cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*
An authentication issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5. A user may be unexpectedly logged in to another user’s account.
Max CVSS
8.8
EPSS Score
0.14%
Published
2019-12-18
Updated
2022-10-14
A lock handling issue was addressed with improved lock handling. This issue is fixed in macOS Mojave 10.14.4. A Mac may not lock when disconnecting from an external monitor.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-12-18
Updated
2019-12-26
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
Max CVSS
9.8
EPSS Score
1.40%
Published
2017-06-20
Updated
2021-06-06
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue, a related issue to CVE-2016-5387.
Max CVSS
9.1
EPSS Score
0.57%
Published
2016-09-25
Updated
2017-07-30
The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors.
Max CVSS
5.3
EPSS Score
0.27%
Published
2016-05-20
Updated
2016-12-01
MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.
Max CVSS
7.5
EPSS Score
0.47%
Published
2016-05-20
Updated
2016-12-01
Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
9.3
EPSS Score
0.24%
Published
2016-05-20
Updated
2016-12-01
CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
9.3
EPSS Score
0.19%
Published
2016-05-20
Updated
2016-12-01
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app.
Max CVSS
9.3
EPSS Score
0.24%
Published
2016-05-20
Updated
2016-12-01
The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.
Max CVSS
6.5
EPSS Score
0.14%
Published
2016-03-24
Updated
2016-12-03
libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack.
Max CVSS
8.8
EPSS Score
0.06%
Published
2015-10-23
Updated
2015-10-26
Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request.
Max CVSS
6.8
EPSS Score
0.62%
Published
2015-10-09
Updated
2016-12-08
The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-09-18
Updated
2016-12-22
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-08-17
Updated
2016-12-24
Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-08-16
Updated
2017-09-21
Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-08-16
Updated
2017-09-21
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges.
Max CVSS
6.8
EPSS Score
0.04%
Published
2015-07-03
Updated
2016-12-06
The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer.
Max CVSS
9.3
EPSS Score
0.31%
Published
2015-07-03
Updated
2017-09-22
The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL.
Max CVSS
5.0
EPSS Score
0.41%
Published
2015-07-03
Updated
2017-09-22
Admin Framework in Apple OS X before 10.10.4 does not properly handle authentication errors, which allows local users to obtain admin privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-07-03
Updated
2017-09-22
Admin Framework in Apple OS X before 10.10.4 does not properly verify XPC entitlements, which allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-07-03
Updated
2017-09-22
SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-01-30
Updated
2017-09-08
LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen.
Max CVSS
2.1
EPSS Score
0.06%
Published
2015-01-30
Updated
2017-09-08
SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login.
Max CVSS
4.4
EPSS Score
0.04%
Published
2014-10-18
Updated
2017-08-29
The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots.
Max CVSS
4.4
EPSS Score
0.19%
Published
2014-10-18
Updated
2017-08-29
32 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!