CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4637 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-28
6.8
None Remote Medium Not required Partial Partial Partial
CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.
2 CVE-2016-4633 264 DoS Exec Code Mem. Corr. 2016-07-21 2016-07-27
6.9
None Local Medium Not required Complete Complete Complete
Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
3 CVE-2016-4631 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-28
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
4 CVE-2016-4630 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-27
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EXR image with B44 compression.
5 CVE-2016-4602 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-27
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4600.
6 CVE-2016-4601 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-28
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SGI image.
7 CVE-2016-4600 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4602.
8 CVE-2016-4599 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop document.
9 CVE-2016-4598 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.
10 CVE-2016-4597 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4600, and CVE-2016-4602.
11 CVE-2016-4596 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-26
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602.
12 CVE-2016-3142 119 DoS Overflow +Info 2016-03-31 2016-05-25
6.4
None Remote Low Not required Partial None Partial
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.
13 CVE-2016-1850 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-23
6.8
None Remote Medium Not required Partial Partial Partial
SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
14 CVE-2016-1848 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-23
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
15 CVE-2016-1847 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-23
6.8
None Remote Medium Not required Partial Partial Partial
OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
16 CVE-2016-1841 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
6.8
None Remote Medium Not required Partial Partial Partial
libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
17 CVE-2016-1840 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-07-27
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
18 CVE-2016-1839 119 DoS Overflow 2016-05-20 2016-07-27
6.8
None Remote Medium Not required Partial Partial Partial
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
19 CVE-2016-1838 119 DoS Overflow 2016-05-20 2016-07-27
6.8
None Remote Medium Not required Partial Partial Partial
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
20 CVE-2016-1837 119 DoS Overflow 2016-05-20 2016-07-27
6.8
None Remote Medium Not required Partial Partial Partial
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.
21 CVE-2016-1836 119 DoS Overflow 2016-05-20 2016-07-27
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.
22 CVE-2016-1835 119 DoS Overflow 2016-05-20 2016-07-27
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
23 CVE-2016-1834 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-07-27
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
24 CVE-2016-1833 119 DoS Overflow 2016-05-20 2016-07-27
6.8
None Remote Medium Not required Partial Partial Partial
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
25 CVE-2016-1769 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-25
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.
26 CVE-2016-1768 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-25
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.
27 CVE-2016-1767 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-25
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.
28 CVE-2016-1737 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-25
6.8
None Remote Medium Not required Partial Partial Partial
Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file.
29 CVE-2016-1718 119 DoS Overflow +Priv Mem. Corr. 2016-02-01 2016-02-08
6.9
None Local Medium Not required Complete Complete Complete
The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
30 CVE-2016-0778 119 DoS Overflow 2016-01-14 2016-04-11
6.5
None Remote Low Single system Partial Partial Partial
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
31 CVE-2015-7987 119 Overflow 2016-06-25 2016-06-27
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.
32 CVE-2015-7942 119 DoS Overflow 2015-11-18 2016-06-09
6.8
None Remote Medium Not required Partial Partial Partial
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
33 CVE-2015-7804 189 DoS 2015-12-11 2015-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.
34 CVE-2015-7803 DoS 2015-12-11 2015-12-18
6.8
None Remote Medium Not required Partial Partial Partial
The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.
35 CVE-2015-7110 119 DoS Overflow +Priv Mem. Corr. 2015-12-11 2015-12-11
6.9
None Local Medium Not required Complete Complete Complete
The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image.
36 CVE-2015-7107 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2015-12-11
6.8
None Remote Medium Not required Partial Partial Partial
QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
37 CVE-2015-7105 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2015-12-11
6.8
None Remote Medium Not required Partial Partial Partial
CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
38 CVE-2015-7075 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2015-12-11
6.8
None Remote Medium Not required Partial Partial Partial
CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.
39 CVE-2015-7074 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2015-12-11
6.8
None Remote Medium Not required Partial Partial Partial
CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.
40 CVE-2015-7073 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2015-12-11
6.8
None Remote Medium Not required Partial Partial Partial
Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SSL handshake.
41 CVE-2015-7066 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2015-12-11
6.8
None Remote Medium Not required Partial Partial Partial
OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-7064.
42 CVE-2015-7065 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2015-12-11
6.8
None Remote Medium Not required Partial Partial Partial
OpenGL in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
43 CVE-2015-7064 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2015-12-11
6.8
None Remote Medium Not required Partial Partial Partial
OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-7066.
44 CVE-2015-7061 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2015-12-11
6.8
None Remote Medium Not required Partial Partial Partial
The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate, a different vulnerability than CVE-2015-7059 and CVE-2015-7060.
45 CVE-2015-7060 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2015-12-11
6.8
None Remote Medium Not required Partial Partial Partial
The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate, a different vulnerability than CVE-2015-7059 and CVE-2015-7061.
46 CVE-2015-7059 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2015-12-11
6.8
None Remote Medium Not required Partial Partial Partial
The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate, a different vulnerability than CVE-2015-7060 and CVE-2015-7061.
47 CVE-2015-7054 19 Exec Code 2015-12-11 2015-12-11
6.8
None Remote Medium Not required Partial Partial Partial
zlib in the Compression component in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not initialize memory for an unspecified data structure, which allows remote attackers to execute arbitrary code via a crafted web site.
48 CVE-2015-7053 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2015-12-11
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.
49 CVE-2015-7039 119 Exec Code Overflow 2015-12-11 2015-12-11
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7038.
50 CVE-2015-7038 119 Exec Code Overflow 2015-12-11 2015-12-11
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7039.
Total number of vulnerabilities : 380   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.