CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-9165 Exec Code 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-8455.
2 CVE-2014-9159 Exec Code Overflow 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-8460.
3 CVE-2014-9158 94 DoS Exec Code Mem. Corr. 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, and CVE-2014-8461.
4 CVE-2014-8461 94 DoS Exec Code Mem. Corr. 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, and CVE-2014-9158.
5 CVE-2014-8460 119 Exec Code Overflow 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-9159.
6 CVE-2014-8459 94 DoS Exec Code Mem. Corr. 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8461, and CVE-2014-9158.
7 CVE-2014-8458 94 DoS Exec Code Mem. Corr. 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
8 CVE-2014-8457 119 Exec Code Overflow 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8460 and CVE-2014-9159.
9 CVE-2014-8456 94 DoS Exec Code Mem. Corr. 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
10 CVE-2014-8455 Exec Code 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-9165.
11 CVE-2014-8454 Exec Code 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8455 and CVE-2014-9165.
12 CVE-2014-8449 189 Exec Code Overflow 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.
13 CVE-2014-8447 94 DoS Exec Code Mem. Corr. 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
14 CVE-2014-8446 DoS Exec Code Mem. Corr. 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
15 CVE-2014-8445 94 DoS Exec Code Mem. Corr. 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
16 CVE-2014-7861 20 DoS Exec Code 2014-10-05 2014-10-10
9.3
None Remote Medium Not required Complete Complete Complete
The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site.
17 CVE-2014-4402 119 Exec Code Overflow 2014-09-19 2014-12-02
9.3
None Remote Medium Not required Complete Complete Complete
An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking on read operations, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
18 CVE-2014-4393 119 DoS Exec Code Overflow 2014-09-19 2014-09-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader.
19 CVE-2014-4390 20 Exec Code 2014-09-19 2014-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
20 CVE-2014-4376 DoS Exec Code 2014-09-19 2014-12-02
10.0
None Remote Low Not required Complete Complete Complete
IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments.
21 CVE-2014-1381 264 DoS Exec Code 2014-07-01 2014-07-24
10.0
None Remote Low Not required Complete Complete Complete
Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted call.
22 CVE-2014-1379 DoS +Priv 2014-07-01 2014-12-02
10.0
None Remote Low Not required Complete Complete Complete
Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application.
23 CVE-2014-1377 Exec Code 2014-07-01 2014-12-02
10.0
None Remote Low Not required Complete Complete Complete
Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application.
24 CVE-2014-1376 264 Exec Code 2014-07-01 2014-12-02
10.0
None Remote Low Not required Complete Complete Complete
Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application.
25 CVE-2014-1373 264 Exec Code 2014-07-01 2014-12-02
10.0
None Remote Low Not required Complete Complete Complete
Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application.
26 CVE-2014-1359 189 Exec Code 2014-07-01 2014-07-24
10.0
None Remote Low Not required Complete Complete Complete
Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
27 CVE-2014-1358 189 Exec Code Overflow 2014-07-01 2014-07-24
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
28 CVE-2014-1357 119 Exec Code Overflow 2014-07-01 2014-07-24
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages.
29 CVE-2014-1356 119 Exec Code Overflow 2014-07-01 2014-07-24
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages.
30 CVE-2014-1318 20 Exec Code 2014-04-23 2014-04-23
10.0
None Remote Low Not required Complete Complete Complete
The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application.
31 CVE-2014-1314 264 Exec Code Bypass 2014-04-23 2014-04-24
10.0
None Remote Low Not required Complete Complete Complete
WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application.
32 CVE-2013-0984 119 DoS Exec Code Overflow 2013-06-05 2013-06-05
9.3
None Remote Medium Not required Complete Complete Complete
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.
33 CVE-2010-1842 119 DoS Exec Code Overflow 2010-11-15 2011-01-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a bidirectional text string with ellipsis truncation.
34 CVE-2010-1841 20 DoS Exec Code Mem. Corr. 2010-11-15 2011-01-12
9.3
None Remote Medium Not required Complete Complete Complete
Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image.
35 CVE-2010-1377 310 Exec Code 2010-06-17 2010-06-18
9.3
None Remote Medium Not required Complete Complete Complete
Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors.
36 CVE-2010-1119 399 DoS Exec Code 2010-03-25 2012-03-30
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.
37 CVE-2010-0512 264 Bypass 2010-03-30 2010-05-21
9.3
None Remote Medium Not required Complete Complete Complete
The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials.
38 CVE-2010-0508 2010-03-30 2010-03-31
10.0
None Remote Low Not required Complete Complete Complete
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.
39 CVE-2010-0055 2010-03-30 2010-03-31
10.0
None Remote Low Not required Complete Complete Complete
xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package.
40 CVE-2010-0037 119 DoS Exec Code Overflow 2010-01-20 2010-01-23
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted DNG image.
41 CVE-2010-0036 119 DoS Exec Code Overflow 2010-01-20 2010-02-05
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file.
42 CVE-2009-2819 399 DoS Exec Code Mem. Corr. 2009-11-10 2009-11-17
9.3
None Remote Medium Not required Complete Complete Complete
AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors.
43 CVE-2009-2193 119 DoS Exec Code Overflow 2009-08-06 2009-08-19
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.
44 CVE-2009-2188 119 DoS Exec Code Overflow 2009-08-06 2009-08-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.
45 CVE-2009-1726 119 DoS Exec Code Overflow 2009-08-06 2010-08-21
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.
46 CVE-2009-1236 119 1 DoS Overflow 2009-04-02 2009-04-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.
47 CVE-2009-0140 399 DoS 2009-02-12 2009-08-19
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4.11 and 10.5.6 allows remote SMB servers to cause a denial of service (memory exhaustion and system shutdown) via a crafted file system name.
48 CVE-2009-0139 189 DoS Exec Code Overflow 2009-02-12 2009-08-19
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows remote SMB servers to cause a denial of service (system shutdown) or execute arbitrary code via a crafted SMB file system that triggers a heap-based buffer overflow.
49 CVE-2009-0138 287 2009-02-12 2009-08-19
10.0
Admin Remote Low Not required Complete Complete Complete
servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration.
50 CVE-2009-0012 119 Exec Code Overflow 2009-02-12 2011-01-06
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via a crafted Unicode string.
Total number of vulnerabilities : 123   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.