CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-5131 416 DoS 2016-07-23 2016-09-30
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
2 CVE-2016-4779 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-27
6.8
None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
3 CVE-2016-4778 264 DoS Exec Code Mem. Corr. 2016-09-25 2016-09-27
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
4 CVE-2016-4777 264 DoS Exec Code 2016-09-25 2016-09-27
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.
5 CVE-2016-4776 125 DoS +Info 2016-09-25 2016-09-27
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774.
6 CVE-2016-4775 119 DoS Overflow +Priv Mem. Corr. 2016-09-25 2016-09-27
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
7 CVE-2016-4774 125 DoS +Info 2016-09-25 2016-09-27
5.8
None Remote Medium Not required Partial None Partial
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776.
8 CVE-2016-4773 125 DoS +Info 2016-09-25 2016-09-27
5.8
None Remote Medium Not required Partial None Partial
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776.
9 CVE-2016-4772 399 DoS 2016-09-25 2016-09-27
5.0
None Remote Low Not required None None Partial
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.
10 CVE-2016-4771 200 Bypass +Info 2016-09-25 2016-09-27
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.
11 CVE-2016-4755 200 +Info 2016-09-25 2016-09-27
2.1
None Local Low Not required Partial None None
Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors.
12 CVE-2016-4753 20 Exec Code 2016-09-25 2016-09-27
9.3
None Remote Medium Not required Complete Complete Complete
Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
13 CVE-2016-4752 200 +Info 2016-09-25 2016-09-27
4.3
None Remote Medium Not required Partial None None
The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation.
14 CVE-2016-4750 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-27
9.3
None Remote Medium Not required Complete Complete Complete
S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
15 CVE-2016-4748 254 Bypass 2016-09-25 2016-09-26
4.6
None Local Low Not required Partial Partial Partial
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable.
16 CVE-2016-4745 200 +Info 2016-09-25 2016-09-27
5.0
None Remote Low Not required Partial None None
The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack.
17 CVE-2016-4742 200 +Info 2016-09-25 2016-09-26
4.3
None Remote Medium Not required Partial None None
NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app.
18 CVE-2016-4739 200 +Info 2016-09-25 2016-09-26
4.3
None Remote Medium Not required Partial None None
mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface.
19 CVE-2016-4738 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-27
9.3
None Remote Medium Not required Complete Complete Complete
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
20 CVE-2016-4736 119 DoS Overflow Mem. Corr. 2016-09-25 2016-09-27
9.3
None Remote Medium Not required Complete Complete Complete
libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file.
21 CVE-2016-4727 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-26
9.3
None Remote Medium Not required Complete Complete Complete
IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
22 CVE-2016-4726 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-26
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
23 CVE-2016-4725 119 DoS Overflow Mem. Corr. +Info 2016-09-25 2016-09-27
5.8
None Remote Medium Not required Partial None Partial
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site.
24 CVE-2016-4724 476 DoS Exec Code 2016-09-25 2016-09-26
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
25 CVE-2016-4723 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-26
9.3
None Remote Medium Not required Complete Complete Complete
Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
26 CVE-2016-4722 20 +Info 2016-09-25 2016-09-26
4.3
None Remote Medium Not required Partial None None
The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and obtain sensitive information via unspecified vectors.
27 CVE-2016-4718 119 Overflow +Info 2016-09-25 2016-09-26
4.3
None Remote Medium Not required Partial None None
Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.
28 CVE-2016-4717 DoS 2016-09-25 2016-09-26
5.0
None Remote Low Not required None None Partial
The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app.
29 CVE-2016-4716 264 +Priv 2016-09-25 2016-09-26
7.2
None Local Low Not required Complete Complete Complete
diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors.
30 CVE-2016-4715 200 +Info 2016-09-25 2016-09-27
4.3
None Remote Medium Not required Partial None None
The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app.
31 CVE-2016-4713 264 2016-09-25 2016-09-26
4.3
None Remote Medium Not required Partial None None
CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access.
32 CVE-2016-4712 787 DoS Exec Code 2016-09-25 2016-09-26
9.3
None Remote Medium Not required Complete Complete Complete
CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
33 CVE-2016-4711 20 2016-09-25 2016-09-26
5.0
None Remote Low Not required Partial None None
CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output.
34 CVE-2016-4710 704 2016-09-25 2016-09-26
7.2
None Local Low Not required Complete Complete Complete
WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709.
35 CVE-2016-4709 704 2016-09-25 2016-09-26
7.2
None Local Low Not required Complete Complete Complete
WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710.
36 CVE-2016-4708 200 +Info 2016-09-25 2016-09-26
4.3
None Remote Medium Not required Partial None None
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.
37 CVE-2016-4707 19 2016-09-25 2016-09-26
2.1
None Local Low Not required None None Partial
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
38 CVE-2016-4706 20 DoS 2016-09-25 2016-09-26
4.9
None Local Low Not required None None Complete
cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors.
39 CVE-2016-4703 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-26
9.3
None Remote Medium Not required Complete Complete Complete
Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
40 CVE-2016-4702 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-27
10.0
None Remote Low Not required Complete Complete Complete
Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
41 CVE-2016-4701 20 DoS 2016-09-25 2016-09-26
2.1
None Local Low Not required None None Partial
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.
42 CVE-2016-4700 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-26
9.3
None Remote Medium Not required Complete Complete Complete
AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699.
43 CVE-2016-4699 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-26
9.3
None Remote Medium Not required Complete Complete Complete
AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700.
44 CVE-2016-4698 20 Exec Code 2016-09-25 2016-09-27
9.3
None Remote Medium Not required Complete Complete Complete
AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
45 CVE-2016-4697 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-26
9.3
None Remote Medium Not required Complete Complete Complete
Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
46 CVE-2016-4696 476 DoS Exec Code 2016-09-25 2016-09-26
9.3
None Remote Medium Not required Complete Complete Complete
AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
47 CVE-2016-4694 284 2016-09-25 2016-09-26
7.5
None Remote Low Not required Partial Partial Partial
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue, a related issue to CVE-2016-5387.
48 CVE-2016-4658 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-26
10.0
None Remote Low Not required Complete Complete Complete
libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
49 CVE-2016-4653 119 DoS Overflow +Priv Mem. Corr. 2016-07-21 2016-07-28
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.
50 CVE-2016-4652 125 DoS +Priv +Info 2016-07-21 2016-07-27
3.3
None Local Medium Not required Partial None Partial
CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors.
Total number of vulnerabilities : 1662   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.