Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-1131

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-10 Apr, 2015 | 14:00
Updated At-06 Aug, 2024 | 04:33
Rejected At-
Credits

fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:10 Apr, 2015 | 14:00
Updated At:06 Aug, 2024 | 04:33
Rejected At:
▼CVE Numbering Authority (CNA)

fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://support.apple.com/HT204659
x_refsource_CONFIRM
http://www.securityfocus.com/bid/73982
vdb-entry
x_refsource_BID
http://www.securitytracker.com/id/1032048
vdb-entry
x_refsource_SECTRACK
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
vendor-advisory
x_refsource_APPLE
Hyperlink: https://support.apple.com/HT204659
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/73982
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id/1032048
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://support.apple.com/HT204659
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/73982
vdb-entry
x_refsource_BID
x_transferred
http://www.securitytracker.com/id/1032048
vdb-entry
x_refsource_SECTRACK
x_transferred
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: https://support.apple.com/HT204659
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/73982
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id/1032048
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:10 Apr, 2015 | 14:59
Updated At:06 May, 2026 | 22:30

fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches

Apple Inc.
apple
>>mac_os_x>>Versions before 10.10.3(exclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlproduct-security@apple.com
Vendor Advisory
http://www.securityfocus.com/bid/73982product-security@apple.com
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032048product-security@apple.com
Third Party Advisory
VDB Entry
https://support.apple.com/HT204659product-security@apple.com
Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/73982af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032048af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://support.apple.com/HT204659af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/73982
Source: product-security@apple.com
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1032048
Source: product-security@apple.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://support.apple.com/HT204659
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/73982
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1032048
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://support.apple.com/HT204659
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1357Records found

CVE-2016-1008
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.4||HIGH
EPSS-1.10% / 61.62%
||
7 Day CHG~0.00%
Published-09 Mar, 2016 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcwindowsacrobat_dcn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7047
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.2||HIGH
EPSS-1.00% / 58.44%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xwatchosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-3802
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.2||HIGH
EPSS-0.37% / 29.26%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-3805
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.2||HIGH
EPSS-0.37% / 29.26%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-3803
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.2||HIGH
EPSS-0.37% / 29.26%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5945
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.2||HIGH
EPSS-0.35% / 26.56%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-6084
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-7.8||HIGH
EPSS-1.10% / 61.53%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 19:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Apple Inc.Debian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationmacosenterprise_linux_desktopChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2015-1134
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.2||HIGH
EPSS-0.56% / 42.64%
||
7 Day CHG~0.00%
Published-10 Apr, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-1133
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.2||HIGH
EPSS-0.56% / 42.64%
||
7 Day CHG~0.00%
Published-10 Apr, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-1135
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.2||HIGH
EPSS-0.53% / 40.65%
||
7 Day CHG~0.00%
Published-10 Apr, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-4669
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-3.73% / 88.50%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xwatchosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3860
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.36% / 28.37%
||
7 Day CHG~0.00%
Published-27 Feb, 2020 | 20:45
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadoswatchOSiOS
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2015-3760
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.2||HIGH
EPSS-1.75% / 75.13%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-8825
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.2||HIGH
EPSS-0.36% / 27.83%
||
7 Day CHG~0.00%
Published-30 Jan, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0182
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.2||HIGH
EPSS-1.69% / 74.30%
||
7 Day CHG~0.00%
Published-23 Mar, 2011 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1821
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.30% / 21.37%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-1517
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.38% / 29.93%
||
7 Day CHG~0.00%
Published-13 May, 2009 | 15:14
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-1279
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.65% / 46.74%
||
7 Day CHG~0.00%
Published-11 Apr, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative privileges.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.
Product-bridgemac_os_xn/a
CVE-2007-0725
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.47% / 37.19%
||
7 Day CHG~0.00%
Published-24 Apr, 2007 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitrary code by "sending malformed control commands."

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-2007-0747
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.87% / 54.33%
||
7 Day CHG~0.00%
Published-24 Apr, 2007 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-2007-0729
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.89% / 54.83%
||
7 Day CHG~0.00%
Published-24 Apr, 2007 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_preview.appmac_os_xmac_os_x_servern/a
CVE-2007-0355
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-6.59% / 93.02%
||
7 Day CHG~0.00%
Published-19 Jan, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field.

Action-Not Available
Vendor-n/aApple Inc.
Product-minimal_slp_service_agentmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-6906
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.31% / 22.89%
||
7 Day CHG~0.00%
Published-08 Jan, 2007 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2006-6173
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.26% / 65.90%
||
7 Day CHG+0.01%
Published-30 Nov, 2006 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2006-5327
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.57% / 42.96%
||
7 Day CHG~0.00%
Published-17 Oct, 2006 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase.

Action-Not Available
Vendor-openbase_international_ltdn/aApple Inc.
Product-openbasexcoden/a
CVE-2007-1222
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.36% / 27.94%
||
7 Day CHG~0.00%
Published-02 Mar, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory.

Action-Not Available
Vendor-n/aApple Inc.Parallels International Gmbh
Product-mac_os_xparallels_desktopn/a
CVE-2006-4392
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.53% / 71.78%
||
7 Day CHG+0.04%
Published-02 Oct, 2006 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function.

Action-Not Available
Vendor-nextn/aApple Inc.
Product-mac_os_xopenstepn/a
CVE-2006-4887
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.42% / 33.81%
||
7 Day CHG~0.00%
Published-19 Sep, 2006 | 21:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xapple_remote_desktopn/a
CVE-2007-0732
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.34% / 26.30%
||
7 Day CHG~0.00%
Published-24 Apr, 2007 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port."

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-2007-0752
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.72% / 49.51%
||
7 Day CHG~0.00%
Published-24 May, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-2007-0753
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.93% / 56.26%
||
7 Day CHG~0.00%
Published-24 May, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2016-4716
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.34% / 26.16%
||
7 Day CHG~0.00%
Published-25 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2006-3509
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.50% / 38.98%
||
7 Day CHG~0.00%
Published-21 Sep, 2006 | 21:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-2007-0022
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.52% / 40.04%
||
7 Day CHG~0.00%
Published-23 Jan, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2006-3500
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.41% / 32.83%
||
7 Day CHG~0.00%
Published-03 Aug, 2006 | 01:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that leads to use of "dangerous paths," probably related to an untrusted search path vulnerability.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-2006-3508
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.56% / 42.60%
||
7 Day CHG~0.00%
Published-21 Sep, 2006 | 21:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-2006-4413
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.33% / 24.52%
||
7 Day CHG~0.00%
Published-18 Nov, 2006 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages.

Action-Not Available
Vendor-n/aApple Inc.
Product-remote_desktopn/a
CVE-2006-3507
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.45% / 70.27%
||
7 Day CHG~0.00%
Published-21 Sep, 2006 | 21:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-2016-7637
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-1.11% / 61.88%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xwatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-7633
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-1.27% / 66.40%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Directory Services" component. It allows local users to gain privileges or cause a denial of service (use-after-free) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-416
Use After Free
CVE-2006-1451
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.40% / 31.87%
||
7 Day CHG~0.00%
Published-12 May, 2006 | 21:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2016-7660
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-1.07% / 60.75%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xwatchosn/a
CVE-2016-7621
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-1.26% / 65.93%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xwatchosn/a
CWE ID-CWE-416
Use After Free
CVE-2016-7661
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-1.11% / 61.89%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CVE-2016-4653
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.48% / 37.75%
||
7 Day CHG~0.00%
Published-22 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xwatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4710
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.46% / 37.01%
||
7 Day CHG~0.00%
Published-25 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2016-4775
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.36% / 27.82%
||
7 Day CHG~0.00%
Published-25 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosmac_os_xwatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-4398
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.01% / 58.93%
||
7 Day CHG+0.01%
Published-30 Nov, 2006 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2016-4704
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.31% / 23.21%
||
7 Day CHG~0.00%
Published-18 Sep, 2016 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4705.

Action-Not Available
Vendor-n/aApple Inc.
Product-xcoden/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4705
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.34% / 26.46%
||
7 Day CHG~0.00%
Published-18 Sep, 2016 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4704.

Action-Not Available
Vendor-n/aApple Inc.
Product-xcoden/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 27
  • 28
  • Next
Details not found