CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-8906 125 2019-02-18 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
2 CVE-2018-20506 190 Exec Code Overflow 2019-04-03 2019-06-19
6.8
None Remote Medium Not required Partial Partial Partial
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
3 CVE-2018-18313 125 2018-12-07 2019-09-06
6.4
None Remote Low Not required Partial None Partial
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
4 CVE-2018-12015 22 Dir. Trav. Bypass 2018-06-07 2019-08-06
6.4
None Remote Low Not required None Partial Partial
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
5 CVE-2018-4435 20 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
6 CVE-2018-4434 125 2019-04-03 2019-04-05
6.6
None Local Low Not required Complete None Complete
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2.
7 CVE-2018-4423 20 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A logic issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.1.
8 CVE-2018-4414 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
9 CVE-2018-4412 119 Overflow Mem. Corr. 2019-04-03 2019-04-08
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
10 CVE-2018-4411 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.
11 CVE-2018-4407 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
6.5
None Remote Low Single system Partial Partial Partial
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
12 CVE-2018-4394 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1.
13 CVE-2018-4371 125 2019-04-03 2019-04-08
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
14 CVE-2018-4354 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
15 CVE-2018-4347 416 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
16 CVE-2018-4341 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
17 CVE-2018-4326 119 Overflow Mem. Corr. 2019-04-03 2019-04-07
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
18 CVE-2018-4303 20 2019-04-03 2019-04-04
6.8
None Remote Medium Not required Partial Partial Partial
An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14, iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
19 CVE-2018-4280 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.
20 CVE-2018-4237 +Priv 2018-06-08 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app that leverages a logic error.
21 CVE-2018-4219 704 +Priv 2018-06-08 2018-07-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "ATS" component. It allows attackers to gain privileges via a crafted app that leverages type confusion.
22 CVE-2018-4211 119 DoS Exec Code Overflow Mem. Corr. 2018-06-08 2018-07-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.
23 CVE-2018-4206 119 DoS Exec Code Overflow Mem. Corr. 2018-06-08 2018-07-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app that replaces a privileged port name.
24 CVE-2018-4175 20 Bypass 2018-04-03 2018-05-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "LaunchServices" component. It allows attackers to bypass the code-signing protection mechanism via a crafted app.
25 CVE-2018-4106 77 2018-04-03 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Bracketed Paste Mode of the "Terminal" component. It allows user-assisted attackers to inject arbitrary commands within pasted content.
26 CVE-2018-4096 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-04-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
27 CVE-2018-4094 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-05-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.
28 CVE-2018-4089 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-04-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
29 CVE-2018-4088 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-04-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
30 CVE-2018-4085 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-04-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "QuartzCore" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
31 CVE-2017-13825 400 DoS Exec Code 2017-11-12 2017-11-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted font file.
32 CVE-2017-13824 119 DoS Exec Code Overflow Mem. Corr. 2017-11-12 2017-11-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Open Scripting Architecture" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted AppleScript file that is mishandled by osadecompile.
33 CVE-2017-13816 119 DoS Exec Code Overflow 2017-11-12 2017-11-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file.
34 CVE-2017-13814 119 DoS Exec Code Overflow Mem. Corr. 2017-11-12 2017-11-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file.
35 CVE-2017-13813 119 DoS Exec Code Overflow 2017-11-12 2017-11-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file.
36 CVE-2017-13812 119 DoS Exec Code Overflow Mem. Corr. 2017-11-12 2017-11-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted archive file.
37 CVE-2017-13809 20 Exec Code 2017-11-12 2017-11-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "AppleScript" component. It allows remote attackers to execute arbitrary code via a crafted AppleScript file that is mishandled by osadecompile.
38 CVE-2017-13807 20 DoS Exec Code 2017-11-12 2017-11-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted QuickTime file.
39 CVE-2017-9788 20 DoS +Info 2017-07-13 2019-08-15
6.4
None Remote Low Not required Partial None Partial
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
40 CVE-2017-7158 119 Overflow 2017-12-27 2017-12-29
6.8
None Remote Low Single system Complete None None
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Screen Sharing Server" component. It allows attackers to obtain root privileges for reading files by leveraging screen-sharing access.
41 CVE-2017-7132 400 DoS Exec Code 2017-11-12 2017-11-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted Office document.
42 CVE-2017-7076 119 DoS Exec Code Overflow Mem. Corr. 2017-10-22 2017-10-26
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file.
43 CVE-2017-7068 119 DoS Exec Code Overflow 2017-07-20 2017-07-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file.
44 CVE-2017-7047 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-08-11
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
45 CVE-2017-7033 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-07-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "afclip" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.
46 CVE-2017-7031 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-07-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file.
47 CVE-2017-7016 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2017-07-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "afclip" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.
48 CVE-2017-7015 119 DoS Overflow Mem. Corr. +Info 2017-07-20 2017-07-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Audio" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted audio file.
49 CVE-2017-7013 125 DoS +Info 2017-07-20 2017-07-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxml2" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file.
50 CVE-2017-7010 125 DoS +Info 2017-07-20 2017-07-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "libxml2" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file.
Total number of vulnerabilities : 478   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.