Mac Os X Security Vulnerabilities and Issues — Mac Os X CVE List

Lucene search

AppleMac Os X

151 matches found

CVE•added 2021/12/20 12:15 p.m.•2483 views

CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forger...

8.2CVSS8.7AI score0.11965EPSS

CVE•added 2016/01/14 10:59 p.m.•1891 views

CVE-2016-0778

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-...

8.1CVSS7.3AI score0.01724EPSS

CVE•added 2022/07/28 2:15 a.m.•1581 views

CVE-2022-2294

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.02193EPSS

CVE•added 2021/04/02 6:15 p.m.•1342 views

CVE-2021-1789

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to a...

8.8CVSS8.6AI score0.00238EPSS

CVE•added 2017/07/13 1:29 p.m.•559 views

CVE-2017-11103

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version store...

8.1CVSS7.9AI score0.05766EPSS

CVE•added 2019/08/14 5:15 p.m.•451 views

CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary cipher...

8.1CVSS8.4AI score0.02341EPSS

CVE•added 2017/05/23 4:29 a.m.•415 views

CVE-2016-9840

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

8.8CVSS9.6AI score0.10111EPSS

CVE•added 2017/05/23 4:29 a.m.•394 views

CVE-2016-9842

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

8.8CVSS9.5AI score0.10907EPSS

CVE•added 2018/08/07 9:29 p.m.•388 views

CVE-2018-5383

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchang...

8CVSS6.1AI score0.00814EPSS

CVE•added 2017/03/27 5:59 p.m.•320 views

CVE-2017-6458

Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.

8.8CVSS8.5AI score0.04936EPSS

CVE•added 2019/04/03 6:29 p.m.•306 views

CVE-2018-20506

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to ...

8.1CVSS8.4AI score0.17974EPSS

CVE•added 2021/04/02 6:15 p.m.•289 views

CVE-2021-1788

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead t...

8.8CVSS8.4AI score0.00833EPSS

CVE•added 2016/07/23 7:59 p.m.•285 views

CVE-2016-5131

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

8.8CVSS7.8AI score0.04288EPSS

CVE•added 2019/12/18 6:15 p.m.•248 views

CVE-2019-8687

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitr...

8.8CVSS8.6AI score0.00816EPSS

CVE•added 2019/12/18 6:15 p.m.•244 views

CVE-2019-8666

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2019/12/18 6:15 p.m.•244 views

CVE-2019-8671

8.8CVSS8.5AI score0.28154EPSS

CVE•added 2019/12/18 6:15 p.m.•242 views

CVE-2019-8686

8.8CVSS8.6AI score0.00816EPSS

CVE•added 2019/12/18 6:15 p.m.•240 views

CVE-2019-8677

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2019/12/18 6:15 p.m.•235 views

CVE-2019-8681

8.8CVSS8.6AI score0.00816EPSS

CVE•added 2019/12/18 6:15 p.m.•232 views

CVE-2019-8673

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2020/10/27 8:15 p.m.•229 views

CVE-2019-8696

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.

8.8CVSS7.7AI score0.01225EPSS

CVE•added 2019/12/18 6:15 p.m.•226 views

CVE-2019-8611

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.5AI score0.28043EPSS

CVE•added 2019/12/18 6:15 p.m.•226 views

CVE-2019-8679

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2020/10/27 8:15 p.m.•220 views

CVE-2019-8675

8.8CVSS7.7AI score0.01225EPSS

CVE•added 2019/12/18 6:15 p.m.•219 views

CVE-2019-8683

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may l...

8.8CVSS8.5AI score0.00825EPSS

CVE•added 2019/12/18 6:15 p.m.•217 views

CVE-2019-8644

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2016/03/31 4:59 p.m.•214 views

CVE-2016-3142

The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an inv...

8.2CVSS7AI score0.04302EPSS

CVE•added 2019/12/18 6:15 p.m.•214 views

CVE-2019-8584

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2019/12/18 6:15 p.m.•214 views

CVE-2019-8595

8.8CVSS8.6AI score0.00811EPSS

CVE•added 2019/12/18 6:15 p.m.•213 views

CVE-2019-8601

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code e...

8.8CVSS8.5AI score0.09556EPSS

CVE•added 2019/12/18 6:15 p.m.•213 views

CVE-2019-8680

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2019/12/18 6:15 p.m.•211 views

CVE-2019-6237

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2021/09/20 4:15 p.m.•211 views

CVE-2021-39537

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

8.8CVSS8.5AI score0.00351EPSS

CVE•added 2019/12/18 6:15 p.m.•209 views

CVE-2019-8623

8.8CVSS8.5AI score0.27094EPSS

CVE•added 2019/12/18 6:15 p.m.•209 views

CVE-2019-8678

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2019/12/18 6:15 p.m.•208 views

CVE-2019-8583

8.8CVSS8.5AI score0.0082EPSS

CVE•added 2019/12/18 6:15 p.m.•208 views

CVE-2019-8622

8.8CVSS8.5AI score0.27094EPSS

CVE•added 2019/12/18 6:15 p.m.•207 views

CVE-2019-8587

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2016/03/13 6:59 p.m.•205 views

CVE-2016-1950

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

8.8CVSS7.9AI score0.03012EPSS

CVE•added 2019/12/18 6:15 p.m.•205 views

CVE-2019-8586

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2019/12/18 6:15 p.m.•202 views

CVE-2019-8596

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2019/12/18 6:15 p.m.•196 views

CVE-2019-8619

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2019/12/18 6:15 p.m.•195 views

CVE-2019-8571

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2019/12/18 6:15 p.m.•192 views

CVE-2019-8609

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2019/12/18 6:15 p.m.•192 views

CVE-2019-8610

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2019/12/18 6:15 p.m.•188 views

CVE-2019-8594

8.8CVSS8.5AI score0.00811EPSS

CVE•added 2019/04/03 6:29 p.m.•159 views

CVE-2018-4407

A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

8.8CVSS7.4AI score0.90882EPSS

CVE•added 2020/06/09 5:15 p.m.•125 views

CVE-2020-9800

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitr...

8.8CVSS8.8AI score0.00765EPSS

CVE•added 2016/03/24 1:59 a.m.•124 views

CVE-2016-1762

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

8.1CVSS7AI score0.05589EPSS

CVE•added 2021/09/08 2:15 p.m.•121 views

CVE-2021-30737

A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted...

8.8CVSS8.4AI score0.01324EPSS

Total number of security vulnerabilities151