Apple - Mac Os X CVE

Filtered by vendor Apple

Filtered by product Mac Os X

Total 5568 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2016-4778	1 Apple	4 Iphone Os, Mac Os X, Tvos and 1 more	2025-04-12	9.3 HIGH	7.8 HIGH
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-4738	2 Apple, Debian	5 Iphone Os, Mac Os X, Tvos and 2 more	2025-04-12	9.3 HIGH	8.8 HIGH
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVE-2015-8401	5 Adobe, Apple, Google and 2 more	9 Air, Air Sdk, Air Sdk \& Compiler and 6 more	2025-04-12	10.0 HIGH	N/A
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061 ... Show More
CVE-2016-4648	1 Apple	1 Mac Os X	2025-04-12	4.9 MEDIUM	5.5 MEDIUM
Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2016-1814	1 Apple	3 Iphone Os, Mac Os X, Tvos	2025-04-12	4.3 MEDIUM	5.5 MEDIUM
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2015-5571	5 Adobe, Apple, Google and 2 more	8 Air, Air Sdk, Air Sdk \& Compiler and 5 more	2025-04-12	4.3 MEDIUM	N/A
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requiremen ... Show More
CVE-2015-3695	1 Apple	1 Mac Os X	2025-04-12	7.2 HIGH	N/A
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
CVE-2015-8442	5 Adobe, Apple, Google and 2 more	9 Air, Air Sdk, Air Sdk \& Compiler and 6 more	2025-04-12	9.3 HIGH	N/A
Use-after-free vulnerability in the MovieClip object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via a crafted filters property value, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-20 ... Show More
CVE-2016-6924	5 Adobe, Apple, Google and 2 more	8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more	2025-04-12	9.3 HIGH	8.8 HIGH
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, and CVE-2016-6922.
CVE-2015-6976	1 Apple	2 Iphone Os, Mac Os X	2025-04-12	6.8 MEDIUM	N/A
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.
CVE-2016-6963	3 Adobe, Apple, Microsoft	6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more	2025-04-12	10.0 HIGH	9.8 CRITICAL
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6964, CVE-2016-6965, CVE- ... Show More
CVE-2016-4106	3 Adobe, Apple, Microsoft	6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more	2025-04-12	7.2 HIGH	7.8 HIGH
Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows local users to gain privileges via a Trojan horse resource in an unspecified directory, a different vulnerability than CVE-2016-1087 and CVE-2016-1090.
CVE-2016-1808	1 Apple	4 Iphone Os, Mac Os X, Tvos and 1 more	2025-04-12	9.3 HIGH	7.8 HIGH
The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-1803	1 Apple	4 Iphone Os, Mac Os X, Tvos and 1 more	2025-04-12	6.8 MEDIUM	7.8 HIGH
CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2016-4710	1 Apple	1 Mac Os X	2025-04-12	7.2 HIGH	7.8 HIGH
WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709.
CVE-2014-0563	3 Adobe, Apple, Microsoft	4 Acrobat, Acrobat Reader, Mac Os X and 1 more	2025-04-12	7.8 HIGH	N/A
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors.
CVE-2014-8151	2 Apple, Haxx	2 Mac Os X, Libcurl	2025-04-12	5.8 MEDIUM	N/A
The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
CVE-2015-8658	5 Adobe, Apple, Google and 2 more	15 Air, Air Desktop Runtime, Air Sdk and 12 more	2025-04-12	9.3 HIGH	8.8 HIGH
Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE- ... Show More
CVE-2015-8456	5 Adobe, Apple, Google and 2 more	9 Air, Air Sdk, Air Sdk \& Compiler and 6 more	2025-04-12	9.3 HIGH	N/A
Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-8439.
CVE-2016-4649	1 Apple	1 Mac Os X	2025-04-12	2.1 LOW	5.5 MEDIUM
Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
CVE-2016-4094	3 Adobe, Apple, Microsoft	6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more	2025-04-12	10.0 HIGH	9.8 CRITICAL
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE ... Show More
CVE-2015-2348	4 Apple, Opensuse, Php and 1 more	9 Mac Os X, Opensuse, Php and 6 more	2025-04-12	5.0 MEDIUM	N/A
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
CVE-2014-4405	1 Apple	3 Iphone Os, Mac Os X, Tvos	2025-04-12	9.3 HIGH	N/A
IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.
CVE-2016-1053	3 Adobe, Apple, Microsoft	6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more	2025-04-12	10.0 HIGH	9.8 CRITICAL
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE- ... Show More
CVE-2014-9165	3 Adobe, Apple, Microsoft	4 Acrobat, Acrobat Reader, Mac Os X and 1 more	2025-04-12	10.0 HIGH	N/A
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-8455.
CVE-2015-8443	5 Adobe, Apple, Google and 2 more	9 Air, Air Sdk, Air Sdk \& Compiler and 6 more	2025-04-12	10.0 HIGH	N/A
Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-841 ... Show More
CVE-2015-3794	1 Apple	1 Mac Os X	2025-04-12	6.8 MEDIUM	N/A
The Speech UI in Apple OS X before 10.10.5, when speech alerts are enabled, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Unicode string.
CVE-2016-6983	5 Adobe, Apple, Google and 2 more	8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more	2025-04-12	9.3 HIGH	8.8 HIGH
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990.
CVE-2016-0970	5 Adobe, Apple, Google and 2 more	13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more	2025-04-12	9.3 HIGH	8.8 HIGH
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0972, CVE-2016-097 ... Show More
CVE-2016-4607	4 Apple, Fedoraproject, Microsoft and 1 more	9 Icloud, Iphone Os, Itunes and 6 more	2025-04-12	7.5 HIGH	9.8 CRITICAL
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
CVE-2016-4698	1 Apple	2 Iphone Os, Mac Os X	2025-04-12	9.3 HIGH	7.8 HIGH
AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2015-3805	1 Apple	2 Iphone Os, Mac Os X	2025-04-12	7.2 HIGH	N/A
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.
CVE-2016-4599	1 Apple	1 Mac Os X	2025-04-12	6.8 MEDIUM	7.8 HIGH
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop document.
CVE-2016-4706	1 Apple	1 Mac Os X	2025-04-12	4.9 MEDIUM	5.5 MEDIUM
cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors.
CVE-2016-4205	3 Adobe, Apple, Microsoft	6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more	2025-04-12	10.0 HIGH	9.8 CRITICAL
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE ... Show More
CVE-2015-3125	4 Adobe, Apple, Linux and 1 more	7 Air, Air Sdk, Air Sdk \& Compiler and 4 more	2025-04-12	5.0 MEDIUM	N/A
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, and CVE-2015-5116.
CVE-2016-7009	3 Adobe, Apple, Microsoft	6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more	2025-04-12	10.0 HIGH	9.8 CRITICAL
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE ... Show More
CVE-2016-1830	1 Apple	4 Iphone Os, Mac Os X, Tvos and 1 more	2025-04-12	8.5 HIGH	7.8 HIGH
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1829.
CVE-2015-6985	1 Apple	1 Mac Os X	2025-04-12	6.8 MEDIUM	N/A
Apple Type Services (ATS) in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web page.
CVE-2015-7192	2 Apple, Mozilla	2 Mac Os X, Firefox	2025-04-12	7.5 HIGH	N/A
The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index.

Vulnerabilities (CVE)