Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Mac Os X
Total 5524 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1014 5 Adobe, Apple, Google and 2 more 13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more 2023-02-03 6.9 MEDIUM 7.3 HIGH
Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain privileges via a Trojan horse resource in an unspecified directory.
CVE-2016-0718 9 Apple, Canonical, Debian and 6 more 14 Mac Os X, Ubuntu Linux, Debian Linux and 11 more 2023-02-02 7.5 HIGH 9.8 CRITICAL
An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.
CVE-2016-4448 9 Apple, Hp, Mcafee and 6 more 21 Icloud, Iphone Os, Itunes and 18 more 2023-02-02 10.0 HIGH 9.8 CRITICAL
CVE-2016-4448 libxml2: Format string vulnerability
CVE-2016-4447 8 Apple, Canonical, Debian and 5 more 12 Iphone Os, Itunes, Mac Os X and 9 more 2023-02-02 5.0 MEDIUM 7.5 HIGH
CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName
CVE-2015-7499 7 Apple, Canonical, Debian and 4 more 15 Iphone Os, Mac Os X, Tvos and 12 more 2023-02-02 5.0 MEDIUM N/A
A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.
CVE-2015-7500 6 Apple, Canonical, Debian and 3 more 13 Iphone Os, Mac Os X, Tvos and 10 more 2023-02-02 5.0 MEDIUM N/A
A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.
CVE-2014-8129 4 Apple, Debian, Libtiff and 1 more 8 Iphone Os, Mac Os X, Debian Linux and 5 more 2023-02-02 6.8 MEDIUM 8.8 HIGH
CVE-2014-8129 libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf
CVE-2014-3566 11 Apple, Debian, Fedoraproject and 8 more 20 Mac Os X, Debian Linux, Fedora and 17 more 2023-02-02 4.3 MEDIUM 3.4 LOW
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
CVE-2008-2939 4 Apache, Apple, Canonical and 1 more 4 Http Server, Mac Os X, Ubuntu Linux and 1 more 2023-02-02 4.3 MEDIUM N/A
CVE-2008-2939 httpd: mod_proxy_ftp globbing XSS
CVE-2010-2808 3 Apple, Canonical, Freetype 5 Iphone Os, Mac Os X, Tvos and 2 more 2023-02-02 6.8 MEDIUM N/A
CVE-2010-2808 FreeType: Stack-based buffer overflow by processing certain LWFN fonts
CVE-2010-2806 3 Apple, Canonical, Freetype 5 Iphone Os, Mac Os X, Tvos and 2 more 2023-02-02 6.8 MEDIUM N/A
CVE-2010-2806 FreeType: Heap-based buffer overflow by processing FontType42 fonts with negative length of SFNT strings (FT bug #30656)
CVE-2014-3565 3 Apple, Canonical, Net-snmp 3 Mac Os X, Ubuntu Linux, Net-snmp 2023-02-02 5.0 MEDIUM N/A
A denial of service flaw was found in the way snmptrapd handled certain SNMP traps when started with the "-OQ" option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash.
CVE-2019-14868 3 Apple, Debian, Ksh Project 3 Mac Os X, Debian Linux, Ksh 2023-02-02 7.2 HIGH 7.8 HIGH
A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
CVE-2008-3529 4 Apple, Canonical, Debian and 1 more 6 Iphone Os, Mac Os X, Safari and 3 more 2023-02-02 10.0 HIGH N/A
CVE-2008-3529 libxml2: long entity name heap buffer overflow
CVE-2010-2519 4 Apple, Canonical, Debian and 1 more 4 Mac Os X, Ubuntu Linux, Debian Linux and 1 more 2023-02-02 6.8 MEDIUM N/A
CVE-2010-2519 freetype: heap buffer overflow vulnerability when processing certain font files
CVE-2010-2500 4 Apple, Canonical, Debian and 1 more 4 Mac Os X, Ubuntu Linux, Debian Linux and 1 more 2023-02-02 6.8 MEDIUM N/A
CVE-2010-2500 freetype: integer overflow vulnerability in smooth/ftgrays.c
CVE-2020-6574 5 Apple, Debian, Fedoraproject and 2 more 6 Mac Os X, Debian Linux, Fedora and 3 more 2023-01-31 4.6 MEDIUM 7.8 HIGH
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.
CVE-2016-4279 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2023-01-31 9.3 HIGH 8.8 HIGH
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.
CVE-2016-6930 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2023-01-31 9.3 HIGH 8.8 HIGH
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6931, and CVE-2016-6932.
CVE-2016-6929 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2023-01-31 9.3 HIGH 8.8 HIGH
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.