CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4641 20 Exec Code +Info 2016-07-21 2016-07-27
9.3
None Remote Medium Not required Complete Complete Complete
Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion."
2 CVE-2016-4640 119 DoS Exec Code Overflow Mem. Corr. +Info 2016-07-21 2016-07-27
9.3
None Remote Medium Not required Complete Complete Complete
Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app.
3 CVE-2016-4638 264 +Priv 2016-07-21 2016-07-27
9.3
None Remote Medium Not required Complete Complete Complete
Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion."
4 CVE-2016-4629 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-27
10.0
None Remote Low Not required Complete Complete Complete
ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image.
5 CVE-2016-4621 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-07-27
9.3
None Remote Medium Not required Complete Complete Complete
libc++abi in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
6 CVE-2016-1861 119 DoS Exec Code Overflow Mem. Corr. 2016-06-19 2016-06-22
9.3
None Remote Medium Not required Complete Complete Complete
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.
7 CVE-2016-1846 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-06-22
9.3
None Remote Medium Not required Complete Complete Complete
The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app.
8 CVE-2016-1831 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
9 CVE-2016-1829 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-24
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1830.
10 CVE-2016-1828 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1829, and CVE-2016-1830.
11 CVE-2016-1827 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1828, CVE-2016-1829, and CVE-2016-1830.
12 CVE-2016-1826 Exec Code Overflow 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
13 CVE-2016-1825 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
14 CVE-2016-1824 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1823.
15 CVE-2016-1823 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-06-22
9.3
None Remote Medium Not required Complete Complete Complete
The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDReportType enum, which triggers an incorrect cast, a different vulnerability than CVE-2016-1824.
16 CVE-2016-1822 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
IOFireWireFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
17 CVE-2016-1821 DoS Exec Code 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
18 CVE-2016-1820 119 Exec Code Overflow 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
19 CVE-2016-1819 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-06-22
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818.
20 CVE-2016-1818 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1819.
21 CVE-2016-1817 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE-2016-1819.
22 CVE-2016-1816 DoS Exec Code 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
23 CVE-2016-1815 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
24 CVE-2016-1813 DoS Exec Code 2016-05-20 2016-06-22
9.3
None Remote Medium Not required Complete Complete Complete
The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
25 CVE-2016-1812 119 Exec Code Overflow 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
26 CVE-2016-1810 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
The Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
27 CVE-2016-1808 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
28 CVE-2016-1806 284 Exec Code 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
29 CVE-2016-1805 284 Exec Code 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
30 CVE-2016-1804 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
The Multi-Touch subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
31 CVE-2016-1803 DoS Exec Code 2016-05-20 2016-06-23
9.3
None Remote Medium Not required Complete Complete Complete
CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
32 CVE-2016-1800 20 Exec Code 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
33 CVE-2016-1799 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
Audio in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
34 CVE-2016-1797 284 Exec Code Bypass 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app.
35 CVE-2016-1795 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
AppleGraphicsPowerManagement in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
36 CVE-2016-1794 DoS Exec Code 2016-05-20 2016-06-23
9.3
None Remote Medium Not required Complete Complete Complete
The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
37 CVE-2016-1793 DoS Exec Code 2016-05-20 2016-06-23
9.3
None Remote Medium Not required Complete Complete Complete
AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
38 CVE-2016-1792 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-05-20
9.3
None Remote Medium Not required Complete Complete Complete
The AMD subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
39 CVE-2016-1775 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-25
9.3
None Remote Medium Not required Complete Complete Complete
TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
40 CVE-2016-1762 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-07-13
10.0
None Remote Low Not required Complete Complete Complete
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, Safari before 9.1, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
41 CVE-2016-1761 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-24
10.0
None Remote Low Not required Complete Complete Complete
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
42 CVE-2016-1759 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-28
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
43 CVE-2016-1757 362 Exec Code 2016-03-23 2016-03-25
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
44 CVE-2016-1756 DoS Exec Code 2016-03-23 2016-03-25
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
45 CVE-2016-1755 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-24
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.
46 CVE-2016-1754 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-24
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755.
47 CVE-2016-1753 189 Exec Code Overflow 2016-03-23 2016-03-25
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.
48 CVE-2016-1752 20 DoS 2016-03-23 2016-03-24
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.
49 CVE-2016-1750 Exec Code 2016-03-23 2016-03-24
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.
50 CVE-2016-1749 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-03-28
9.3
None Remote Medium Not required Complete Complete Complete
IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Total number of vulnerabilities : 264   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.