Mac Os X@10.14.6 Security Vulnerabilities and Issues — Mac Os X@10.14.6 CVE List

Lucene search

AppleMac Os X10.14.6

227 matches found

CVE•added 2021/04/02 6:15 p.m.•1342 views

CVE-2021-1789

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to a...

8.8CVSS8.6AI score0.00238EPSS

CVE•added 2021/08/24 7:15 p.m.•1092 views

CVE-2021-30869

A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may be able to execute a...

9.3CVSS7.7AI score0.04229EPSS

CVE•added 2021/04/02 6:15 p.m.•1041 views

CVE-2021-1782

A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a repor...

7CVSS7AI score0.06092EPSS

CVE•added 2019/07/26 1:15 p.m.•525 views

CVE-2019-13565

An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. Af...

7.5CVSS7.4AI score0.04369EPSS

CVE•added 2020/05/28 2:15 p.m.•518 views

CVE-2019-20807

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

5.3CVSS6AI score0.00074EPSS

CVE•added 2019/07/26 1:15 p.m.•507 views

CVE-2019-13057

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization...

4.9CVSS5.9AI score0.00844EPSS

CVE•added 2020/12/14 8:15 p.m.•492 views

CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

7.5CVSS7.6AI score0.00161EPSS

CVE•added 2020/04/28 7:15 p.m.•439 views

CVE-2020-12243

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

7.5CVSS7.4AI score0.05011EPSS

CVE•added 2019/10/03 7:15 p.m.•415 views

CVE-2019-15165

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

5.3CVSS6.2AI score0.01322EPSS

CVE•added 2020/02/24 2:15 p.m.•359 views

CVE-2019-20044

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

7.8CVSS7.8AI score0.00091EPSS

CVE•added 2020/12/14 8:15 p.m.•349 views

CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service bann...

4.3CVSS6AI score0.00067EPSS

CVE•added 2020/11/04 6:15 p.m.•340 views

CVE-2020-8037

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.

7.5CVSS7.5AI score0.00273EPSS

CVE•added 2019/12/19 6:15 p.m.•305 views

CVE-2019-19906

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

7.5CVSS7.5AI score0.00228EPSS

CVE•added 2020/12/14 8:15 p.m.•297 views

CVE-2020-8285

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

7.5CVSS7.7AI score0.00624EPSS

CVE•added 2021/05/18 12:15 p.m.•291 views

CVE-2020-25709

A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.

7.5CVSS7.2AI score0.0372EPSS

CVE•added 2021/04/02 6:15 p.m.•289 views

CVE-2021-1788

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead t...

8.8CVSS8.4AI score0.00833EPSS

CVE•added 2020/04/14 11:15 p.m.•268 views

CVE-2020-11763

An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.

5.5CVSS5.5AI score0.00363EPSS

CVE•added 2021/04/02 6:15 p.m.•266 views

CVE-2020-29623

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete b...

3.3CVSS4.9AI score0.00053EPSS

CVE•added 2021/01/26 6:15 p.m.•266 views

CVE-2020-36230

A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.

7.5CVSS7.4AI score0.00753EPSS

CVE•added 2021/04/02 6:15 p.m.•261 views

CVE-2021-1765

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.

6.5CVSS7AI score0.00085EPSS

CVE•added 2020/04/14 11:15 p.m.•257 views

CVE-2020-11764

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.

5.5CVSS5.6AI score0.00493EPSS

CVE•added 2021/01/26 6:15 p.m.•254 views

CVE-2020-36229

A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.

7.5CVSS7.3AI score0.01984EPSS

CVE•added 2020/04/14 11:15 p.m.•246 views

CVE-2020-11761

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.

5.5CVSS5.5AI score0.00363EPSS

CVE•added 2021/01/26 6:15 p.m.•243 views

CVE-2020-36226

A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.

7.5CVSS7.3AI score0.00423EPSS

CVE•added 2020/04/14 11:15 p.m.•242 views

CVE-2020-11758

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.

5.5CVSS5.5AI score0.0035EPSS

CVE•added 2020/04/14 11:15 p.m.•240 views

CVE-2020-11760

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.

5.5CVSS5.5AI score0.00388EPSS

CVE•added 2021/01/26 6:15 p.m.•239 views

CVE-2020-36224

A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

7.5CVSS7.4AI score0.00574EPSS

CVE•added 2020/04/14 11:15 p.m.•238 views

CVE-2020-11765

An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.

5.5CVSS5.4AI score0.0035EPSS

CVE•added 2020/04/14 11:15 p.m.•236 views

CVE-2020-11762

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.

5.5CVSS5.5AI score0.0039EPSS

CVE•added 2021/01/26 6:15 p.m.•232 views

CVE-2020-36223

A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).

7.5CVSS7.3AI score0.06006EPSS

CVE•added 2021/09/08 2:15 p.m.•229 views

CVE-2021-30799

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.

9.3CVSS8.8AI score0.01039EPSS

CVE•added 2021/01/26 6:15 p.m.•223 views

CVE-2020-36222

A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.

7.5CVSS7.3AI score0.35851EPSS

CVE•added 2021/01/26 6:15 p.m.•219 views

CVE-2020-36221

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).

7.5CVSS7.4AI score0.47645EPSS

CVE•added 2020/05/08 8:15 p.m.•191 views

CVE-2020-6616

Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 ...

6.5CVSS7.5AI score0.00122EPSS

CVE•added 2020/04/14 11:15 p.m.•178 views

CVE-2020-11759

An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.

5.5CVSS6.1AI score0.00718EPSS

CVE•added 2020/02/27 9:15 p.m.•136 views

CVE-2020-3878

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to a...

7.8CVSS7.7AI score0.00715EPSS

CVE•added 2021/09/08 2:15 p.m.•124 views

CVE-2021-30721

A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information.

6.5CVSS6.3AI score0.00501EPSS

CVE•added 2020/06/09 5:15 p.m.•123 views

CVE-2020-9856

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges.

5.3CVSS5.4AI score0.18924EPSS

CVE•added 2021/09/08 2:15 p.m.•121 views

CVE-2021-30737

A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted...

8.8CVSS8.4AI score0.01324EPSS

CVE•added 2021/04/02 7:15 p.m.•119 views

CVE-2021-1797

The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files.

5.5CVSS5.7AI score0.00046EPSS

CVE•added 2020/06/09 5:15 p.m.•110 views

CVE-2020-9844

A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

7.8CVSS6.7AI score0.00528EPSS

CVE•added 2021/04/02 7:15 p.m.•109 views

CVE-2021-1753

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

7.8CVSS7.6AI score0.00364EPSS

CVE•added 2021/04/02 7:15 p.m.•107 views

CVE-2021-1818

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected application termination or a...

9.8CVSS8.2AI score0.03783EPSS

CVE•added 2021/04/02 7:15 p.m.•106 views

CVE-2021-1761

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.

7.5CVSS6.5AI score0.01185EPSS

CVE•added 2021/09/08 2:15 p.m.•106 views

CVE-2021-30724

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local attacker may be able to elevate their privileges.

7.8CVSS7AI score0.00207EPSS

CVE•added 2021/09/08 3:15 p.m.•104 views

CVE-2021-1857

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing...

6.5CVSS6.5AI score0.00605EPSS

CVE•added 2021/09/08 3:15 p.m.•103 views

CVE-2021-1811

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously ...

6.5CVSS6.3AI score0.00605EPSS

CVE•added 2021/04/02 6:15 p.m.•102 views

CVE-2020-29618

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may le...

7.8CVSS7.7AI score0.00849EPSS

CVE•added 2021/04/02 7:15 p.m.•102 views

CVE-2021-1805

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.4AI score0.00334EPSS

CVE•added 2020/10/22 6:15 p.m.•100 views

CVE-2020-9876

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Opening a maliciously crafted PDF file may lea...

7.8CVSS7.9AI score0.00683EPSS

Total number of security vulnerabilities227