apple vulnerabilities and exploits

4.6
CVSSv2
CVE-2016-4748

Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable....

7.5
CVSSv2
CVE-2007-4699

The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions....

7.2
CVSSv2
CVE-2016-4709

WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710....

4.3
CVSSv2
CVE-2017-13818

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app....

6.9
CVSSv2
CVE-2014-4398

An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability...

4.3
CVSSv2
CVE-2014-4406

Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors....

9.3
CVSSv2
CVE-2013-1000

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs...

4.6
CVSSv2
CVE-2015-7062

Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors....

2.1
CVSSv2
CVE-2014-4446

Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator....

7.2
CVSSv2
CVE-2014-4433

Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem....