 10, 2009
    risk 0.03cvss epss 0.06

    The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks…

  • CVE-2009-0162May 13, 2009
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.

  • CVE-2009-1238Apr 2, 2009
    risk 0.03cvss epss 0.01

    Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads,…

Page 34 of 105