The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user.
Max CVSS
6.9
EPSS Score
0.04%
Published
2007-01-24
Updated
2017-07-29
The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console.
Max CVSS
6.9
EPSS Score
0.04%
Published
2007-03-13
Updated
2017-07-29
Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted directory hierarchy.
Max CVSS
6.9
EPSS Score
0.04%
Published
2007-11-15
Updated
2017-07-29
Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call.
Max CVSS
6.9
EPSS Score
0.04%
Published
2007-11-15
Updated
2018-10-15
Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data.
Max CVSS
6.9
EPSS Score
0.05%
Published
2008-03-18
Updated
2017-08-08
Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.
Max CVSS
6.9
EPSS Score
0.04%
Published
2008-03-18
Updated
2017-08-08
Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.
Max CVSS
6.9
EPSS Score
0.04%
Published
2008-03-18
Updated
2017-08-08
pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.
Max CVSS
6.9
EPSS Score
0.04%
Published
2008-12-08
Updated
2017-09-29
CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.
Max CVSS
6.9
EPSS Score
0.04%
Published
2009-01-27
Updated
2017-08-08
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users.
Max CVSS
6.9
EPSS Score
0.04%
Published
2010-03-30
Updated
2010-03-31
The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers.
Max CVSS
6.9
EPSS Score
0.07%
Published
2010-03-05
Updated
2013-05-15
Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.
Max CVSS
6.9
EPSS Score
0.04%
Published
2010-03-31
Updated
2017-09-19
Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors.
Max CVSS
6.9
EPSS Score
0.06%
Published
2010-06-22
Updated
2022-08-09
Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch.
Max CVSS
6.9
EPSS Score
0.04%
Published
2010-08-20
Updated
2017-09-19
Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari.
Max CVSS
6.9
EPSS Score
0.04%
Published
2010-09-10
Updated
2017-09-19
Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.
Max CVSS
6.9
EPSS Score
0.04%
Published
2010-08-05
Updated
2022-08-09
Apple Mac OS X does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.
Max CVSS
6.9
EPSS Score
0.04%
Published
2011-01-25
Updated
2011-04-28
Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture.
Max CVSS
6.9
EPSS Score
0.05%
Published
2012-03-08
Updated
2018-11-29
Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.
Max CVSS
6.9
EPSS Score
0.04%
Published
2012-05-11
Updated
2017-12-05
Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password.
Max CVSS
6.9
EPSS Score
0.06%
Published
2012-05-11
Updated
2017-12-05
The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls.
Max CVSS
6.9
EPSS Score
0.04%
Published
2012-09-20
Updated
2013-03-23

CVE-2013-1775

Public exploit
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
Max CVSS
6.9
EPSS Score
0.04%
Published
2013-03-05
Updated
2016-11-28
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer.
Max CVSS
6.9
EPSS Score
0.04%
Published
2013-06-05
Updated
2013-10-31
The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events.
Max CVSS
6.9
EPSS Score
0.22%
Published
2014-09-18
Updated
2017-08-29
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.
Max CVSS
6.9
EPSS Score
0.69%
Published
2014-09-19
Updated
2017-08-29
1133 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!