Apple macOS vulnerabilities

3,139 known vulnerabilities affecting apple/mac_os_x.

Total CVEs

3,139

CISA KEV

actively exploited

Public exploits

277

Exploited in wild

Severity breakdown

CRITICAL302HIGH1409MEDIUM1236LOW192

Vulnerabilities

Page 130 of 157

CVE-2009-0150MEDIUMCVSS 4.4v10.5.0v10.5.1+5 more2009-05-13

CVE-2009-0150 [MEDIUM] CWE-119 CVE-2009-0150: Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileg Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image.

nvd

CVE-2009-0944MEDIUMCVSS 6.8v10.4.11v10.5.0+6 more2009-05-13

CVE-2009-0944 [MEDIUM] CWE-94 CVE-2009-0944: The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5. The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption.

nvd

CVE-2009-0153MEDIUMCVSS 4.3v10.5.0v10.5.1+5 more2009-05-13

CVE-2009-0153 [MEDIUM] CWE-79 CVE-2009-0153: International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote att

nvd

CVE-2009-0154MEDIUMCVSS 6.8v10.4.11v10.5.0+6 more2009-05-13

CVE-2009-0154 [MEDIUM] CWE-119 CVE-2009-0154: Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10 Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.

nvd

CVE-2009-0160MEDIUMCVSS 6.8v10.4.11v10.5.0+6 more2009-05-13

CVE-2009-0160 [MEDIUM] CWE-94 CVE-2009-0160: QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execut QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.

nvd

CVE-2009-0161MEDIUMCVSS 6.4v10.5.0v10.5.1+5 more2009-05-13

CVE-2009-0161 [MEDIUM] CWE-20 CVE-2009-0161: The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate.

nvd

CVE-2009-0145MEDIUMCVSS 6.8v10.4.11v10.5.0+6 more2009-05-13

CVE-2009-0145 [MEDIUM] CWE-94 CVE-2009-0145: CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPho CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption.

nvd

CVE-2009-0156MEDIUMCVSS 4.3v10.4.11v10.5.0+6 more2009-05-13

CVE-2009-0156 [MEDIUM] CWE-20 CVE-2009-0156: Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read.

nvd

CVE-2009-0149MEDIUMCVSS 4.4v10.4.11v10.5.0+6 more2009-05-13

CVE-2009-0149 [MEDIUM] CWE-94 CVE-2009-0149: Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denia Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption.

nvd

CVE-2009-0943MEDIUMCVSS 6.8v10.4.11v10.5.0+6 more2009-05-13

CVE-2009-0943 [MEDIUM] CWE-20 CVE-2009-0943: Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.

nvd

CVE-2009-0155MEDIUMCVSS 6.8v10.5.0v10.5.1+5 more2009-05-13

CVE-2009-0155 [MEDIUM] CWE-189 CVE-2009-0155: Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers a heap-based buffer overflow.

nvd

CVE-2009-0942MEDIUMCVSS 6.8v10.4.11v10.5.0+6 more2009-05-13

CVE-2009-0942 [MEDIUM] CWE-20 CVE-2009-0942: Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.

nvd

CVE-2009-0158MEDIUMCVSS 6.8v10.4.11v10.5.0+6 more2009-05-13

CVE-2009-0158 [MEDIUM] CWE-119 CVE-2009-0158: Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server.

nvd

CVE-2009-0157MEDIUMCVSS 6.8v10.5.0v10.5.1+5 more2009-05-13

CVE-2009-0157 [MEDIUM] CWE-119 CVE-2009-0157: Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web serve Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers.

nvd

CVE-2009-0144MEDIUMCVSS 4.3v10.5.6v10.5+5 more2009-05-13

CVE-2009-0144 [MEDIUM] CWE-16 CVE-2009-0144: CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie heade CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections.

nvd

CVE-2009-0946HIGHCVSS 7.5≥ 10.6.0, ≤ 10.6.4v10.4.11+1 more2009-04-17

CVE-2009-0946 [HIGH] CWE-190 CVE-2009-0946: Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

nvd

CVE-2009-0846CRITICALCVSS 10.0fixed in 10.5.72009-04-09

CVE-2009-0846 [CRITICAL] CWE-824 CVE-2009-0846: The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime de The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

nvd

CVE-2009-1236CRITICALCVSS 10.0PoC≤ 10.5.6v10.0+53 more2009-04-02

CVE-2009-1236 [CRITICAL] CWE-119 CVE-2009-1236: Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple M Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.

nvd

CVE-2009-1238HIGHCVSS 7.2PoC≤ 10.5.6v10.0+53 more2009-04-02

CVE-2009-1238 [HIGH] CWE-362 CVE-2009-1238: Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified glo

nvd

CVE-2009-1235HIGHCVSS 7.2PoC≤ 10.5.6v10.0+53 more2009-04-02

CVE-2009-1235 [HIGH] CWE-264 CVE-2009-1235: XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interactio XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls.

nvd

← Previous130 / 157Next →