mac_os_x vulnerabilities and exploits

2.1
LOW
CVE-2016-4595

Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure.

4.8
MEDIUM
CVE-2015-3774

The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream.

5.4
MEDIUM
CVE-2014-4428

Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing.

4.6
MEDIUM
CVE-2005-2515

Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visualizer even when a password is required.

4.6
MEDIUM
CVE-2005-0969

Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via crafted parameters.

4.6
MEDIUM
CVE-2005-0971

Stack-based buffer overflow in the semop system call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.

2.1
LOW
CVE-2014-1317

iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file.

4.9
MEDIUM
CVE-2014-1322

The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.

AppleMac Os X
4.6
MEDIUM
CVE-2002-1268

Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD."

2.1
LOW
CVE-2002-1270

Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call.