AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of service (Cocoa application crash) via a malformed TIFF image that causes the NXSeek to use an incorrect offset, leading to an unhandled exception.
Max CVSS
4.9
EPSS Score
0.04%
Published
2005-05-04
Updated
2008-09-05
The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-01-23
Updated
2018-10-16
URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may allow local users to obtain sensitive information by listing the process.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-04-24
Updated
2011-03-08
Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-12-06
Updated
2017-08-08
The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL.
Max CVSS
4.9
EPSS Score
0.05%
Published
2007-12-15
Updated
2017-08-08
Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file.
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-09-16
Updated
2017-08-08
The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application.
Max CVSS
4.9
EPSS Score
0.05%
Published
2008-12-17
Updated
2011-03-08
Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management."
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-02-13
Updated
2011-03-08
Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-04-02
Updated
2017-09-29
Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue."
Max CVSS
4.9
EPSS Score
0.05%
Published
2009-08-06
Updated
2017-08-17
IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-11-10
Updated
2009-11-17
Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-11-10
Updated
2009-11-17
The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions, related to the fsck_hfs program in the diskdev_cmds component.
Max CVSS
4.9
EPSS Score
0.04%
Published
2010-04-27
Updated
2010-12-10
The webdav_mount function in webdav_vfsops.c in the WebDAV kernel extension (aka webdav_fs.kext) for Mac OS X 10.6 allows local users to cause a denial of service (panic) via a mount request with a large integer in the pa_socket_namelen field.
Max CVSS
4.9
EPSS Score
0.04%
Published
2010-08-02
Updated
2018-10-10
The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2010-11-16
Updated
2010-12-10
Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2010-09-29
Updated
2010-09-30
AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162.
Max CVSS
4.9
EPSS Score
0.08%
Published
2011-03-23
Updated
2011-03-24
The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 allows local users to cause a denial of service (NULL pointer dereference and reboot) via vectors involving socket options.
Max CVSS
4.9
EPSS Score
0.04%
Published
2011-06-24
Updated
2011-10-27
Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log.
Max CVSS
4.9
EPSS Score
0.04%
Published
2012-05-11
Updated
2017-12-05
Login Window in Apple Mac OS X before 10.8.3 does not prevent application launching with the VoiceOver feature, which allows physically proximate attackers to bypass authentication and make arbitrary System Preferences changes via unspecified use of the keyboard.
Max CVSS
4.9
EPSS Score
0.05%
Published
2013-03-15
Updated
2013-03-18
SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.10%
Published
2013-06-05
Updated
2013-06-05
The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.
Max CVSS
4.9
EPSS Score
0.08%
Published
2013-09-16
Updated
2013-09-18
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-06-05
Updated
2013-10-11
The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-10-24
Updated
2013-10-24
Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-10-24
Updated
2013-10-24
277 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!