mac_os_x vulnerabilities and exploits

2.1
CVSSv2
CVE-2013-3949

The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper...

6.8
CVSSv2
CVE-2018-4423

A logic issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.1....

9.3
CVSSv2
CVE-2017-13872

An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain interactions...

AppleMac Os X
4.4
CVSSv2
CVE-2014-4444

SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login....

AppleMac Os X
6.8
CVSSv2
CVE-2015-5771

Quartz Composer Framework in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted QuickTime file....

7.2
CVSSv2
CVE-2006-6906

Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900....

7.2
CVSSv2
CVE-2015-3700

Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3701, and CVE-2015-3702....

4.3
CVSSv2
CVE-2018-4418

A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14....

7.5
CVSSv2
CVE-2006-1449

Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted MacMIME encapsulated attachment....

2.1
CVSSv2
CVE-2015-5893

SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors....