Apple - Mac Os X CVE

Filtered by vendor Apple

Filtered by product Mac Os X

Total 5568 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2016-7875	5 Adobe, Apple, Google and 2 more	8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more	2025-04-12	6.8 MEDIUM	8.8 HIGH
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.
CVE-2015-8062	5 Adobe, Apple, Google and 2 more	9 Air, Air Sdk, Air Sdk \& Compiler and 6 more	2025-04-12	10.0 HIGH	N/A
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061 ... Show More
CVE-2015-5888	1 Apple	1 Mac Os X	2025-04-12	7.2 HIGH	N/A
The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file.
CVE-2015-7020	1 Apple	1 Mac Os X	2025-04-12	5.6 MEDIUM	N/A
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7019.
CVE-2015-3772	1 Apple	1 Mac Os X	2025-04-12	7.2 HIGH	N/A
IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3771.
CVE-2014-0583	4 Adobe, Apple, Linux and 1 more	7 Air, Air Sdk, Air Sdk \& Compiler and 4 more	2025-04-12	7.5 HIGH	N/A
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to complete a transition from Low Integrity to Medium Integrity via unspecified vectors.
CVE-2014-0876	3 Apple, Ibm, Microsoft	3 Mac Os X, Tivoli Storage Manager, Windows	2025-04-12	2.1 LOW	N/A
Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x before 6.4.2 on Windows and OS X allows local users to cause a denial of service (application crash or hang) via unspecified vectors.
CVE-2015-5936	1 Apple	3 Iphone Os, Mac Os X, Watchos	2025-04-12	6.8 MEDIUM	N/A
ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5937, and CVE-2015-5939.
CVE-2015-3070	3 Adobe, Apple, Microsoft	4 Acrobat, Acrobat Reader, Mac Os X and 1 more	2025-04-12	10.0 HIGH	N/A
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3057, and CVE-2015-3076.
CVE-2016-4230	5 Adobe, Apple, Google and 2 more	8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more	2025-04-12	9.3 HIGH	8.8 HIGH
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4231, and CVE-2016-4248.
CVE-2016-1067	3 Adobe, Apple, Microsoft	6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more	2025-04-12	10.0 HIGH	9.8 CRITICAL
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE- ... Show More
CVE-2015-7046	1 Apple	4 Iphone Os, Mac Os X, Tvos and 1 more	2025-04-12	2.6 LOW	N/A
The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges.
CVE-2015-3102	5 Adobe, Apple, Google and 2 more	8 Air, Air Sdk, Air Sdk \& Compiler and 5 more	2025-04-12	5.0 MEDIUM	N/A
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 ... Show More
CVE-2015-0326	4 Adobe, Apple, Linux and 1 more	4 Flash Player, Mac Os X, Linux Kernel and 1 more	2025-04-12	10.0 HIGH	N/A
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0325 and CVE-2015-0328.
CVE-2014-1259	1 Apple	2 Mac Os X, Mac Os X Server	2025-04-12	6.8 MEDIUM	N/A
Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.
CVE-2015-0335	4 Adobe, Apple, Linux and 1 more	4 Flash Player, Mac Os X, Linux Kernel and 1 more	2025-04-12	10.0 HIGH	N/A
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0339.
CVE-2015-7071	1 Apple	1 Mac Os X	2025-04-12	10.0 HIGH	N/A
The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protection mechanism for app scoped bookmarks via a crafted pathname.
CVE-2016-1799	1 Apple	1 Mac Os X	2025-04-12	9.3 HIGH	7.8 HIGH
Audio in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-1081	3 Adobe, Apple, Microsoft	6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more	2025-04-12	10.0 HIGH	9.8 CRITICAL
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE ... Show More
CVE-2014-8824	1 Apple	1 Mac Os X	2025-04-12	10.0 HIGH	N/A
The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2015-5312	6 Apple, Canonical, Debian and 3 more	13 Iphone Os, Mac Os X, Tvos and 10 more	2025-04-12	7.1 HIGH	N/A
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
CVE-2016-0990	6 Adobe, Apple, Google and 3 more	15 Air, Air Desktop Runtime, Air Sdk and 12 more	2025-04-12	9.3 HIGH	8.8 HIGH
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016- ... Show More
CVE-2014-4371	1 Apple	3 Iphone Os, Mac Os X, Tvos	2025-04-12	1.9 LOW	N/A
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.
CVE-2016-4852	2 Aki-null, Apple	2 Yorufukurou, Mac Os X	2025-04-12	4.3 MEDIUM	6.5 MEDIUM
YoruFukurou (NightOwl) before 2.85 relies on support for emoji skin-tone modifiers even though this support is missing from the CoreText CTFramesetter API on OS X 10.9, which allows remote attackers to cause a denial of service (application crash) via a crafted emoji character sequence.
CVE-2016-0994	6 Adobe, Apple, Google and 3 more	15 Air, Air Desktop Runtime, Air Sdk and 12 more	2025-04-12	9.3 HIGH	8.8 HIGH
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code by using the actionCallMethod opcode with crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0995, CVE-2016-0996, CVE ... Show More
CVE-2015-5576	5 Adobe, Apple, Google and 2 more	8 Air, Air Sdk, Air Sdk \& Compiler and 5 more	2025-04-12	5.0 MEDIUM	N/A
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.
CVE-2016-0972	5 Adobe, Apple, Google and 2 more	13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more	2025-04-12	9.3 HIGH	8.8 HIGH
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-097 ... Show More
CVE-2014-1730	4 Apple, Google, Linux and 1 more	4 Mac Os X, Chrome, Linux Kernel and 1 more	2025-04-12	7.8 HIGH	N/A
Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.
CVE-2016-4095	3 Adobe, Apple, Microsoft	6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more	2025-04-12	10.0 HIGH	9.8 CRITICAL
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2014-3660	5 Apple, Canonical, Debian and 2 more	5 Mac Os X, Ubuntu Linux, Debian Linux and 2 more	2025-04-12	5.0 MEDIUM	N/A
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.
CVE-2015-5912	1 Apple	2 Iphone Os, Mac Os X	2025-04-12	5.0 MEDIUM	N/A
The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.
CVE-2015-5772	1 Apple	1 Mac Os X	2025-04-12	6.8 MEDIUM	N/A
Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file.
CVE-2016-4248	5 Adobe, Apple, Google and 2 more	8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more	2025-04-12	9.3 HIGH	8.8 HIGH
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, and CVE-2016-4231.
CVE-2016-1836	6 Apple, Canonical, Debian and 3 more	14 Iphone Os, Mac Os X, Tvos and 11 more	2025-04-12	4.3 MEDIUM	5.5 MEDIUM
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-0962	6 Adobe, Apple, Google and 3 more	15 Air, Air Desktop Runtime, Air Sdk and 12 more	2025-04-12	9.3 HIGH	8.8 HIGH
Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.
CVE-2016-1126	3 Adobe, Apple, Microsoft	6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more	2025-04-12	10.0 HIGH	9.8 CRITICAL
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE ... Show More
CVE-2014-0509	4 Adobe, Apple, Linux and 1 more	6 Adobe Air, Adobe Air Sdk, Flash Player and 3 more	2025-04-12	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4203	3 Adobe, Apple, Microsoft	6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more	2025-04-12	10.0 HIGH	9.8 CRITICAL
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE ... Show More
CVE-2015-7065	1 Apple	3 Iphone Os, Mac Os X, Tvos	2025-04-12	6.8 MEDIUM	N/A
OpenGL in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVE-2016-4703	1 Apple	1 Mac Os X	2025-04-12	9.3 HIGH	7.8 HIGH
Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Vulnerabilities (CVE)