OS X

CVEs (235)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-4582	Apple Inc. tvOS	Hig	0.51	7.8	0.00	Jul 22, 2016	The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.
CVE-2016-1850	Apple Inc. Mac Os X	Hig	0.51	7.8	0.01	May 20, 2016	SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
CVE-2016-1834	Debian Debian Linux	Hig	0.51	7.8	0.02	May 20, 2016	Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)…
CVE-2016-1826	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	May 20, 2016	Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2016-1759	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Mar 24, 2016	The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-1756	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Mar 24, 2016	The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2016-1736	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Mar 24, 2016	Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735.
CVE-2016-1733	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Mar 24, 2016	AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-6980	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Jan 11, 2016	Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors.
CVE-2016-4772	Apple Inc. tvOS	Hig	0.49	7.5	0.03	Sep 25, 2016	The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.
CVE-2016-1843	Apple Inc. Mac Os X	Hig	0.49	7.5	0.01	May 20, 2016	The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-1842	Apple Inc. Mac Os X	Hig	0.49	7.5	0.01	May 20, 2016	MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.
CVE-2016-4773	Apple Inc. tvOS	Hig	0.46	7.1	0.00	Sep 25, 2016	The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and…
CVE-2015-7024	Apple Inc. Mac Os X	Med	0.44	6.7	0.00	Jan 11, 2016	Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature.
CVE-2016-4701	Apple Inc. Swift	Med	0.40	6.2	0.00	Sep 25, 2016	Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.
CVE-2016-4771	Apple Inc. iOS	Med	0.36	5.5	0.00	Sep 25, 2016	The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.
CVE-2016-4755	Apple Inc. Mac Os X	Med	0.36	5.5	0.00	Sep 25, 2016	Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2016-1865	Apple Inc. tvOS	Med	0.36	5.5	0.00	Jul 22, 2016	The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
CVE-2016-1836	Debian Debian Linux	Med	0.36	5.5	0.01	May 20, 2016	Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-1833	Debian Debian Linux	Med	0.36	5.5	0.00	May 20, 2016	The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

CVE-2016-4582HigJul 22, 2016
Apple Inc.
tvOS
risk 0.51cvss 7.8epss 0.00
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.
CVE-2016-1850HigMay 20, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.01
SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
CVE-2016-1834HigMay 20, 2016
Debian
Debian Linux
risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)…
CVE-2016-1826HigMay 20, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2016-1759HigMar 24, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-1756HigMar 24, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2016-1736HigMar 24, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735.
CVE-2016-1733HigMar 24, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-6980HigJan 11, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors.
CVE-2016-4772HigSep 25, 2016
Apple Inc.
tvOS
risk 0.49cvss 7.5epss 0.03
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.
CVE-2016-1843HigMay 20, 2016
Apple Inc.
Mac Os X
risk 0.49cvss 7.5epss 0.01
The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-1842HigMay 20, 2016
Apple Inc.
Mac Os X
risk 0.49cvss 7.5epss 0.01
MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.
CVE-2016-4773HigSep 25, 2016
Apple Inc.
tvOS
risk 0.46cvss 7.1epss 0.00
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and…
CVE-2015-7024MedJan 11, 2016
Apple Inc.
Mac Os X
risk 0.44cvss 6.7epss 0.00
Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature.
CVE-2016-4701MedSep 25, 2016
Apple Inc.
Swift
risk 0.40cvss 6.2epss 0.00
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.
CVE-2016-4771MedSep 25, 2016
Apple Inc.
iOS
risk 0.36cvss 5.5epss 0.00
The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.
CVE-2016-4755MedSep 25, 2016
Apple Inc.
Mac Os X
risk 0.36cvss 5.5epss 0.00
Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2016-1865MedJul 22, 2016
Apple Inc.
tvOS
risk 0.36cvss 5.5epss 0.00
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
CVE-2016-1836MedMay 20, 2016
Debian
Debian Linux
risk 0.36cvss 5.5epss 0.01
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-1833MedMay 20, 2016
Debian
Debian Linux
risk 0.36cvss 5.5epss 0.00
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

Page 2 of 12