CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   

Apple » Mac Os X : Security Vulnerabilities (CVSS score between 1 and 1.99)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-30731 2021-09-08 2021-09-22
1.9
 None Local Medium Not required Partial None None
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina. An unprivileged application may be able to capture USB devices.
2 CVE-2020-9969 2020-12-08 2023-01-09
1.9
 None Local Medium Not required Partial None None
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A local user may be able to view senstive user information.
3 CVE-2019-8757 362 2019-12-18 2019-12-26
1.9
 None Local Medium Not required None Partial None
A race condition existed when reading and writing user preferences. This was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15. The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics.
4 CVE-2016-1807 362 +Info 2016-05-20 2019-03-25
1.9
 None Local Medium Not required Partial None None
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.
5 CVE-2015-6563 20 2015-08-24 2022-12-13
1.9
 None Local Medium Not required None Partial None
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
6 CVE-2015-3785 Bypass 2015-10-09 2016-12-08
1.9
 None Local Medium Not required None Partial None
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.
7 CVE-2015-1146 310 Bypass 2015-04-10 2019-01-31
1.9
 None Local Medium Not required None Partial None
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145.
8 CVE-2015-1145 310 Bypass 2015-04-10 2019-01-31
1.9
 None Local Medium Not required None Partial None
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146.
9 CVE-2015-1096 200 +Info 2015-04-10 2019-03-08
1.9
 None Local Medium Not required Partial None None
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
10 CVE-2014-4421 +Info 2014-09-18 2019-03-08
1.9
 None Local Medium Not required Partial None None
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420.
11 CVE-2014-4420 +Info 2014-09-18 2019-03-08
1.9
 None Local Medium Not required Partial None None
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421.
12 CVE-2014-4419 +Info 2014-09-18 2019-03-08
1.9
 None Local Medium Not required Partial None None
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421.
13 CVE-2014-4371 665 +Info 2014-09-18 2019-11-07
1.9
 None Local Medium Not required Partial None None
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.
14 CVE-2013-5187 264 +Info 2013-10-24 2013-10-24
1.9
 None Local Medium Not required Partial None None
The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.
15 CVE-2013-5169 264 +Info 2013-10-24 2013-10-25
1.9
 None Local Medium Not required Partial None None
CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.
16 CVE-2013-0982 200 Bypass +Info 2013-06-05 2013-06-05
1.7
 None Local Low ??? Partial None None
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.
17 CVE-2011-1073 59 2011-03-04 2018-10-09
1.9
 None Local Medium Not required Partial None None
crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files.
18 CVE-2009-0142 362 DoS 2009-02-12 2011-03-08
1.9
 None Local Medium Not required None None Partial
Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic."
19 CVE-2008-2329 200 +Info 2008-09-16 2017-08-08
1.9
 None Local Medium Not required Partial None None
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.
20 CVE-2008-0996 255 2008-03-18 2017-08-08
1.7
 None Local Low ??? Partial None None
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.
21 CVE-2008-0049 264 Exec Code 2008-03-18 2017-08-08
1.9
 None Local Medium Not required None Partial None
AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications.
22 CVE-2008-0038 264 Bypass 2008-02-12 2011-03-08
1.9
 None Local Medium Not required Partial None None
Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application.
23 CVE-2006-0391 Dir. Trav. 2006-03-03 2017-07-20
1.7
 None Local Low ??? None Partial None
Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper.
24 CVE-2006-0386 2006-03-03 2017-07-20
1.7
 None Local Low ??? Partial None None
FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled.
Total number of vulnerabilities : 24   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.