Mac Os X Security Vulnerabilities and Issues — Mac Os X CVE List

Lucene search

AppleMac Os X

38 matches found

CVE•added 2020/12/08 9:15 p.m.•1071 views

CVE-2020-27932

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental...

9.3CVSS7.2AI score0.01976EPSS

CVE•added 2020/12/08 9:15 p.m.•1035 views

CVE-2020-27930

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplem...

7.8CVSS7.6AI score0.47457EPSS

CVE•added 2020/12/14 8:15 p.m.•492 views

CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

7.5CVSS7.6AI score0.00161EPSS

CVE•added 2020/12/14 8:15 p.m.•349 views

CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service bann...

4.3CVSS6AI score0.00104EPSS

CVE•added 2020/12/14 8:15 p.m.•297 views

CVE-2020-8285

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

7.5CVSS7.7AI score0.0046EPSS

CVE•added 2020/12/08 8:15 p.m.•133 views

CVE-2020-9942

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS4.9AI score0.00247EPSS

CVE•added 2020/12/08 10:15 p.m.•102 views

CVE-2020-9991

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.

7.5CVSS6.1AI score0.02136EPSS

CVE•added 2020/12/08 8:15 p.m.•98 views

CVE-2020-9954

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 7.0, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Playing a malicious audio file may lead to arbitrary code exec...

7.8CVSS7.5AI score0.0086EPSS

CVE•added 2020/12/08 8:15 p.m.•98 views

CVE-2020-9999

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution.

7.8CVSS8.1AI score0.00688EPSS

CVE•added 2020/12/03 6:15 p.m.•95 views

CVE-2020-13524

An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim ...

6.3CVSS6.3AI score0.00411EPSS

CVE•added 2020/12/08 8:15 p.m.•89 views

CVE-2020-9966

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.2AI score0.00788EPSS

CVE•added 2020/12/08 8:15 p.m.•86 views

CVE-2020-9981

A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processi...

9.3CVSS7.5AI score0.00395EPSS

CVE•added 2020/12/08 8:15 p.m.•82 views

CVE-2020-9945

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS4.5AI score0.0034EPSS

CVE•added 2020/12/08 8:15 p.m.•80 views

CVE-2020-9969

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A local user may be able to view senstive user information.

5.5CVSS5.1AI score0.00156EPSS

CVE•added 2020/12/08 8:15 p.m.•78 views

CVE-2020-9943

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A malicious application may be able to read restricted memory.

5.5CVSS5.1AI score0.00302EPSS

CVE•added 2020/12/08 8:15 p.m.•77 views

CVE-2020-10002

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files.

5.5CVSS5.2AI score0.00116EPSS

CVE•added 2020/12/08 8:15 p.m.•74 views

CVE-2020-9989

The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.

5.5CVSS5.2AI score0.00148EPSS

CVE•added 2020/12/08 8:15 p.m.•72 views

CVE-2020-10016

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.4AI score0.00564EPSS

CVE•added 2020/12/08 9:15 p.m.•72 views

CVE-2020-10017

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.

7.8CVSS7.5AI score0.00646EPSS

CVE•added 2020/12/08 8:15 p.m.•71 views

CVE-2020-10010

A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.

7.8CVSS6.4AI score0.00096EPSS

CVE•added 2020/12/08 8:15 p.m.•71 views

CVE-2020-9949

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra, tvOS 14.0. An application may be able to execute a...

9.3CVSS7.6AI score0.007EPSS

CVE•added 2020/12/08 8:15 p.m.•70 views

CVE-2020-9944

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to read restricted memory.

5.5CVSS5.2AI score0.00302EPSS

CVE•added 2020/12/08 8:15 p.m.•69 views

CVE-2020-9963

The issue was addressed with improved handling of icon caches. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious app may be able to determine the existence of files on the computer.

5.5CVSS5.1AI score0.00325EPSS

CVE•added 2020/12/08 8:15 p.m.•69 views

CVE-2020-9988

The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.

5.5CVSS5.2AI score0.00148EPSS

CVE•added 2020/12/08 8:15 p.m.•67 views

CVE-2020-9977

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to determine a user's open tabs in Safari.

5.5CVSS5AI score0.00359EPSS

CVE•added 2020/12/08 8:15 p.m.•66 views

CVE-2020-10004

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

7.8CVSS7.7AI score0.00559EPSS

CVE•added 2020/12/08 8:15 p.m.•65 views

CVE-2020-10003

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.

7.8CVSS6.4AI score0.00288EPSS

CVE•added 2020/12/08 8:15 p.m.•63 views

CVE-2020-10007

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to determine kernel memory layout.

5.5CVSS5.2AI score0.00159EPSS

CVE•added 2020/12/08 10:15 p.m.•63 views

CVE-2020-27896

A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to modify the file system.

5.5CVSS5.5AI score0.01021EPSS

CVE•added 2020/12/08 8:15 p.m.•62 views

CVE-2020-10014

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to break out of its sandbox.

6.3CVSS5.8AI score0.00789EPSS

CVE•added 2020/12/08 8:15 p.m.•61 views

CVE-2020-10006

This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files.

5.5CVSS5.3AI score0.00314EPSS

CVE•added 2020/12/08 8:15 p.m.•61 views

CVE-2020-10011

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination...

7.8CVSS7.3AI score0.00748EPSS

CVE•added 2020/12/08 8:15 p.m.•61 views

CVE-2020-9974

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to determine kernel memory layout.

5.5CVSS4.9AI score0.00349EPSS

CVE•added 2020/12/08 8:15 p.m.•59 views

CVE-2020-10012

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted document may lead to a cross site scripting attack.

6.1CVSS5.6AI score0.00896EPSS

CVE•added 2020/12/08 8:15 p.m.•57 views

CVE-2020-9922

A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted email may lead to writing arbitrary files.

6.5CVSS6.1AI score0.00405EPSS

CVE•added 2020/12/08 8:15 p.m.•56 views

CVE-2020-10009

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions.

5.5CVSS5.4AI score0.00302EPSS

CVE•added 2020/12/08 8:15 p.m.•56 views

CVE-2020-10013

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.3AI score0.00246EPSS

CVE•added 2020/12/08 8:15 p.m.•53 views

CVE-2020-9996

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to elevate privileges.

7.8CVSS6.6AI score0.0031EPSS