CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-7067 284 Bypass 2017-07-20 2017-07-24
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
2 CVE-2017-7045 20 Bypass 2017-07-20 2017-07-24
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
3 CVE-2017-7036 125 Bypass 2017-07-20 2017-07-24
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
4 CVE-2017-7029 200 Bypass +Info 2017-07-20 2017-07-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5 CVE-2017-7028 200 Bypass +Info 2017-07-20 2017-07-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
6 CVE-2017-6990 284 Bypass 2017-05-22 2017-07-07
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "HFS" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
7 CVE-2017-6988 295 2017-05-22 2017-07-07
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes.
8 CVE-2017-6987 200 Bypass +Info 2017-05-22 2017-07-07
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
9 CVE-2017-6974 20 2017-04-01 2017-07-11
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows attackers to modify the contents of a protected disk location via a crafted app.
10 CVE-2017-2540 264 Bypass 2017-05-22 2017-07-07
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
11 CVE-2017-2516 284 Bypass 2017-05-22 2017-08-12
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
12 CVE-2017-2509 284 Bypass 2017-05-22 2017-08-12
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
13 CVE-2017-2507 200 Bypass +Info 2017-05-22 2017-07-07
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
14 CVE-2017-2502 284 Bypass 2017-05-22 2017-07-07
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreAudio" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
15 CVE-2017-2489 200 +Info 2017-04-01 2017-08-15
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
16 CVE-2017-2448 200 Bypass +Info 2017-04-01 2017-07-11
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets.
17 CVE-2017-2426 200 +Info 2017-04-01 2017-07-11
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "iBooks" component. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file.
18 CVE-2017-2417 20 DoS 2017-04-01 2017-07-11
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to cause a denial of service (infinite recursion) via a crafted image.
19 CVE-2017-2388 476 DoS 2017-04-01 2017-07-11
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
20 CVE-2017-2361 79 XSS 2017-02-20 2017-07-25
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site.
21 CVE-2017-2357 200 +Info 2017-02-20 2017-07-25
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "IOAudioFamily" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
22 CVE-2016-7657 20 +Info 2017-02-20 2017-07-26
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
23 CVE-2016-7636 20 DoS 2017-02-20 2017-07-26
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows man-in-the-middle attackers to cause a denial of service (application crash) via vectors related to OCSP responder URLs.
24 CVE-2016-7627 476 DoS 2017-02-20 2017-07-26
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreGraphics" component. It allows attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted font.
25 CVE-2016-7615 DoS 2017-02-20 2017-07-26
4.9
None Local Low Not required None None Complete
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows local users to cause a denial of service via unspecified vectors.
26 CVE-2016-7609 476 DoS 2017-02-20 2017-07-26
4.9
None Local Low Not required None None Complete
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
27 CVE-2016-7607 200 +Info 2017-02-20 2017-07-26
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows attackers to obtain sensitive information from kernel memory via a crafted app.
28 CVE-2016-7605 476 DoS 2017-02-20 2017-07-26
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
29 CVE-2016-7604 476 DoS 2017-02-20 2017-07-26
4.9
None Local Low Not required None None Complete
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "CoreCapture" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
30 CVE-2016-7603 476 DoS 2017-02-20 2017-07-26
4.9
None Local Low Not required None None Complete
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "CoreStorage" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
31 CVE-2016-7580 20 DoS 2017-02-20 2017-02-21
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted URL.
32 CVE-2016-7579 254 +Info 2017-02-20 2017-07-28
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information.
33 CVE-2016-7577 200 Mem. Corr. +Info 2017-02-20 2017-02-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended.
34 CVE-2016-4776 125 DoS +Info 2016-09-25 2017-07-29
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774.
35 CVE-2016-4771 200 Bypass +Info 2016-09-25 2017-07-29
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.
36 CVE-2016-4752 200 +Info 2016-09-25 2017-07-29
4.3
None Remote Medium Not required Partial None None
The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation.
37 CVE-2016-4748 254 Bypass 2016-09-25 2017-07-29
4.6
None Local Low Not required Partial Partial Partial
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable.
38 CVE-2016-4742 200 +Info 2016-09-25 2017-07-29
4.3
None Remote Medium Not required Partial None None
NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app.
39 CVE-2016-4739 200 +Info 2016-09-25 2017-07-29
4.3
None Remote Medium Not required Partial None None
mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface.
40 CVE-2016-4721 254 2017-02-20 2017-02-21
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle attackers to spoof calls via a "switch caller" notification.
41 CVE-2016-4718 119 Overflow +Info 2016-09-25 2017-07-29
4.3
None Remote Medium Not required Partial None None
Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.
42 CVE-2016-4715 200 +Info 2016-09-25 2017-07-29
4.3
None Remote Medium Not required Partial None None
The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app.
43 CVE-2016-4713 264 2016-09-25 2017-07-29
4.3
None Remote Medium Not required Partial None None
CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access.
44 CVE-2016-4708 200 +Info 2016-09-25 2017-07-29
4.3
None Remote Medium Not required Partial None None
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.
45 CVE-2016-4706 20 DoS 2016-09-25 2017-07-29
4.9
None Local Low Not required None None Complete
cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors.
46 CVE-2016-4679 59 2017-02-20 2017-07-28
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink.
47 CVE-2016-4678 476 DoS +Priv 2017-02-20 2017-07-28
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "AppleSMC" component. It allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
48 CVE-2016-4674 119 DoS Overflow +Priv Mem. Corr. 2017-02-20 2017-07-28
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.
49 CVE-2016-4663 119 DoS Overflow Mem. Corr. 2017-02-20 2017-07-28
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to cause a denial of service (memory corruption) via a crafted app.
50 CVE-2016-4661 20 DoS 2017-02-20 2017-07-28
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ntfs" component, which misparses disk images and allows attackers to cause a denial of service via a crafted app.
Total number of vulnerabilities : 291   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.