Mac Os X@* Security Vulnerabilities and Issues — Mac Os X@* CVE List

Lucene search

AppleMac Os X*

308 matches found

cve•added 2019/12/18 6:15 p.m.•1071 views

CVE-2019-8605

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.

9.3CVSS7.5AI score0.10236EPSS

In wild

cve•added 2019/03/05 4:29 p.m.•1022 views

CVE-2019-6223

A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.

7.5CVSS6.9AI score0.00451EPSS

In wild

cve•added 2019/12/18 6:15 p.m.•904 views

CVE-2019-7286

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.

7.8CVSS7.7AI score0.02194EPSS

In wild

cve•added 2019/04/03 6:29 p.m.•828 views

CVE-2018-4344

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

9.3CVSS8.1AI score0.00478EPSS

In wild

cve•added 2019/08/09 8:15 p.m.•729 views

CVE-2019-11042

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to informatio...

7.1CVSS7.2AI score0.02317EPSS

cve•added 2019/08/09 8:15 p.m.•711 views

CVE-2019-11041

7.1CVSS7.2AI score0.0198EPSS

cve•added 2019/12/18 6:15 p.m.•548 views

CVE-2019-8526

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.

7.8CVSS7.6AI score0.00349EPSS

In wild

cve•added 2019/07/26 1:15 p.m.•528 views

CVE-2019-13565

An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. Af...

7.5CVSS7.4AI score0.04369EPSS

cve•added 2019/07/26 1:15 p.m.•509 views

CVE-2019-13057

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization...

4.9CVSS5.9AI score0.00844EPSS

cve•added 2019/10/03 7:15 p.m.•420 views

CVE-2019-15165

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

5.3CVSS6.2AI score0.00822EPSS

cve•added 2019/10/03 4:15 p.m.•329 views

CVE-2018-14463

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.

7.5CVSS8.7AI score0.00618EPSS

cve•added 2019/04/03 6:29 p.m.•308 views

CVE-2018-20506

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to ...

8.1CVSS8.4AI score0.17974EPSS

cve•added 2019/12/19 6:15 p.m.•308 views

CVE-2019-19906

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

7.5CVSS7.5AI score0.00168EPSS

cve•added 2019/12/18 6:15 p.m.•308 views

CVE-2019-8646

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to leak memory.

7.5CVSS6.8AI score0.07545EPSS

In wild

cve•added 2019/10/03 4:15 p.m.•303 views

CVE-2018-14462

The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().

7.5CVSS8.6AI score0.02283EPSS

cve•added 2019/10/03 4:15 p.m.•281 views

CVE-2018-14465

The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().

7.5CVSS8.6AI score0.01758EPSS

cve•added 2019/10/03 4:15 p.m.•281 views

CVE-2018-14469

The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().

7.5CVSS8.6AI score0.01735EPSS

cve•added 2019/04/03 6:29 p.m.•280 views

CVE-2018-20505

SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).

7.5CVSS8.2AI score0.07886EPSS

cve•added 2019/10/03 4:15 p.m.•276 views

CVE-2018-16229

The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().

7.5CVSS8.6AI score0.0297EPSS

cve•added 2019/10/03 5:15 p.m.•270 views

CVE-2019-15166

lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.

7.5CVSS6.8AI score0.00544EPSS

cve•added 2019/10/03 4:15 p.m.•263 views

CVE-2018-14468

The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

7.5CVSS8.6AI score0.00519EPSS

cve•added 2019/10/03 4:15 p.m.•261 views

CVE-2018-16451

The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.

7.5CVSS8.7AI score0.00335EPSS

cve•added 2019/10/03 4:15 p.m.•258 views

CVE-2018-14461

The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().

7.5CVSS8.6AI score0.00335EPSS

cve•added 2019/10/03 4:15 p.m.•257 views

CVE-2018-16228

The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().

7.5CVSS8.6AI score0.01543EPSS

cve•added 2019/12/18 6:15 p.m.•257 views

CVE-2019-8672

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may l...

9.3CVSS8.6AI score0.40339EPSS

cve•added 2019/12/18 6:15 p.m.•257 views

CVE-2019-8769

An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history.

4.3CVSS4.9AI score0.00151EPSS

cve•added 2019/10/03 4:15 p.m.•256 views

CVE-2018-16227

The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.

7.5CVSS8.6AI score0.04519EPSS

cve•added 2019/12/18 6:15 p.m.•254 views

CVE-2019-8687

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitr...

8.8CVSS8.6AI score0.00816EPSS

cve•added 2019/12/18 6:15 p.m.•254 views

CVE-2019-8690

A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously craf...

6.1CVSS6.1AI score0.08113EPSS

cve•added 2019/10/03 4:15 p.m.•250 views

CVE-2018-14879

The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().

7CVSS8.4AI score0.0052EPSS

cve•added 2019/12/18 6:15 p.m.•250 views

CVE-2019-8666

8.8CVSS8.5AI score0.00816EPSS

cve•added 2019/12/18 6:15 p.m.•250 views

CVE-2019-8671

8.8CVSS8.5AI score0.28154EPSS

cve•added 2019/12/18 6:15 p.m.•250 views

CVE-2019-8686

8.8CVSS8.6AI score0.00816EPSS

cve•added 2019/10/03 4:15 p.m.•249 views

CVE-2018-14467

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).

7.5CVSS8.6AI score0.00455EPSS

cve•added 2019/10/03 4:15 p.m.•248 views

CVE-2018-14880

The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().

7.5CVSS8.6AI score0.00986EPSS

cve•added 2019/10/03 4:15 p.m.•247 views

CVE-2018-14466

The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().

7.5CVSS8.6AI score0.02005EPSS

cve•added 2019/10/03 4:15 p.m.•245 views

CVE-2018-14882

The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.

7.5CVSS8.6AI score0.01301EPSS

cve•added 2019/12/18 6:15 p.m.•245 views

CVE-2019-8677

8.8CVSS8.5AI score0.00816EPSS

cve•added 2019/12/18 6:15 p.m.•242 views

CVE-2019-8681

8.8CVSS8.6AI score0.00816EPSS

cve•added 2019/12/18 6:15 p.m.•242 views

CVE-2019-8768

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items.

5.3CVSS5.5AI score0.0039EPSS

cve•added 2019/10/03 4:15 p.m.•241 views

CVE-2018-16230

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).

7.5CVSS8.6AI score0.00335EPSS

cve•added 2019/12/18 6:15 p.m.•240 views

CVE-2019-8689

9.3CVSS8.6AI score0.28818EPSS

cve•added 2019/12/18 6:15 p.m.•238 views

CVE-2019-8676

9.3CVSS8.6AI score0.03566EPSS

cve•added 2019/10/03 4:15 p.m.•236 views

CVE-2018-14464

The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().

7.5CVSS8.6AI score0.01543EPSS

cve•added 2019/12/18 6:15 p.m.•236 views

CVE-2019-8673

8.8CVSS8.5AI score0.00816EPSS

cve•added 2019/12/18 6:15 p.m.•232 views

CVE-2019-8611

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.5AI score0.28043EPSS

cve•added 2019/12/18 6:15 p.m.•230 views

CVE-2019-8679

8.8CVSS8.5AI score0.00816EPSS

cve•added 2019/10/03 4:15 p.m.•228 views

CVE-2018-14881

The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).

7.5CVSS8.6AI score0.02939EPSS

cve•added 2019/12/18 6:15 p.m.•224 views

CVE-2019-8683

8.8CVSS8.5AI score0.00825EPSS

cve•added 2019/12/18 6:15 p.m.•223 views