Total
57 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-2357 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "IOAudioFamily" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||||
CVE-2016-7625 | 1 Apple | 1 Mac Os X | 2023-12-10 | 2.1 LOW | 3.3 LOW |
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | |||||
CVE-2016-1773 | 1 Apple | 1 Mac Os X | 2023-12-10 | 2.1 LOW | 3.3 LOW |
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. | |||||
CVE-2016-4715 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app. | |||||
CVE-2016-1791 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||||
CVE-2016-1862 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860. | |||||
CVE-2016-1796 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app. | |||||
CVE-2016-4739 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface. | |||||
CVE-2016-1748 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||||
CVE-2016-4645 | 1 Apple | 1 Mac Os X | 2023-12-10 | 2.1 LOW | 3.3 LOW |
CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors. | |||||
CVE-2016-1860 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862. | |||||
CVE-2016-1758 | 1 Apple | 2 Iphone Os, Mac Os X | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app. | |||||
CVE-2016-1798 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
Audio in Apple OS X before 10.11.5 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
CVE-2015-4000 | 12 Apple, Canonical, Debian and 9 more | 25 Iphone Os, Mac Os X, Safari and 22 more | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | |||||
CVE-2016-4717 | 1 Apple | 1 Mac Os X | 2023-12-10 | 5.0 MEDIUM | 3.3 LOW |
The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app. | |||||
CVE-2014-3566 | 11 Apple, Debian, Fedoraproject and 8 more | 20 Mac Os X, Debian Linux, Fedora and 17 more | 2023-12-10 | 4.3 MEDIUM | 3.4 LOW |
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | |||||
CVE-2014-4407 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls. |