OS X

CVEs (545)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-1836	Debian Debian Linux	Med	0.36	5.5	0.01	May 20, 2016	Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-1833	Debian Debian Linux	Med	0.36	5.5	0.00	May 20, 2016	The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-1814	Apple Inc. Mac Os X	Med	0.36	5.5	0.00	May 20, 2016	IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2016-1807	Apple Inc. Mac Os X	Med	0.36	5.1	0.00	May 20, 2016	Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.
CVE-2016-1802	Apple Inc. Mac Os X	Med	0.36	5.5	0.00	May 20, 2016	CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.
CVE-2016-1752	Apple Inc. Mac Os X	Med	0.36	5.5	0.00	Mar 24, 2016	The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.
CVE-2016-1745	Apple Inc. Mac Os X	Med	0.36	5.5	0.00	Mar 24, 2016	IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
CVE-2016-1732	Apple Inc. Mac Os X	Med	0.36	5.5	0.00	Mar 24, 2016	AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2016-1844	Apple Inc. Mac Os X	Med	0.35	5.3	0.01	May 20, 2016	The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors.
CVE-2016-4748	Larry Wall Perl	Med	0.34	5.3	0.00	Sep 25, 2016	Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable.
CVE-2016-4745	Apple Inc. Mac Os X	Med	0.34	5.3	0.00	Sep 25, 2016	The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack.
CVE-2016-4713	Apple Inc. Mac Os X	Med	0.34	5.3	0.00	Sep 25, 2016	CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access.
CVE-2016-1851	Apple Inc. Mac Os X	Med	0.30	4.6	0.00	May 20, 2016	The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors.
CVE-2015-7115	Apple Inc. Mac Os X	Med	0.28	4.3	0.01	Jan 10, 2016	libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116.
CVE-2016-4707	Apple Inc. Mac Os X	Med	0.26	4.0	0.00	Sep 25, 2016	CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
CVE-2016-4739	Apple Inc. OS X	Low	0.24	3.7	0.00	Sep 25, 2016	mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface.
CVE-2016-4717	Apple Inc. Mac Os X	Low	0.21	3.3	0.00	Sep 25, 2016	The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app.
CVE-2016-4715	Apple Inc. Mac Os X	Low	0.21	3.3	0.00	Sep 25, 2016	The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app.
CVE-2016-4645	Apple Inc. Mac Os X	Low	0.21	3.3	0.00	Jul 22, 2016	CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2016-1862	Apple Inc. Mac Os X	Low	0.21	3.3	0.00	Jun 19, 2016	Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860.

CVE-2016-1836MedMay 20, 2016
Debian
Debian Linux
risk 0.36cvss 5.5epss 0.01
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-1833MedMay 20, 2016
Debian
Debian Linux
risk 0.36cvss 5.5epss 0.00
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-1814MedMay 20, 2016
Apple Inc.
Mac Os X
risk 0.36cvss 5.5epss 0.00
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2016-1807MedMay 20, 2016
Apple Inc.
Mac Os X
risk 0.36cvss 5.1epss 0.00
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.
CVE-2016-1802MedMay 20, 2016
Apple Inc.
Mac Os X
risk 0.36cvss 5.5epss 0.00
CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.
CVE-2016-1752MedMar 24, 2016
Apple Inc.
Mac Os X
risk 0.36cvss 5.5epss 0.00
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.
CVE-2016-1745MedMar 24, 2016
Apple Inc.
Mac Os X
risk 0.36cvss 5.5epss 0.00
IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
CVE-2016-1732MedMar 24, 2016
Apple Inc.
Mac Os X
risk 0.36cvss 5.5epss 0.00
AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2016-1844MedMay 20, 2016
Apple Inc.
Mac Os X
risk 0.35cvss 5.3epss 0.01
The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors.
CVE-2016-4748MedSep 25, 2016
Larry Wall
Perl
risk 0.34cvss 5.3epss 0.00
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable.
CVE-2016-4745MedSep 25, 2016
Apple Inc.
Mac Os X
risk 0.34cvss 5.3epss 0.00
The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack.
CVE-2016-4713MedSep 25, 2016
Apple Inc.
Mac Os X
risk 0.34cvss 5.3epss 0.00
CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access.
CVE-2016-1851MedMay 20, 2016
Apple Inc.
Mac Os X
risk 0.30cvss 4.6epss 0.00
The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors.
CVE-2015-7115MedJan 10, 2016
Apple Inc.
Mac Os X
risk 0.28cvss 4.3epss 0.01
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116.
CVE-2016-4707MedSep 25, 2016
Apple Inc.
Mac Os X
risk 0.26cvss 4.0epss 0.00
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
CVE-2016-4739LowSep 25, 2016
Apple Inc.
OS X
risk 0.24cvss 3.7epss 0.00
mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface.
CVE-2016-4717LowSep 25, 2016
Apple Inc.
Mac Os X
risk 0.21cvss 3.3epss 0.00
The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app.
CVE-2016-4715LowSep 25, 2016
Apple Inc.
Mac Os X
risk 0.21cvss 3.3epss 0.00
The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app.
CVE-2016-4645LowJul 22, 2016
Apple Inc.
Mac Os X
risk 0.21cvss 3.3epss 0.00
CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2016-1862LowJun 19, 2016
Apple Inc.
Mac Os X
risk 0.21cvss 3.3epss 0.00
Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860.

Page 8 of 28