Macos Security Vulnerabilities
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS...
7.8CVSS
7.4AI Score
0.002EPSS
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS...
7.8CVSS
6.5AI Score
0.002EPSS
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave...
5.5CVSS
6.3AI Score
0.001EPSS
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS...
7.8CVSS
7.1AI Score
0.002EPSS
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave...
7.8CVSS
6.9AI Score
0.001EPSS
A denial of service issue was addressed with improved validation. This issue affected versions prior to macOS Mojave...
6.5CVSS
6.7AI Score
0.001EPSS
A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS...
7.8CVSS
7.8AI Score
0.002EPSS
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave...
5.5CVSS
6.3AI Score
0.001EPSS
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave...
5.5CVSS
6.3AI Score
0.001EPSS
An information disclosure issue was addressed by removing the vulnerable code. This issue affected versions prior to macOS High Sierra...
5.5CVSS
5.6AI Score
0.001EPSS
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to macOS High Sierra...
5.5CVSS
4.8AI Score
0.0004EPSS
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra...
9.8CVSS
7AI Score
0.004EPSS
An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave...
9.8CVSS
7.2AI Score
0.002EPSS
A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows...
5.3CVSS
5.7AI Score
0.003EPSS
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra...
9.8CVSS
7AI Score
0.004EPSS
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS...
7.5CVSS
5.8AI Score
0.004EPSS
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel...
7.8CVSS
7.3AI Score
0.006EPSS
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML...
6.5CVSS
6.3AI Score
0.016EPSS
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable...
7.8CVSS
7.8AI Score
0.001EPSS
A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML...
6.5CVSS
6.3AI Score
0.005EPSS
Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root...
7.8CVSS
7.4AI Score
0.0005EPSS
The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of.....
7.8CVSS
7.4AI Score
0.001EPSS
Adobe Photoshop CC versions 19.1.3 and earlier, 18.1.3 and earlier, and 18.1.2 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current...
8.8CVSS
8.8AI Score
0.011EPSS
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current...
9.8CVSS
9.4AI Score
0.01EPSS
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access --...
9.8CVSS
9.2AI Score
0.015EPSS
Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and...
9.8CVSS
9.4AI Score
0.098EPSS
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is...
6.5CVSS
5.5AI Score
0.008EPSS
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML...
8.8CVSS
8.5AI Score
0.143EPSS
Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF...
8.8CVSS
7.8AI Score
0.012EPSS
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF...
8.8CVSS
8.3AI Score
0.015EPSS
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain...
6.5CVSS
6.4AI Score
0.006EPSS
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain...
6.5CVSS
6.5AI Score
0.006EPSS
Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML...
6.5CVSS
6.3AI Score
0.006EPSS
Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML...
6.5CVSS
6.4AI Score
0.008EPSS
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.115 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name containing a U+0620 character, aka Apple rdar problem...
6.5CVSS
5.4AI Score
0.001EPSS
A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML...
5.3CVSS
5.4AI Score
0.006EPSS
Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML...
4.7CVSS
5.3AI Score
0.005EPSS
Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML...
8.8CVSS
8.5AI Score
0.016EPSS
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML...
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML...
6.3CVSS
6.3AI Score
0.008EPSS
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain...
6.5CVSS
6.5AI Score
0.006EPSS
The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege...
7.8CVSS
7.5AI Score
0.001EPSS
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to...
8.8CVSS
8.1AI Score
0.001EPSS
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to...
8.8CVSS
8.1AI Score
0.001EPSS
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to...
8.8CVSS
8.1AI Score
0.001EPSS
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to...
8.8CVSS
8.1AI Score
0.001EPSS
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF...
7.8CVSS
7.5AI Score
0.011EPSS
V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML...
4.3CVSS
4.8AI Score
0.01EPSS
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to...
7.8CVSS
7.6AI Score
0.012EPSS
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of...
8.8CVSS
7.6AI Score
0.02EPSS