OS X

CVEs (545)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-1735	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Mar 24, 2016	Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1736.
CVE-2016-1733	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Mar 24, 2016	AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-1722	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Feb 1, 2016	syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-1717	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Feb 1, 2016	The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-1716	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Feb 1, 2016	AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2015-6980	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Jan 11, 2016	Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors.
CVE-2014-1266	Apple Inc. Mac Os X	Hig	0.50	7.4	0.20	Feb 22, 2014	The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check…
CVE-2016-4772	Apple Inc. tvOS	Hig	0.49	7.5	0.03	Sep 25, 2016	The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.
CVE-2016-4711	Apple Inc. Mac Os X	Hig	0.49	7.5	0.00	Sep 25, 2016	CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output.
CVE-2016-1853	Apple Inc. Mac Os X	Hig	0.49	7.5	0.01	May 20, 2016	Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support.
CVE-2016-1843	Apple Inc. Mac Os X	Hig	0.49	7.5	0.01	May 20, 2016	The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-1842	Apple Inc. Mac Os X	Hig	0.49	7.5	0.01	May 20, 2016	MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.
CVE-2016-1809	Apple Inc. Mac Os X	Hig	0.49	7.5	0.00	May 20, 2016	Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has unspecified impact and attack vectors.
CVE-2016-1801	Apple Inc. Mac Os X	Hig	0.49	7.5	0.08	May 20, 2016	The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-4641	Apple Inc. Mac Os X	Hig	0.47	7.3	0.00	Jul 22, 2016	Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion."
CVE-2016-1729	Apple Inc. Mac Os X	Hig	0.47	7.3	0.00	Feb 1, 2016	Untrusted search path vulnerability in OSA Scripts in Apple OS X before 10.11.3 allows attackers to load arbitrary script libraries via a quarantined application.
CVE-2016-1718	Apple Inc. Mac Os X	Hig	0.47	7.3	0.00	Feb 1, 2016	The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-4776	Apple Inc. tvOS	Hig	0.46	7.1	0.00	Sep 25, 2016	The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and…
CVE-2016-4774	Apple Inc. tvOS	Hig	0.46	7.1	0.00	Sep 25, 2016	The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and…
CVE-2016-4773	Apple Inc. tvOS	Hig	0.46	7.1	0.00	Sep 25, 2016	The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and…

CVE-2016-1735HigMar 24, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1736.
CVE-2016-1733HigMar 24, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-1722HigFeb 1, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-1717HigFeb 1, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-1716HigFeb 1, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2015-6980HigJan 11, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors.
CVE-2014-1266HigFeb 22, 2014
Apple Inc.
Mac Os X
risk 0.50cvss 7.4epss 0.20
The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check…
CVE-2016-4772HigSep 25, 2016
Apple Inc.
tvOS
risk 0.49cvss 7.5epss 0.03
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.
CVE-2016-4711HigSep 25, 2016
Apple Inc.
Mac Os X
risk 0.49cvss 7.5epss 0.00
CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output.
CVE-2016-1853HigMay 20, 2016
Apple Inc.
Mac Os X
risk 0.49cvss 7.5epss 0.01
Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support.
CVE-2016-1843HigMay 20, 2016
Apple Inc.
Mac Os X
risk 0.49cvss 7.5epss 0.01
The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-1842HigMay 20, 2016
Apple Inc.
Mac Os X
risk 0.49cvss 7.5epss 0.01
MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.
CVE-2016-1809HigMay 20, 2016
Apple Inc.
Mac Os X
risk 0.49cvss 7.5epss 0.00
Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has unspecified impact and attack vectors.
CVE-2016-1801HigMay 20, 2016
Apple Inc.
Mac Os X
risk 0.49cvss 7.5epss 0.08
The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-4641HigJul 22, 2016
Apple Inc.
Mac Os X
risk 0.47cvss 7.3epss 0.00
Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion."
CVE-2016-1729HigFeb 1, 2016
Apple Inc.
Mac Os X
risk 0.47cvss 7.3epss 0.00
Untrusted search path vulnerability in OSA Scripts in Apple OS X before 10.11.3 allows attackers to load arbitrary script libraries via a quarantined application.
CVE-2016-1718HigFeb 1, 2016
Apple Inc.
Mac Os X
risk 0.47cvss 7.3epss 0.00
The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-4776HigSep 25, 2016
Apple Inc.
tvOS
risk 0.46cvss 7.1epss 0.00
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and…
CVE-2016-4774HigSep 25, 2016
Apple Inc.
tvOS
risk 0.46cvss 7.1epss 0.00
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and…
CVE-2016-4773HigSep 25, 2016
Apple Inc.
tvOS
risk 0.46cvss 7.1epss 0.00
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and…

Page 6 of 28