CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4653 119 DoS Overflow +Priv Mem. Corr. 2016-07-21 2016-07-28
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.
2 CVE-2016-4652 125 DoS +Priv +Info 2016-07-21 2016-07-27
3.3
None Local Medium Not required Partial None Partial
CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors.
3 CVE-2016-4649 476 DoS 2016-07-21 2016-07-26
2.1
None Local Low Not required None None Partial
Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
4 CVE-2016-4648 200 DoS +Info 2016-07-21 2016-07-28
4.9
None Local Low Not required Complete None None
Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
5 CVE-2016-4647 119 DoS Overflow +Priv Mem. Corr. 2016-07-21 2016-07-26
7.2
None Local Low Not required Complete Complete Complete
Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file.
6 CVE-2016-4646 200 DoS +Info 2016-07-21 2016-07-27
4.3
None Remote Medium Not required Partial None None
Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file.
7 CVE-2016-4645 200 +Info 2016-07-21 2016-07-27
2.1
None Local Low Not required Partial None None
CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.
8 CVE-2016-4641 20 Exec Code +Info 2016-07-21 2016-07-27
9.3
None Remote Medium Not required Complete Complete Complete
Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion."
9 CVE-2016-4640 119 DoS Exec Code Overflow Mem. Corr. +Info 2016-07-21 2016-07-27
9.3
None Remote Medium Not required Complete Complete Complete
Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app.
10 CVE-2016-4639 DoS 2016-07-21 2016-07-28
4.4
None Local Medium Not required Partial Partial Partial
Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors.
11 CVE-2016-4638 264 +Priv 2016-07-21 2016-07-27
9.3
None Remote Medium Not required Complete Complete Complete
Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion."
12 CVE-2016-4637 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-28
6.8
None Remote Medium Not required Partial Partial Partial
CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.
13 CVE-2016-4635 200 +Info 2016-07-21 2016-07-28
3.5
None Remote Medium Single system Partial None None
FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors.
14 CVE-2016-4634 119 DoS Overflow +Priv Mem. Corr. 2016-07-21 2016-07-27
7.2
None Local Low Not required Complete Complete Complete
The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
15 CVE-2016-4633 264 DoS Exec Code Mem. Corr. 2016-07-21 2016-07-27
6.9
None Local Medium Not required Complete Complete Complete
Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
16 CVE-2016-4632 119 DoS Overflow 2016-07-21 2016-07-28
5.0
None Remote Low Not required None None Partial
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
17 CVE-2016-4631 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-28
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
18 CVE-2016-4630 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-27
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EXR image with B44 compression.
19 CVE-2016-4629 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-27
10.0
None Remote Low Not required Complete Complete Complete
ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image.
20 CVE-2016-4626 476 DoS +Priv 2016-07-21 2016-07-28
7.2
None Local Low Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
21 CVE-2016-4625 416 +Priv 2016-07-21 2016-07-27
7.2
None Local Low Not required Complete Complete Complete
Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors.
22 CVE-2016-4621 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-27
9.3
None Remote Medium Not required Complete Complete Complete
libc++abi in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
23 CVE-2016-4602 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-27
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4600.
24 CVE-2016-4601 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-28
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SGI image.
25 CVE-2016-4600 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4602.
26 CVE-2016-4599 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop document.
27 CVE-2016-4598 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.
28 CVE-2016-4597 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4600, and CVE-2016-4602.
29 CVE-2016-4596 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602.
30 CVE-2016-4595 200 +Info 2016-07-21 2016-07-26
2.1
None Local Low Not required Partial None None
Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure.
31 CVE-2016-4594 20 2016-07-21 2016-07-26
4.6
None Local Low Not required Partial Partial Partial
The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.
32 CVE-2016-4582 119 DoS Overflow +Priv Mem. Corr. 2016-07-21 2016-07-26
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.
33 CVE-2016-4448 2016-06-09 2016-08-23
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
34 CVE-2016-4447 119 DoS Overflow 2016-06-09 2016-08-16
5.0
None Remote Low Not required None None Partial
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
35 CVE-2016-4073 119 DoS Exec Code Overflow 2016-05-20 2016-08-23
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.
36 CVE-2016-4072 20 Exec Code 2016-05-20 2016-08-23
7.5
None Remote Low Not required Partial Partial Partial
The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c.
37 CVE-2016-4071 20 Exec Code 2016-05-20 2016-08-23
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.
38 CVE-2016-3142 119 DoS Overflow +Info 2016-03-31 2016-05-25
6.4
None Remote Low Not required Partial None Partial
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.
39 CVE-2016-3141 119 DoS Overflow Mem. Corr. 2016-03-31 2016-05-25
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.
40 CVE-2016-2105 189 DoS Overflow Mem. Corr. 2016-05-04 2016-08-18
5.0
None Remote Low Not required None None Partial
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
41 CVE-2016-1941 79 XSS 2016-01-31 2016-02-10
4.3
None Remote Medium Not required None Partial None
The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended.
42 CVE-2016-1865 476 DoS 2016-07-21 2016-07-26
4.9
None Local Low Not required None None Complete
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
43 CVE-2016-1863 119 DoS Overflow +Priv Mem. Corr. 2016-07-21 2016-07-26
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.
44 CVE-2016-1862 254 +Info 2016-06-19 2016-06-22
4.3
None Remote Medium Not required Partial None None
Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860.
45 CVE-2016-1861 119 DoS Exec Code Overflow Mem. Corr. 2016-06-19 2016-06-22
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.
46 CVE-2016-1860 254 +Info 2016-06-19 2016-06-22
4.3
None Remote Medium Not required Partial None None
Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862.
47 CVE-2016-1853 200 +Info 2016-05-20 2016-05-23
5.0
None Remote Low Not required Partial None None
Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support.
48 CVE-2016-1851 2016-05-20 2016-05-23
2.1
None Local Low Not required None Partial None
The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors.
49 CVE-2016-1850 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-23
6.8
None Remote Medium Not required Partial Partial Partial
SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
50 CVE-2016-1848 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-23
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
Total number of vulnerabilities : 1605   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.