The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.
Max CVSS
5.9
EPSS Score
0.14%
Published
2011-06-24
Updated
2024-02-09
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.
Max CVSS
5.9
EPSS Score
0.45%
Published
2016-03-24
Updated
2016-12-03
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle attackers to spoof calls via a "switch caller" notification.
Max CVSS
5.9
EPSS Score
0.10%
Published
2017-02-20
Updated
2017-02-21
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information.
Max CVSS
5.9
EPSS Score
0.21%
Published
2017-02-20
Updated
2019-03-25
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows man-in-the-middle attackers to cause a denial of service (application crash) via vectors related to OCSP responder URLs.
Max CVSS
5.9
EPSS Score
0.69%
Published
2017-02-20
Updated
2018-10-30
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets.
Max CVSS
5.9
EPSS Score
0.18%
Published
2017-04-02
Updated
2019-03-08
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes.
Max CVSS
5.9
EPSS Score
0.18%
Published
2017-05-22
Updated
2017-07-08
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption.
Max CVSS
5.9
EPSS Score
0.30%
Published
2017-12-25
Updated
2019-10-03
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Security" component. It allows remote attackers to spoof certificate validation via crafted name constraints.
Max CVSS
5.9
EPSS Score
0.91%
Published
2018-04-03
Updated
2018-05-04
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature.
Max CVSS
5.9
EPSS Score
0.15%
Published
2018-04-03
Updated
2020-08-24
An injection issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.
Max CVSS
5.9
EPSS Score
0.08%
Published
2019-04-03
Updated
2019-04-04
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface.
Max CVSS
5.9
EPSS Score
0.22%
Published
2018-04-03
Updated
2019-10-03
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" component. It allows man-in-the-middle attackers to spoof a password prompt.
Max CVSS
5.9
EPSS Score
0.16%
Published
2018-06-08
Updated
2019-10-03
A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. A remote attacker may be able to cause a denial of service.
Max CVSS
5.9
EPSS Score
0.95%
Published
2021-09-08
Updated
2023-01-09
An attacker in a privileged network position may be able to misrepresent application state. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A logic issue was addressed with improved state management.
Max CVSS
5.9
EPSS Score
0.12%
Published
2021-09-08
Updated
2021-09-17
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to perform denial of service.
Max CVSS
5.9
EPSS Score
0.12%
Published
2021-09-08
Updated
2021-09-16
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information.
Max CVSS
5.9
EPSS Score
0.14%
Published
2021-09-08
Updated
2021-09-22
A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A remote attacker may be able to cause unexpected application termination or heap corruption.
Max CVSS
5.9
EPSS Score
0.49%
Published
2021-08-24
Updated
2021-12-30
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information.
Max CVSS
5.9
EPSS Score
0.15%
Published
2022-09-23
Updated
2022-11-02
Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.
Max CVSS
5.8
EPSS Score
4.24%
Published
2007-08-03
Updated
2017-07-29
Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL.
Max CVSS
5.8
EPSS Score
2.45%
Published
2008-03-18
Updated
2017-08-08
Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.
Max CVSS
5.8
EPSS Score
9.48%
Published
2008-03-18
Updated
2017-08-08
Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic."
Max CVSS
5.8
EPSS Score
0.23%
Published
2008-03-18
Updated
2017-08-08
Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.
Max CVSS
5.8
EPSS Score
0.43%
Published
2008-03-18
Updated
2017-08-08
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Max CVSS
5.8
EPSS Score
0.32%
Published
2009-08-21
Updated
2020-05-22
540 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!