Mac Os X@* Security Vulnerabilities and Issues — Page 3 of Mac Os X@* CVE List

Lucene search

AppleMac Os X*

985 matches found

CVE•added 2019/12/18 6:15 p.m.•215 views

CVE-2019-8583

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code e...

8.8CVSS8.5AI score0.0082EPSS

CVE•added 2019/12/18 6:15 p.m.•215 views

CVE-2019-8587

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2019/10/03 4:15 p.m.•214 views

CVE-2018-14470

The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().

7.5CVSS8.6AI score0.01543EPSS

CVE•added 2019/12/18 6:15 p.m.•214 views

CVE-2019-8586

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2019/12/18 6:15 p.m.•214 views

CVE-2019-8649

A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciou...

6.1CVSS6AI score0.0982EPSS

Web

CVE•added 2019/12/18 6:15 p.m.•212 views

CVE-2019-8607

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process ...

6.5CVSS6.5AI score0.00683EPSS

CVE•added 2019/12/18 6:15 p.m.•211 views

CVE-2019-8597

6.5CVSS7.8AI score0.00728EPSS

CVE•added 2019/12/18 6:15 p.m.•209 views

CVE-2019-8596

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2019/12/18 6:15 p.m.•207 views

CVE-2019-8608

6.8CVSS7.7AI score0.00767EPSS

CVE•added 2019/12/18 6:15 p.m.•205 views

CVE-2019-8658

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cro...

6.1CVSS6AI score0.00924EPSS

CVE•added 2019/12/18 6:15 p.m.•204 views

CVE-2019-8619

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2019/12/18 6:15 p.m.•203 views

CVE-2019-8571

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2015/11/13 3:59 a.m.•202 views

CVE-2015-8126

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly ha...

7.5CVSS7.9AI score0.04186EPSS

CVE•added 2022/05/26 7:15 p.m.•201 views

CVE-2022-26722

A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.

9.3CVSS8AI score0.00173EPSS

CVE•added 2022/05/26 8:15 p.m.•200 views

CVE-2022-26751

A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execut...

7.8CVSS8.3AI score0.00627EPSS

CVE•added 2019/12/18 6:15 p.m.•199 views

CVE-2019-8609

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2019/12/18 6:15 p.m.•199 views

CVE-2019-8610

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2019/12/11 3:15 p.m.•197 views

CVE-2019-14899

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknow...

7.4CVSS7.3AI score0.00055EPSS

CVE•added 2016/06/09 4:59 p.m.•196 views

CVE-2016-4448

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

10CVSS9.5AI score0.01612EPSS

CVE•added 2019/12/18 6:15 p.m.•195 views

CVE-2019-8594

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2015/12/06 8:59 p.m.•193 views

CVE-2015-3195

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by...

5.3CVSS6.3AI score0.02942EPSS

CVE•added 2019/02/18 5:29 p.m.•192 views

CVE-2019-8906

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.

4.4CVSS4.8AI score0.0009EPSS

CVE•added 2017/05/22 5:29 a.m.•189 views

CVE-2017-2518

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of ...

9.8CVSS8.7AI score0.03391EPSS

CVE•added 2019/01/11 6:29 p.m.•183 views

CVE-2018-4180

In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.

7.8CVSS4.8AI score0.00084EPSS

CVE•added 2019/01/11 6:29 p.m.•181 views

CVE-2018-4181

In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.

5.5CVSS4.8AI score0.00109EPSS

CVE•added 2019/12/18 6:15 p.m.•179 views

CVE-2019-8670

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS4.9AI score0.00378EPSS

CVE•added 2019/04/03 6:29 p.m.•170 views

CVE-2018-4407

A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

8.8CVSS7.4AI score0.90882EPSS

CVE•added 2017/05/22 5:29 a.m.•169 views

CVE-2017-2520

9.8CVSS8.8AI score0.0245EPSS

CVE•added 2016/05/20 10:59 a.m.•161 views

CVE-2016-1839

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.4AI score0.10773EPSS

CVE•added 2017/05/22 5:29 a.m.•157 views

CVE-2017-2519

9.8CVSS8.8AI score0.02242EPSS

CVE•added 2020/04/17 6:15 p.m.•156 views

CVE-2019-6203

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic.

9.8CVSS7.5AI score0.07524EPSS

CVE•added 2018/06/08 6:29 p.m.•152 views

CVE-2018-4202

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" component. It allows man-in-the-middle attackers to spoof a password prompt.

5.9CVSS5.4AI score0.00534EPSS

CVE•added 2009/10/23 7:30 p.m.•151 views

CVE-2009-3767

libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers v...

4.3CVSS6.2AI score0.01686EPSS

CVE•added 2019/12/18 6:15 p.m.•151 views

CVE-2019-8641

An out-of-bounds read was addressed with improved input validation.

9.8CVSS8.7AI score0.19602EPSS

CVE•added 2022/05/26 8:15 p.m.•144 views

CVE-2022-26770

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.9AI score0.00266EPSS

CVE•added 2016/03/24 1:59 a.m.•141 views

CVE-2016-1762

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

8.1CVSS7AI score0.07342EPSS

CVE•added 2016/09/25 10:59 a.m.•140 views

CVE-2016-4738

libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

9.3CVSS8.7AI score0.07628EPSS

CVE•added 2020/12/08 8:15 p.m.•135 views

CVE-2020-9942

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS4.9AI score0.00247EPSS

CVE•added 2010/12/07 9:0 p.m.•134 views

CVE-2010-4494

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

7.5CVSS7.8AI score0.01623EPSS

CVE•added 2018/06/08 6:29 p.m.•134 views

CVE-2018-4211

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of ...

7.8CVSS7.4AI score0.00488EPSS

CVE•added 2009/02/22 10:30 p.m.•133 views

CVE-2009-0040

The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uniniti...

6.8CVSS8.1AI score0.03942EPSS

CVE•added 2019/12/18 6:15 p.m.•132 views

CVE-2019-8565

A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to gain root privileges.

7.6CVSS6.6AI score0.28731EPSS

CVE•added 2020/02/27 9:15 p.m.•132 views

CVE-2020-3829

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to gain elevated privileges.

9.3CVSS7AI score0.00299EPSS

CVE•added 2022/05/26 7:15 p.m.•130 views

CVE-2022-26726

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen.

6.5CVSS6.5AI score0.11271EPSS

CVE•added 2016/05/20 10:59 a.m.•129 views

CVE-2016-1834

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML do...

9.3CVSS8.6AI score0.03922EPSS

CVE•added 2019/03/05 4:29 p.m.•127 views

CVE-2019-6225

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.

7.8CVSS6.7AI score0.69378EPSS

CVE•added 2020/02/27 9:15 p.m.•127 views

CVE-2020-3840

An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1. Loading a maliciously crafted racoon configuration file may lead to arbitra...

7.8CVSS7.4AI score0.00469EPSS

CVE•added 2020/06/09 5:15 p.m.•126 views

CVE-2020-9800

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitr...

8.8CVSS8.8AI score0.00765EPSS

CVE•added 2017/02/20 8:59 a.m.•125 views

CVE-2016-4669

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cau...

7.8CVSS7.6AI score0.33691EPSS

CVE•added 2019/12/18 6:15 p.m.•125 views

CVE-2019-8662

This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.

9.8CVSS7.2AI score0.14427EPSS

Total number of security vulnerabilities985