Skip to main content

Mac Os X

2034 CVEs product

Monthly

CVE-2014-1379 CRITICAL POC Act Now

Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apple Denial Of Service Mac Os X
NVD
CVSS 2.0
10.0
EPSS
0.5%
CVE-2014-1378 LOW Monitor

IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Mac Os X
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-1377 CRITICAL POC Act Now

Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apple RCE Mac Os X
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2014-1376 CRITICAL POC Act Now

Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apple Privilege Escalation RCE Intel Mac Os X
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2014-1375 LOW Monitor

Intel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Intel Mac Os X
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-1373 CRITICAL POC Act Now

Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apple Privilege Escalation RCE Intel Mac Os X
NVD
CVSS 2.0
10.0
EPSS
1.2%
CVE-2014-1372 MEDIUM POC This Month

Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Privilege Escalation Mac Os X
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-1371 HIGH This Week

Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2014-1370 MEDIUM This Month

The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-1361 MEDIUM This Month

Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X Iphone Os Tvos
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-1359 CRITICAL Act Now

Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple RCE Tvos Iphone Os Mac Os X
NVD
CVSS 2.0
10.0
EPSS
2.4%
CVE-2014-1358 CRITICAL Act Now

Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple RCE Mac Os X Iphone Os Tvos
NVD
CVSS 2.0
10.0
EPSS
3.2%
CVE-2014-1357 CRITICAL Act Now

Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Buffer Overflow RCE Tvos Iphone Os +1
NVD
CVSS 2.0
10.0
EPSS
3.1%
CVE-2014-1356 CRITICAL Act Now

Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Buffer Overflow RCE Mac Os X Iphone Os +1
NVD
CVSS 2.0
10.0
EPSS
3.1%
CVE-2014-1355 MEDIUM This Month

The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Tvos Mac Os X Iphone Os
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-1317 LOW Monitor

iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-7040 MEDIUM This Month

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Python Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-1322 MEDIUM POC This Month

The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure Mac Os X
NVD Exploit-DB VulDB
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-1321 LOW Monitor

Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad. Rated low severity (CVSS 3.3). No vendor patch available.

Apple Privilege Escalation Mac Os X
NVD VulDB
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-1320 MEDIUM This Month

IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X Iphone Os Tvos
NVD VulDB
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-1319 MEDIUM This Month

Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Mac Os X
NVD VulDB
CVSS 2.0
6.8
EPSS
1.2%
CVE-2014-1318 CRITICAL Act Now

The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple RCE Intel Mac Os X
NVD VulDB
CVSS 2.0
10.0
EPSS
1.3%
CVE-2014-1316 MEDIUM This Month

Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Denial Of Service Mac Os X
NVD VulDB
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-1314 CRITICAL Act Now

WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation RCE Mac Os X
NVD VulDB
CVSS 2.0
10.0
EPSS
0.7%
CVE-2014-1315 MEDIUM This Month

Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Mac Os X
NVD VulDB
CVSS 2.0
6.8
EPSS
1.3%
CVE-2014-1296 MEDIUM This Month

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Iphone Os Mac Os X Mac Os X Server +1
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-1295 MEDIUM POC This Month

Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Iphone Os Mac Os X Tvos
NVD VulDB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-7338 HIGH POC PATCH This Week

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Python Mac Os X
NVD VulDB
CVSS 2.0
7.1
EPSS
7.8%
CVE-2013-5704 MEDIUM POC PATCH THREAT This Month

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.7%.

Authentication Bypass Apache Http Server Enterprise Linux Desktop Enterprise Linux Eus +12
NVD VulDB
CVSS 2.0
5.0
EPSS
64.7%
Threat
4.4
CVE-2014-0067 MEDIUM This Month

The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL Mac Os X Mac Os X Server
NVD VulDB
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-0106 MEDIUM PATCH This Month

Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended. Rated medium severity (CVSS 6.6).

Authentication Bypass Mac Os X Sudo
NVD VulDB
CVSS 2.0
6.6
EPSS
0.1%
CVE-2014-2234 MEDIUM POC This Month

A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent (TEA) feature without terminating certain TLS/SSL handshakes as specified in the SSL_CTX_set_verify. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
6.4
EPSS
0.1%
CVE-2014-1912 HIGH POC PATCH THREAT Act Now

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.9%.

Python Buffer Overflow RCE Mac Os X
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
23.9%
CVE-2014-1270 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Safari +3
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2014-1269 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Safari +3
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2014-1268 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Safari +3
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2014-1265 MEDIUM This Month

The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X Mac Os X Server
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-1264 LOW Monitor

Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic. Rated low severity (CVSS 3.3). No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-1263 MEDIUM POC This Month

curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Apple Mac Os X
NVD GitHub
CVSS 2.0
4.3
EPSS
5.8%
CVE-2014-1262 HIGH This Week

Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Apple Mac Os X
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-1261 HIGH This Week

Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple RCE Mac Os X
NVD
CVSS 2.0
7.5
EPSS
1.3%
CVE-2014-1260 MEDIUM This Month

QuickLook in Apple OS X through 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Apple Microsoft RCE +1
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2014-1259 MEDIUM This Month

Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2014-1258 MEDIUM This Month

Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Mac Os X
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2014-1257 LOW Monitor

CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2014-1256 HIGH This Week

Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Apple Mac Os X Mac Os X Server
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-1255 HIGH This Week

Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-1254 MEDIUM This Month

Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Mac Os X
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2014-1266 HIGH POC THREAT Act Now

The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 17.9%.

Information Disclosure Apple Microsoft Iphone Os Mac Os X +1
NVD
CVSS 3.1
7.4
EPSS
17.9%
CVE-2014-1252 HIGH This Week

Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Microsoft RCE Pages +2
NVD
CVSS 2.0
7.5
EPSS
4.1%
CVE-2013-5987 HIGH This Week

Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Authentication Bypass Gpu Driver Mac Os X
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-7127 LOW Monitor

Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Mac Os X
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-6420 HIGH POC PATCH THREAT Act Now

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 40.2%.

Denial Of Service Buffer Overflow PHP OpenSSL RCE +2
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
40.2%
Threat
4.2
CVE-2012-6151 MEDIUM POC THREAT This Month

Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 27.4%.

Denial Of Service Mac Os X Ubuntu Linux Net Snmp
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
27.4%
CVE-2013-6712 MEDIUM PATCH This Month

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.3%.

PHP Buffer Overflow Denial Of Service Mac Os X Opensuse +2
NVD
CVSS 2.0
5.0
EPSS
17.3%
CVE-2013-6799 MEDIUM POC This Month

Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Apple Mac Os X
NVD Exploit-DB
CVSS 2.0
4.7
EPSS
0.6%
CVE-2013-5192 MEDIUM This Month

The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
4.9
EPSS
0.0%
CVE-2013-5191 LOW Monitor

The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-5190 MEDIUM This Month

Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-5189 MEDIUM This Month

Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-5188 MEDIUM This Month

The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically. Rated medium severity (CVSS 4.0). No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2013-5187 LOW Monitor

The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which. Rated low severity (CVSS 1.9). No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-5186 LOW Monitor

Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-5185 MEDIUM This Month

The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2013-5184 MEDIUM This Month

The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash). Rated medium severity (CVSS 5.7). No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
5.7
EPSS
0.2%
CVE-2013-5183 LOW Monitor

Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 2.0
2.6
EPSS
0.3%
CVE-2013-5182 MEDIUM This Month

Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-5181 MEDIUM This Month

The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5180 MEDIUM This Month

The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5179 HIGH This Week

App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-5178 MEDIUM This Month

LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-5177 MEDIUM This Month

The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
4.9
EPSS
0.0%
CVE-2013-5176 MEDIUM This Month

The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
4.9
EPSS
0.0%
CVE-2013-5175 MEDIUM This Month

The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
6.6
EPSS
0.0%
CVE-2013-5174 MEDIUM This Month

Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
4.9
EPSS
0.0%
CVE-2013-5173 LOW Monitor

The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-5172 HIGH This Week

The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
7.1
EPSS
0.3%
CVE-2013-5171 LOW Monitor

CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration. Rated low severity (CVSS 3.3). No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2013-5170 MEDIUM This Month

Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Mac Os X
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2013-5169 LOW Monitor

CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to. Rated low severity (CVSS 1.9). No vendor patch available.

Privilege Escalation Apple Microsoft Mac Os X
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-5168 MEDIUM This Month

Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-5167 MEDIUM This Month

CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-5166 MEDIUM This Month

The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-5165 MEDIUM This Month

socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-5135 HIGH This Week

Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple RCE Apple Remote Desktop Mac Os X
NVD
CVSS 2.0
7.5
EPSS
3.0%
CVE-2013-5163 MEDIUM This Month

Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
6.6
EPSS
0.0%
CVE-2013-1824 MEDIUM PATCH This Month

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

PHP XXE Enterprise Linux Mac Os X
NVD
CVSS 2.0
4.3
EPSS
2.1%
CVE-2013-1033 MEDIUM This Month

Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2013-1032 MEDIUM This Month

QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Apple RCE +2
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2013-1031 LOW PATCH Monitor

Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access. Rated low severity (CVSS 3.3).

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
3.3
EPSS
0.1%
EPSS 0% CVSS 10.0
CRITICAL POC Act Now

Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apple Denial Of Service Mac Os X
NVD
EPSS 0% CVSS 2.1
LOW Monitor

IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Mac Os X
NVD
EPSS 1% CVSS 10.0
CRITICAL POC Act Now

Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apple RCE Mac Os X
NVD
EPSS 1% CVSS 10.0
CRITICAL POC Act Now

Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apple Privilege Escalation RCE +2
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Intel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Intel +1
NVD
EPSS 1% CVSS 10.0
CRITICAL POC Act Now

Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apple Privilege Escalation RCE +2
NVD
EPSS 0% CVSS 4.9
MEDIUM POC This Month

Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Privilege Escalation Mac Os X
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow +3
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

The byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +3
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X +2
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple RCE Tvos +2
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple RCE Mac Os X +2
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Buffer Overflow RCE +3
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Buffer Overflow RCE +3
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Tvos +2
NVD
EPSS 0% CVSS 2.1
LOW Monitor

iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Python Mac Os X
NVD
EPSS 0% CVSS 4.9
MEDIUM POC This Month

The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure Mac Os X
NVD Exploit-DB VulDB
EPSS 0% CVSS 3.3
LOW Monitor

Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad. Rated low severity (CVSS 3.3). No vendor patch available.

Apple Privilege Escalation Mac Os X
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X +2
NVD VulDB
EPSS 1% CVSS 6.8
MEDIUM This Month

Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +2
NVD VulDB
EPSS 1% CVSS 10.0
CRITICAL Act Now

The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple RCE Intel +1
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Denial Of Service Mac Os X
NVD VulDB
EPSS 1% CVSS 10.0
CRITICAL Act Now

WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation RCE +1
NVD VulDB
EPSS 1% CVSS 6.8
MEDIUM This Month

Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple Privilege Escalation Iphone Os +3
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Iphone Os +2
NVD VulDB
EPSS 8% CVSS 7.1
HIGH POC PATCH This Week

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Python Mac Os X
NVD VulDB
EPSS 65% 4.4 CVSS 5.0
MEDIUM POC PATCH THREAT This Month

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.7%.

Authentication Bypass Apache Http Server +14
NVD VulDB
EPSS 0% CVSS 4.6
MEDIUM This Month

The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL Mac Os X +1
NVD VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended. Rated medium severity (CVSS 6.6).

Authentication Bypass Mac Os X Sudo
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM POC This Month

A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent (TEA) feature without terminating certain TLS/SSL handshakes as specified in the SSL_CTX_set_verify. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Apple Authentication Bypass +1
NVD
EPSS 24% CVSS 7.5
HIGH POC PATCH THREAT Act Now

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.9%.

Python Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 1% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple +5
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple +5
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple +5
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic. Rated low severity (CVSS 3.3). No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
EPSS 6% CVSS 4.3
MEDIUM POC This Month

curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Apple Mac Os X
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Apple Mac Os X
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple RCE +1
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

QuickLook in Apple OS X through 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Apple +3
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple +3
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple +2
NVD
EPSS 0% CVSS 3.6
LOW Monitor

CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Apple Mac Os X +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple +2
NVD
EPSS 18% CVSS 7.4
HIGH POC THREAT Act Now

The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 17.9%.

Information Disclosure Apple Microsoft +3
NVD
EPSS 4% CVSS 7.5
HIGH This Week

Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Microsoft +4
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Authentication Bypass Gpu Driver +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Safari +1
NVD
EPSS 40% 4.2 CVSS 7.5
HIGH POC PATCH THREAT Act Now

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 40.2%.

Denial Of Service Buffer Overflow PHP +4
NVD Exploit-DB
EPSS 27% CVSS 4.3
MEDIUM POC THREAT This Month

Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 27.4%.

Denial Of Service Mac Os X Ubuntu Linux +1
NVD Exploit-DB
EPSS 17% CVSS 5.0
MEDIUM PATCH This Month

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.3%.

PHP Buffer Overflow Denial Of Service +4
NVD
EPSS 1% CVSS 4.7
MEDIUM POC This Month

Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Apple +1
NVD Exploit-DB
EPSS 0% CVSS 4.9
MEDIUM This Month

The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Apple +1
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically. Rated medium severity (CVSS 4.0). No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
EPSS 0% CVSS 1.9
LOW Monitor

The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which. Rated low severity (CVSS 1.9). No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash). Rated medium severity (CVSS 5.7). No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
EPSS 0% CVSS 2.6
LOW Monitor

Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
EPSS 0% CVSS 7.5
HIGH This Week

App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
EPSS 0% CVSS 7.1
HIGH This Week

The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
EPSS 0% CVSS 3.3
LOW Monitor

CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration. Rated low severity (CVSS 3.3). No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple +2
NVD
EPSS 0% CVSS 1.9
LOW Monitor

CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to. Rated low severity (CVSS 1.9). No vendor patch available.

Privilege Escalation Apple Microsoft +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Mac Os X
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple RCE Apple Remote Desktop +1
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Mac Os X
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

PHP XXE Enterprise Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption +4
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access. Rated low severity (CVSS 3.3).

Privilege Escalation Apple Mac Os X
NVD
Prev Page 22 of 23 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy