OS X

CVEs (316)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-1829	Apple Inc. Mac Os X	Hig	0.51	7.8	0.01	May 20, 2016	The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than…
CVE-2016-1826	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	May 20, 2016	Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2016-1820	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	May 20, 2016	Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2016-1797	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	May 20, 2016	Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app.
CVE-2016-1759	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Mar 24, 2016	The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-1756	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Mar 24, 2016	The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2016-1736	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Mar 24, 2016	Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735.
CVE-2016-1735	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Mar 24, 2016	Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1736.
CVE-2016-1733	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Mar 24, 2016	AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-1722	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Feb 1, 2016	syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-1717	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Feb 1, 2016	The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-1716	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Feb 1, 2016	AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2015-6980	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Jan 11, 2016	Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors.
CVE-2016-4772	Apple Inc. tvOS	Hig	0.49	7.5	0.03	Sep 25, 2016	The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.
CVE-2016-4711	Apple Inc. Mac Os X	Hig	0.49	7.5	0.00	Sep 25, 2016	CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output.
CVE-2016-1843	Apple Inc. Mac Os X	Hig	0.49	7.5	0.01	May 20, 2016	The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-1842	Apple Inc. Mac Os X	Hig	0.49	7.5	0.01	May 20, 2016	MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.
CVE-2016-1729	Apple Inc. Mac Os X	Hig	0.47	7.3	0.00	Feb 1, 2016	Untrusted search path vulnerability in OSA Scripts in Apple OS X before 10.11.3 allows attackers to load arbitrary script libraries via a quarantined application.
CVE-2016-1718	Apple Inc. Mac Os X	Hig	0.47	7.3	0.00	Feb 1, 2016	The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-4776	Apple Inc. tvOS	Hig	0.46	7.1	0.00	Sep 25, 2016	The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and…

CVE-2016-1829HigMay 20, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.01
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than…
CVE-2016-1826HigMay 20, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2016-1820HigMay 20, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2016-1797HigMay 20, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app.
CVE-2016-1759HigMar 24, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-1756HigMar 24, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2016-1736HigMar 24, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735.
CVE-2016-1735HigMar 24, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1736.
CVE-2016-1733HigMar 24, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-1722HigFeb 1, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-1717HigFeb 1, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-1716HigFeb 1, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2015-6980HigJan 11, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors.
CVE-2016-4772HigSep 25, 2016
Apple Inc.
tvOS
risk 0.49cvss 7.5epss 0.03
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.
CVE-2016-4711HigSep 25, 2016
Apple Inc.
Mac Os X
risk 0.49cvss 7.5epss 0.00
CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output.
CVE-2016-1843HigMay 20, 2016
Apple Inc.
Mac Os X
risk 0.49cvss 7.5epss 0.01
The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-1842HigMay 20, 2016
Apple Inc.
Mac Os X
risk 0.49cvss 7.5epss 0.01
MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.
CVE-2016-1729HigFeb 1, 2016
Apple Inc.
Mac Os X
risk 0.47cvss 7.3epss 0.00
Untrusted search path vulnerability in OSA Scripts in Apple OS X before 10.11.3 allows attackers to load arbitrary script libraries via a quarantined application.
CVE-2016-1718HigFeb 1, 2016
Apple Inc.
Mac Os X
risk 0.47cvss 7.3epss 0.00
The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-4776HigSep 25, 2016
Apple Inc.
tvOS
risk 0.46cvss 7.1epss 0.00
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and…

Page 3 of 16