CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-1381 264 DoS Exec Code 2014-07-01 2014-07-17
10.0
None Remote Low Not required Complete Complete Complete
Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted call.
2 CVE-2014-1379 DoS +Priv 2014-07-01 2014-07-17
10.0
None Remote Low Not required Complete Complete Complete
Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application.
3 CVE-2014-1377 Exec Code 2014-07-01 2014-07-17
10.0
None Remote Low Not required Complete Complete Complete
Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application.
4 CVE-2014-1376 264 Exec Code 2014-07-01 2014-07-17
10.0
None Remote Low Not required Complete Complete Complete
Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application.
5 CVE-2014-1373 264 Exec Code 2014-07-01 2014-07-17
10.0
None Remote Low Not required Complete Complete Complete
Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application.
6 CVE-2014-1359 189 Exec Code 2014-07-01 2014-07-17
10.0
None Remote Low Not required Complete Complete Complete
Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
7 CVE-2014-1358 189 Exec Code Overflow 2014-07-01 2014-07-17
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
8 CVE-2014-1357 119 Exec Code Overflow 2014-07-01 2014-07-17
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages.
9 CVE-2014-1356 119 Exec Code Overflow 2014-07-01 2014-07-17
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages.
10 CVE-2014-1318 20 Exec Code 2014-04-23 2014-04-23
10.0
None Remote Low Not required Complete Complete Complete
The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application.
11 CVE-2014-1314 264 Exec Code Bypass 2014-04-23 2014-04-24
10.0
None Remote Low Not required Complete Complete Complete
WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application.
12 CVE-2013-0984 119 DoS Exec Code Overflow 2013-06-05 2013-06-05
9.3
None Remote Medium Not required Complete Complete Complete
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.
13 CVE-2010-1842 119 DoS Exec Code Overflow 2010-11-15 2011-01-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a bidirectional text string with ellipsis truncation.
14 CVE-2010-1841 20 DoS Exec Code Mem. Corr. 2010-11-15 2011-01-12
9.3
None Remote Medium Not required Complete Complete Complete
Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image.
15 CVE-2010-1377 310 Exec Code 2010-06-17 2010-06-18
9.3
None Remote Medium Not required Complete Complete Complete
Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors.
16 CVE-2010-1119 399 DoS Exec Code 2010-03-25 2012-03-30
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.
17 CVE-2010-0512 264 Bypass 2010-03-30 2010-05-21
9.3
None Remote Medium Not required Complete Complete Complete
The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials.
18 CVE-2010-0508 2010-03-30 2010-03-31
10.0
None Remote Low Not required Complete Complete Complete
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.
19 CVE-2010-0055 2010-03-30 2010-03-31
10.0
None Remote Low Not required Complete Complete Complete
xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package.
20 CVE-2010-0037 119 DoS Exec Code Overflow 2010-01-20 2010-01-23
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted DNG image.
21 CVE-2010-0036 119 DoS Exec Code Overflow 2010-01-20 2010-02-05
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file.
22 CVE-2009-2819 399 DoS Exec Code Mem. Corr. 2009-11-10 2009-11-17
9.3
None Remote Medium Not required Complete Complete Complete
AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors.
23 CVE-2009-2193 119 DoS Exec Code Overflow 2009-08-06 2009-08-19
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.
24 CVE-2009-2188 119 DoS Exec Code Overflow 2009-08-06 2009-08-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.
25 CVE-2009-1726 119 DoS Exec Code Overflow 2009-08-06 2010-08-21
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.
26 CVE-2009-1236 119 1 DoS Overflow 2009-04-02 2009-04-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.
27 CVE-2009-0140 399 DoS 2009-02-12 2009-08-19
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4.11 and 10.5.6 allows remote SMB servers to cause a denial of service (memory exhaustion and system shutdown) via a crafted file system name.
28 CVE-2009-0139 189 DoS Exec Code Overflow 2009-02-12 2009-08-19
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows remote SMB servers to cause a denial of service (system shutdown) or execute arbitrary code via a crafted SMB file system that triggers a heap-based buffer overflow.
29 CVE-2009-0138 287 2009-02-12 2009-08-19
10.0
Admin Remote Low Not required Complete Complete Complete
servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration.
30 CVE-2009-0012 119 Exec Code Overflow 2009-02-12 2011-01-06
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via a crafted Unicode string.
31 CVE-2009-0010 189 1 DoS Exec Code Overflow 2009-05-13 2009-06-04
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.
32 CVE-2008-4237 2008-12-16 2009-08-20
10.0
Admin Remote Low Not required Complete Complete Complete
Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting.
33 CVE-2008-4234 264 Exec Code 2008-12-16 2009-02-18
9.3
Admin Remote Medium Not required Complete Complete Complete
Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a "potentially unsafe" warning message.
34 CVE-2008-4221 399 DoS Exec Code Mem. Corr. 2008-12-16 2009-08-20
10.0
Admin Remote Low Not required Complete Complete Complete
The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation.
35 CVE-2008-4220 189 DoS Exec Code Overflow 2008-12-16 2009-08-20
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure.
36 CVE-2008-4217 189 Exec Code Overflow 2008-12-16 2009-02-06
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.
37 CVE-2008-4212 16 Bypass 2008-10-10 2009-02-10
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions.
38 CVE-2008-4211 189 DoS Exec Code 2008-10-10 2011-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
39 CVE-2008-3647 119 DoS Exec Code Overflow 2008-10-10 2009-02-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment.
40 CVE-2008-3642 119 DoS Exec Code Overflow 2008-10-10 2012-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile.
41 CVE-2008-3638 94 2008-09-26 2012-10-29
9.3
Admin Remote Medium Not required Complete Complete Complete
Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs.
42 CVE-2008-3637 94 Exec Code 2008-09-26 2012-10-29
9.3
Admin Remote Medium Not required Complete Complete Complete
The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue."
43 CVE-2008-3621 399 DoS Exec Code Mem. Corr. 2008-09-16 2008-11-15
9.3
None Remote Medium Not required Complete Complete Complete
VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media.
44 CVE-2008-3618 264 2008-09-16 2008-11-15
9.0
None Remote Low Single system Complete Complete Complete
The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files for which sharing was unintended.
45 CVE-2008-3616 189 DoS Exec Code Overflow 2008-09-16 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions.
46 CVE-2008-3608 399 DoS Exec Code Mem. Corr. 2008-09-16 2012-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile.
47 CVE-2008-2332 399 DoS Exec Code Mem. Corr. 2008-09-16 2012-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image.
48 CVE-2008-2305 119 Exec Code Overflow 2008-09-16 2008-11-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."
49 CVE-2008-1577 DoS Exec Code Mem. Corr. 2008-06-02 2011-03-25
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues."
50 CVE-2008-1575 399 Exec Code Mem. Corr. 2008-06-02 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing.
Total number of vulnerabilities : 103   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.