Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact and attack vectors related to "logging when tracing system calls."
Max CVSS
10.0
EPSS Score
0.40%
Published
2004-08-18
Updated
2017-07-11
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges.
Max CVSS
10.0
EPSS Score
0.99%
Published
2006-11-30
Updated
2011-03-08
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
Max CVSS
10.0
EPSS Score
24.54%
Published
2008-05-05
Updated
2024-02-02
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
Max CVSS
10.0
EPSS Score
94.33%
Published
2008-09-12
Updated
2023-02-13
Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure.
Max CVSS
10.0
EPSS Score
0.51%
Published
2008-12-17
Updated
2011-03-08
The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation.
Max CVSS
10.0
EPSS Score
0.35%
Published
2008-12-17
Updated
2011-03-08
Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting.
Max CVSS
10.0
EPSS Score
0.29%
Published
2008-12-17
Updated
2011-03-08
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.
Max CVSS
10.0
EPSS Score
62.12%
Published
2009-04-09
Updated
2024-02-09
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.
Max CVSS
10.0
EPSS Score
8.23%
Published
2009-04-02
Updated
2017-09-29
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.20%
Published
2010-03-30
Updated
2010-03-31
WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application.
Max CVSS
10.0
EPSS Score
0.15%
Published
2014-04-23
Updated
2014-04-24
The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application.
Max CVSS
10.0
EPSS Score
0.18%
Published
2014-04-23
Updated
2014-04-23
Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application.
Max CVSS
10.0
EPSS Score
0.45%
Published
2014-07-01
Updated
2015-11-20
Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application.
Max CVSS
10.0
EPSS Score
0.45%
Published
2014-07-01
Updated
2015-11-20
Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application.
Max CVSS
10.0
EPSS Score
0.55%
Published
2014-07-01
Updated
2015-11-20
Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application.
Max CVSS
10.0
EPSS Score
0.30%
Published
2014-07-01
Updated
2015-11-20
IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.
Max CVSS
10.0
EPSS Score
0.80%
Published
2015-01-30
Updated
2019-03-08
Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
10.0
EPSS Score
1.51%
Published
2015-01-30
Updated
2019-03-08
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
10.0
EPSS Score
2.08%
Published
2015-01-30
Updated
2019-03-08
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
Max CVSS
10.0
EPSS Score
2.08%
Published
2015-01-30
Updated
2019-03-08
The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.
Max CVSS
10.0
EPSS Score
2.19%
Published
2015-01-30
Updated
2019-03-08
Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app.
Max CVSS
10.0
EPSS Score
0.57%
Published
2015-01-30
Updated
2015-11-30
coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command.
Max CVSS
10.0
EPSS Score
1.08%
Published
2015-01-30
Updated
2017-09-08
IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method.
Max CVSS
10.0
EPSS Score
0.61%
Published
2015-01-30
Updated
2017-09-08
The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
10.0
EPSS Score
0.61%
Published
2015-01-30
Updated
2017-09-08