Apple macOS vulnerabilities

3,139 known vulnerabilities affecting apple/mac_os_x.

Total CVEs

3,139

CISA KEV

actively exploited

Public exploits

277

Exploited in wild

Severity breakdown

CRITICAL302HIGH1409MEDIUM1236LOW192

Vulnerabilities

Page 129 of 157

CVE-2009-2416MEDIUMCVSS 6.5fixed in 10.4.11≥ 10.5.0, < 10.5.8+1 more2009-08-11

CVE-2009-2416 [MEDIUM] CWE-416 CVE-2009-2416: Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and l Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.

nvd

CVE-2009-2193CRITICALCVSS 10.0v10.5v10.5.0+7 more2009-08-06

CVE-2009-2193 [CRITICAL] CWE-119 CVE-2009-2193: Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execut Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.

nvd

CVE-2009-1726CRITICALCVSS 9.3v10.5.6v10.4.11+8 more2009-08-06

CVE-2009-1726 [CRITICAL] CWE-119 CVE-2009-1726: Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remo Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.

nvd

CVE-2009-2188CRITICALCVSS 9.3v10.5.6v10.5+7 more2009-08-06

CVE-2009-2188 [CRITICAL] CWE-119 CVE-2009-2188: Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows rem Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.

nvd

CVE-2009-2190HIGHCVSS 7.8v10.5.6v10.5+7 more2009-08-06

CVE-2009-2190 [HIGH] CWE-399 CVE-2009-2190: launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (i launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service.

nvd

CVE-2009-2192HIGHCVSS 7.5v10.5.6v10.5+7 more2009-08-06

CVE-2009-2192 [HIGH] CWE-255 CVE-2009-2192: MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."

nvd

CVE-2009-2191HIGHCVSS 7.5v10.5.6v10.4.11+2 more2009-08-06

CVE-2009-2191 [HIGH] CWE-134 CVE-2009-2191: Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.

nvd

CVE-2009-0151HIGHCVSS 7.2v10.5.6v10.5+7 more2009-08-06

CVE-2009-0151 [HIGH] CVE-2009-0151: The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Tou The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors.

nvd

CVE-2009-1723MEDIUMCVSS 4.3v10.5.6v10.5+7 more2009-08-06

CVE-2009-1723 [MEDIUM] CVE-2009-1723: CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in c CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062.

nvd

CVE-2009-1727MEDIUMCVSS 6.8v10.5.6v10.5+7 more2009-08-06

CVE-2009-1727 [MEDIUM] CVE-2009-1727: Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari.

nvd

CVE-2009-1728MEDIUMCVSS 6.8v10.5.6v10.5+19 more2009-08-06

CVE-2009-1728 [MEDIUM] CWE-119 CVE-2009-1728: Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digit Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.

nvd

CVE-2009-2194MEDIUMCVSS 4.9v10.5.6v10.5+7 more2009-08-06

CVE-2009-2194 [MEDIUM] CVE-2009-2194: Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue."

nvd

CVE-2009-1721MEDIUMCVSS 6.8fixed in 10.5.82009-07-31

CVE-2009-1721 [MEDIUM] CWE-824 CVE-2009-1721: The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allow The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.

nvd

CVE-2009-2422CRITICALCVSS 9.8≥ 10.6.0, < 10.6.3v10.5.82009-07-10

CVE-2009-2422 [CRITICAL] CWE-287 CVE-2009-2422: The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rai The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this exa

nvd

CVE-2009-0949HIGHCVSS 7.5PoC≥ 10.0.0, < 10.4.11≥ 10.5.0, < 10.5.82009-06-09

CVE-2009-0949 [HIGH] CWE-908 CVE-2009-0949: The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize mem The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.

nvd

CVE-2009-1955HIGHCVSS 7.5PoCfixed in 10.6.22009-06-08

CVE-2009-1955 [HIGH] CWE-776 CVE-2009-1955: The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFI

nvd

CVE-2009-1717MEDIUMCVSS 6.8v10.5v10.5.0+6 more2009-06-05

CVE-2009-1717 [MEDIUM] CWE-189 CVE-2009-1717: Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow.

nvd

CVE-2009-0010CRITICALCVSS 9.3v10.4.11v10.5+7 more2009-05-13

CVE-2009-0010 [CRITICAL] CWE-189 CVE-2009-0010: Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple Q Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.

nvd

CVE-2008-1517HIGHCVSS 7.2v10.5v10.5.0+6 more2009-05-13

CVE-2008-1517 [HIGH] CWE-20 CVE-2008-1517: Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users t Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues.

nvd

CVE-2009-0152HIGHCVSS 7.5≥ 10.5.0, < 10.5.72009-05-13

CVE-2009-0152 [HIGH] CWE-312 CVE-2009-0152: iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communicatio iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.

nvd

← Previous129 / 157Next →