Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-4713 1Apple 1Mac Os X May 6, 2026 Sep 25, 2016 N/A· v4 5.3 MEDIUM· v3 4.3 MEDIUM· v2 CoreDisplay in Apple OS X before 10.12 allows attackers to view arbitrary users' screens by leveraging screen-sharing access.
CVE-2016-4712 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Sep 25, 2016 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
CVE-2016-4711 1Apple 2Iphone Os Mac Os X May 6, 2026 Sep 25, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output.
CVE-2016-4710 1Apple 1Mac Os X May 6, 2026 Sep 25, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709.
CVE-2016-4709 1Apple 1Mac Os X May 6, 2026 Sep 25, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710.
CVE-2016-4708 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Sep 25, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.
CVE-2016-4707 1Apple 2Iphone Os Mac Os X May 6, 2026 Sep 25, 2016 N/A· v4 4.0 MEDIUM· v3 2.1 LOW· v2 CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
CVE-2016-4706 1Apple 1Mac Os X May 6, 2026 Sep 25, 2016 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors.
CVE-2016-4703 1Apple 1Mac Os X May 6, 2026 Sep 25, 2016 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-4702 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Sep 25, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-4701 1Apple 1Mac Os X May 6, 2026 Sep 25, 2016 N/A· v4 6.2 MEDIUM· v3 2.1 LOW· v2 Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.
CVE-2016-4700 1Apple 1Mac Os X May 6, 2026 Sep 25, 2016 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699.
CVE-2016-4699 1Apple 1Mac Os X May 6, 2026 Sep 25, 2016 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700.
CVE-2016-4698 1Apple 2Iphone Os Mac Os X May 6, 2026 Sep 25, 2016 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privilege...Show more AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.Show less
CVE-2016-4697 1Apple 1Mac Os X May 6, 2026 Sep 25, 2016 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-4696 1Apple 1Mac Os X May 6, 2026 Sep 25, 2016 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2016-4694 1Apple 2Mac Os X Os X Server May 6, 2026 Sep 25, 2016 N/A· v4 9.1 CRITICAL· v3 7.5 HIGH· v2 The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY en...Show more The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue, a related issue to CVE-2016-5387.Show less
CVE-2016-4658 2Apple Xmlsoft 5Iphone Os Libxml2Mac Os X+2 more May 6, 2026 Sep 25, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote att...Show more xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.Show less
CVE-2016-5131 8Apple CanonicalDebian+5 more 14Chrome Debian LinuxEnterprise Linux Desktop+11 more May 6, 2026 Jul 23, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to t...Show more Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.Show less
CVE-2016-4653 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Jul 22, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a dif...Show more The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.Show less

Previous 1...757677...161 Next