Mac Os X@* Security Vulnerabilities and Issues — Page 4 of Mac Os X@* CVE List

Lucene search

AppleMac Os X*

2420 matches found

CVE•added 2012/02/16 8:55 p.m.•227 views

CVE-2011-3026

Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.

6.8CVSS9.1AI score0.34687EPSS

CVE•added 2015/06/09 6:59 p.m.•227 views

CVE-2015-4024

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth ou...

5CVSS7.3AI score0.69918EPSS

CVE•added 2019/12/18 6:15 p.m.•226 views

CVE-2019-8611

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.5AI score0.28043EPSS

CVE•added 2019/12/18 6:15 p.m.•226 views

CVE-2019-8679

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitr...

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2021/01/26 6:15 p.m.•223 views

CVE-2020-36222

A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.

7.5CVSS7.3AI score0.35851EPSS

CVE•added 2015/04/24 5:59 p.m.•222 views

CVE-2015-3416

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecifie...

7.5CVSS8.1AI score0.05572EPSS

CVE•added 2015/06/09 6:59 p.m.•221 views

CVE-2015-4021

The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory cor...

5CVSS7.2AI score0.36369EPSS

CVE•added 2019/10/03 4:15 p.m.•220 views

CVE-2018-14881

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).

7.5CVSS8.6AI score0.02939EPSS

CVE•added 2020/10/27 8:15 p.m.•220 views

CVE-2019-8675

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.

8.8CVSS7.7AI score0.01225EPSS

CVE•added 2019/12/18 6:15 p.m.•219 views

CVE-2019-8683

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may l...

8.8CVSS8.5AI score0.00825EPSS

CVE•added 2021/01/26 6:15 p.m.•219 views

CVE-2020-36221

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).

7.5CVSS7.4AI score0.47645EPSS

CVE•added 2015/06/09 6:59 p.m.•218 views

CVE-2015-4147

The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related t...

7.5CVSS7.9AI score0.47536EPSS

CVE•added 2019/12/18 6:15 p.m.•217 views

CVE-2019-8644

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2019/12/18 6:15 p.m.•217 views

CVE-2019-8688

9.3CVSS8.6AI score0.04267EPSS

CVE•added 2015/12/11 12:0 p.m.•216 views

CVE-2015-7803

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that...

6.8CVSS7.7AI score0.14029EPSS

CVE•added 2015/12/11 12:0 p.m.•216 views

CVE-2015-7804

Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.

6.8CVSS7.9AI score0.11459EPSS

CVE•added 2019/12/18 6:15 p.m.•215 views

CVE-2019-8669

9.3CVSS8.5AI score0.03566EPSS

CVE•added 2019/12/18 6:15 p.m.•215 views

CVE-2019-8684

9.3CVSS8.6AI score0.03566EPSS

CVE•added 2016/03/31 4:59 p.m.•214 views

CVE-2016-3142

The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an inv...

8.2CVSS7AI score0.04302EPSS

CVE•added 2019/12/18 6:15 p.m.•214 views

CVE-2019-8584

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2019/12/18 6:15 p.m.•214 views

CVE-2019-8595

8.8CVSS8.6AI score0.00811EPSS

CVE•added 2019/12/18 6:15 p.m.•214 views

CVE-2019-8615

6.5CVSS7.9AI score0.00728EPSS

CVE•added 2019/12/18 6:15 p.m.•213 views

CVE-2019-8601

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code e...

8.8CVSS8.5AI score0.09556EPSS

CVE•added 2019/12/18 6:15 p.m.•213 views

CVE-2019-8680

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2016/05/20 11:0 a.m.•211 views

CVE-2016-4071

Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.

9.8CVSS8AI score0.21589EPSS

CVE•added 2019/12/18 6:15 p.m.•211 views

CVE-2019-6237

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2016/06/09 4:59 p.m.•209 views

CVE-2016-4447

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

7.5CVSS8.1AI score0.02801EPSS

CVE•added 2019/10/03 4:15 p.m.•209 views

CVE-2018-14470

The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().

7.5CVSS8.6AI score0.0223EPSS

CVE•added 2019/12/18 6:15 p.m.•209 views

CVE-2019-8623

8.8CVSS8.5AI score0.27094EPSS

CVE•added 2019/12/18 6:15 p.m.•209 views

CVE-2019-8678

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2015/06/09 6:59 p.m.•208 views

CVE-2015-4022

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.

7.5CVSS8.6AI score0.14561EPSS

CVE•added 2019/12/18 6:15 p.m.•208 views

CVE-2019-8583

8.8CVSS8.5AI score0.0082EPSS

CVE•added 2019/12/18 6:15 p.m.•208 views

CVE-2019-8622

8.8CVSS8.5AI score0.27094EPSS

CVE•added 2019/12/18 6:15 p.m.•208 views

CVE-2019-8649

A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciou...

6.1CVSS6AI score0.0982EPSS

CVE•added 2019/12/18 6:15 p.m.•207 views

CVE-2019-8587

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2016/03/13 6:59 p.m.•205 views

CVE-2016-1950

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

8.8CVSS7.9AI score0.03012EPSS

CVE•added 2019/12/18 6:15 p.m.•205 views

CVE-2019-8586

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2019/12/18 6:15 p.m.•205 views

CVE-2019-8597

6.5CVSS7.8AI score0.00728EPSS

CVE•added 2015/06/09 6:59 p.m.•204 views

CVE-2015-2783

ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data ...

5.8CVSS7.1AI score0.09675EPSS

CVE•added 2015/06/09 6:59 p.m.•203 views

CVE-2015-3330

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP...

6.8CVSS8.1AI score0.38958EPSS

CVE•added 2019/12/18 6:15 p.m.•203 views

CVE-2019-8607

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process ...

6.5CVSS6.5AI score0.00683EPSS

CVE•added 2019/12/18 6:15 p.m.•202 views

CVE-2019-8596

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2022/05/26 7:15 p.m.•200 views

CVE-2022-26722

A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.

9.3CVSS8AI score0.00173EPSS

CVE•added 2019/12/18 6:15 p.m.•199 views

CVE-2019-8608

6.8CVSS7.7AI score0.00767EPSS

CVE•added 2022/05/26 8:15 p.m.•198 views

CVE-2022-26751

A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execut...

7.8CVSS8.3AI score0.00627EPSS

CVE•added 2019/12/18 6:15 p.m.•197 views

CVE-2019-8658

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cro...

6.1CVSS6AI score0.00924EPSS

CVE•added 2019/12/18 6:15 p.m.•196 views

CVE-2019-8619

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2019/12/18 6:15 p.m.•195 views

CVE-2019-8571

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2015/08/14 6:59 p.m.•193 views

CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

5CVSS6.5AI score0.02464EPSS

CVE•added 2019/12/18 6:15 p.m.•192 views

CVE-2019-8609

8.8CVSS8.5AI score0.00811EPSS

Total number of security vulnerabilities2420