Mac Os X@* Security Vulnerabilities and Issues — Page 3 of Mac Os X@* CVE List

Lucene search

AppleMac Os X*

2420 matches found

CVE•added 2019/10/03 5:15 p.m.•262 views

CVE-2019-15166

lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.

7.5CVSS6.8AI score0.00877EPSS

CVE•added 2008/05/05 5:20 p.m.•261 views

CVE-2008-0599

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

10CVSS9.6AI score0.51567EPSS

CVE•added 2021/04/02 6:15 p.m.•261 views

CVE-2021-1765

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.

6.5CVSS7AI score0.00085EPSS

CVE•added 2023/10/25 7:15 p.m.•261 views

CVE-2023-42856

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution.

7.8CVSS7.5AI score0.00047EPSS

CVE•added 2015/03/30 10:59 a.m.•260 views

CVE-2015-2301

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name o...

7.5CVSS7.9AI score0.10318EPSS

CVE•added 2019/10/03 4:15 p.m.•257 views

CVE-2018-14468

The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

7.5CVSS8.6AI score0.02283EPSS

CVE•added 2020/04/14 11:15 p.m.•257 views

CVE-2020-11764

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.

5.5CVSS5.6AI score0.00493EPSS

CVE•added 2019/10/03 4:15 p.m.•256 views

CVE-2018-16451

The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.

7.5CVSS8.7AI score0.00438EPSS

CVE•added 2021/01/26 6:15 p.m.•254 views

CVE-2020-36229

A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.

7.5CVSS7.3AI score0.01984EPSS

CVE•added 2019/10/03 4:15 p.m.•253 views

CVE-2018-14461

The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().

7.5CVSS8.6AI score0.00438EPSS

CVE•added 2020/02/05 5:15 p.m.•253 views

CVE-2019-15126

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a di...

3.1CVSS6.2AI score0.07993EPSS

CVE•added 2019/10/03 4:15 p.m.•252 views

CVE-2018-16228

The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().

7.5CVSS8.6AI score0.0223EPSS

CVE•added 2019/12/18 6:15 p.m.•251 views

CVE-2019-8672

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may l...

9.3CVSS8.6AI score0.40339EPSS

CVE•added 2019/12/18 6:15 p.m.•250 views

CVE-2019-8769

An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history.

4.3CVSS4.9AI score0.00128EPSS

CVE•added 2019/10/03 4:15 p.m.•249 views

CVE-2018-16227

The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.

7.5CVSS8.6AI score0.16057EPSS

CVE•added 2019/12/18 6:15 p.m.•248 views

CVE-2019-8687

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitr...

8.8CVSS8.6AI score0.00816EPSS

CVE•added 2019/12/18 6:15 p.m.•248 views

CVE-2019-8690

A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously craf...

6.1CVSS6.1AI score0.08113EPSS

CVE•added 2015/06/09 6:59 p.m.•246 views

CVE-2015-3329

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

7.5CVSS8AI score0.28148EPSS

CVE•added 2020/04/14 11:15 p.m.•246 views

CVE-2020-11761

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.

5.5CVSS5.5AI score0.00363EPSS

CVE•added 2019/12/18 6:15 p.m.•244 views

CVE-2019-8666

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2019/12/18 6:15 p.m.•244 views

CVE-2019-8671

8.8CVSS8.5AI score0.28154EPSS

CVE•added 2019/10/03 4:15 p.m.•243 views

CVE-2018-14879

The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().

7CVSS8.4AI score0.013EPSS

CVE•added 2021/01/26 6:15 p.m.•243 views

CVE-2020-36226

A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.

7.5CVSS7.3AI score0.00423EPSS

CVE•added 2019/10/03 4:15 p.m.•242 views

CVE-2018-14466

The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().

7.5CVSS8.6AI score0.0223EPSS

CVE•added 2019/10/03 4:15 p.m.•242 views

CVE-2018-14467

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).

7.5CVSS8.6AI score0.02005EPSS

CVE•added 2019/12/18 6:15 p.m.•242 views

CVE-2019-8686

8.8CVSS8.6AI score0.00816EPSS

CVE•added 2020/04/14 11:15 p.m.•242 views

CVE-2020-11758

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.

5.5CVSS5.5AI score0.0035EPSS

CVE•added 2019/12/18 6:15 p.m.•240 views

CVE-2019-8677

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2020/04/14 11:15 p.m.•240 views

CVE-2020-11760

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.

5.5CVSS5.5AI score0.00388EPSS

CVE•added 2019/10/03 4:15 p.m.•239 views

CVE-2018-14880

The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().

7.5CVSS8.6AI score0.04236EPSS

CVE•added 2019/10/03 4:15 p.m.•239 views

CVE-2018-14882

The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.

7.5CVSS8.6AI score0.01693EPSS

CVE•added 2021/01/26 6:15 p.m.•239 views

CVE-2020-36224

A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

7.5CVSS7.4AI score0.00574EPSS

CVE•added 2016/03/31 4:59 p.m.•238 views

CVE-2016-3141

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data contai...

9.8CVSS7.9AI score0.40083EPSS

CVE•added 2020/04/14 11:15 p.m.•238 views

CVE-2020-11765

An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.

5.5CVSS5.4AI score0.0035EPSS

CVE•added 2015/06/09 6:59 p.m.•237 views

CVE-2015-3307

The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive.

7.5CVSS7.6AI score0.18407EPSS

CVE•added 2018/12/07 9:29 p.m.•237 views

CVE-2018-18313

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

9.1CVSS8.9AI score0.03978EPSS

CVE•added 2019/12/18 6:15 p.m.•236 views

CVE-2019-8768

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items.

5.3CVSS5.5AI score0.0039EPSS

CVE•added 2020/04/14 11:15 p.m.•236 views

CVE-2020-11762

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.

5.5CVSS5.5AI score0.0039EPSS

CVE•added 2019/10/03 4:15 p.m.•235 views

CVE-2018-16230

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).

7.5CVSS8.6AI score0.00438EPSS

CVE•added 2019/12/18 6:15 p.m.•235 views

CVE-2019-8681

8.8CVSS8.6AI score0.00816EPSS

CVE•added 2019/12/18 6:15 p.m.•234 views

CVE-2019-8676

9.3CVSS8.6AI score0.03566EPSS

CVE•added 2015/06/09 6:59 p.m.•233 views

CVE-2015-4025

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) s...

7.5CVSS8.1AI score0.05577EPSS

CVE•added 2019/12/18 6:15 p.m.•233 views

CVE-2019-8689

9.3CVSS8.6AI score0.29403EPSS

CVE•added 2019/12/18 6:15 p.m.•232 views

CVE-2019-8673

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2021/01/26 6:15 p.m.•232 views

CVE-2020-36223

A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).

7.5CVSS7.3AI score0.06006EPSS

CVE•added 2019/10/03 4:15 p.m.•231 views

CVE-2018-14464

The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().

7.5CVSS8.6AI score0.0223EPSS

CVE•added 2015/03/30 10:59 a.m.•230 views

CVE-2015-2348

The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected...

5CVSS7.4AI score0.06971EPSS

CVE•added 2015/06/09 6:59 p.m.•230 views

CVE-2015-4026

The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument....

7.5CVSS8.2AI score0.05594EPSS

CVE•added 2020/10/27 8:15 p.m.•229 views

CVE-2019-8696

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.

8.8CVSS7.7AI score0.01225EPSS

CVE•added 2021/09/08 2:15 p.m.•229 views

CVE-2021-30799

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.

9.3CVSS8.8AI score0.01039EPSS

Total number of security vulnerabilities2420