Mac Os X Security Vulnerabilities and Issues — Mac Os X CVE List

Lucene search

AppleMac Os X

331 matches found

CVE•added 2021/12/20 12:15 p.m.•6726 views

CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earl...

9.8CVSS9.9AI score0.85858EPSS

CVE•added 2021/12/20 12:15 p.m.•2483 views

CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forger...

8.2CVSS8.7AI score0.11965EPSS

CVE•added 2021/04/02 6:15 p.m.•1342 views

CVE-2021-1789

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to a...

8.8CVSS8.6AI score0.00238EPSS

CVE•added 2021/04/02 7:15 p.m.•1256 views

CVE-2021-1871

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issu...

9.8CVSS8.6AI score0.00997EPSS

CVE•added 2021/04/02 7:15 p.m.•1250 views

CVE-2021-1870

9.8CVSS8.6AI score0.00524EPSS

CVE•added 2021/08/24 7:15 p.m.•1244 views

CVE-2021-30860

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this is...

7.8CVSS6.5AI score0.69382EPSS

CVE•added 2021/09/08 3:15 p.m.•1097 views

CVE-2021-30713

A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..

7.8CVSS6.8AI score0.00127EPSS

CVE•added 2021/08/24 7:15 p.m.•1092 views

CVE-2021-30869

A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may be able to execute a...

9.3CVSS7.7AI score0.04229EPSS

CVE•added 2021/09/08 3:15 p.m.•1069 views

CVE-2021-30657

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited..

5.5CVSS6.2AI score0.73512EPSS

CVE•added 2021/04/02 6:15 p.m.•1041 views

CVE-2021-1782

A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a repor...

7CVSS7AI score0.06092EPSS

CVE•added 2021/08/24 7:15 p.m.•733 views

CVE-2021-31010

A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that ...

7.5CVSS6.7AI score0.01359EPSS

CVE•added 2021/08/05 9:15 p.m.•408 views

CVE-2021-22925

curl supports the -t command line option, known as CURLOPT_TELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEW_ENV variables, libcurlcould be made to pass on uninitialized data from a stack based b...

5.3CVSS6.3AI score0.00453EPSS

CVE•added 2021/05/18 12:15 p.m.•291 views

CVE-2020-25709

A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.

7.5CVSS7.2AI score0.0372EPSS

CVE•added 2021/04/02 6:15 p.m.•289 views

CVE-2021-1788

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead t...

8.8CVSS8.4AI score0.00833EPSS

CVE•added 2021/04/02 6:15 p.m.•279 views

CVE-2020-10001

An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory.

5.5CVSS4.7AI score0.00091EPSS

CVE•added 2021/04/02 6:15 p.m.•266 views

CVE-2020-29623

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete b...

3.3CVSS4.9AI score0.00053EPSS

CVE•added 2021/01/26 6:15 p.m.•266 views

CVE-2020-36230

A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.

7.5CVSS7.4AI score0.00753EPSS

CVE•added 2021/12/31 3:15 p.m.•264 views

CVE-2021-4192

vim is vulnerable to Use After Free

7.8CVSS7.1AI score0.00329EPSS

CVE•added 2021/04/02 6:15 p.m.•261 views

CVE-2021-1765

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.

6.5CVSS7AI score0.00085EPSS

CVE•added 2021/01/26 6:15 p.m.•254 views

CVE-2020-36229

A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.

7.5CVSS7.3AI score0.01984EPSS

CVE•added 2021/12/31 4:15 p.m.•249 views

CVE-2021-4193

vim is vulnerable to Out-of-bounds Read

5.5CVSS7.1AI score0.00325EPSS

CVE•added 2021/01/26 6:15 p.m.•243 views

CVE-2020-36226

A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.

7.5CVSS7.3AI score0.00423EPSS

CVE•added 2021/01/26 6:15 p.m.•239 views

CVE-2020-36224

A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

7.5CVSS7.4AI score0.00574EPSS

CVE•added 2021/01/26 6:15 p.m.•232 views

CVE-2020-36223

A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).

7.5CVSS7.3AI score0.06006EPSS

CVE•added 2021/09/08 2:15 p.m.•229 views

CVE-2021-30799

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.

9.3CVSS8.8AI score0.01039EPSS

CVE•added 2021/01/26 6:15 p.m.•223 views

CVE-2020-36222

A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.

7.5CVSS7.3AI score0.35851EPSS

CVE•added 2021/01/26 6:15 p.m.•219 views

CVE-2020-36221

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).

7.5CVSS7.4AI score0.47645EPSS

CVE•added 2021/12/25 7:15 p.m.•219 views

CVE-2021-4166

vim is vulnerable to Out-of-bounds Read

7.1CVSS8.1AI score0.00224EPSS

CVE•added 2021/09/20 4:15 p.m.•211 views

CVE-2021-39537

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

8.8CVSS8.5AI score0.00351EPSS

CVE•added 2021/12/19 5:15 p.m.•178 views

CVE-2021-4136

vim is vulnerable to Heap-based Buffer Overflow

7.8CVSS8.3AI score0.00154EPSS

CVE•added 2021/12/27 1:15 p.m.•159 views

CVE-2021-4173

vim is vulnerable to Use After Free

7.8CVSS7.4AI score0.00191EPSS

CVE•added 2021/12/29 5:15 p.m.•156 views

CVE-2021-4187

vim is vulnerable to Use After Free

7.8CVSS7.9AI score0.00245EPSS

CVE•added 2021/09/08 2:15 p.m.•124 views

CVE-2021-30721

A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information.

6.5CVSS6.3AI score0.00501EPSS

CVE•added 2021/09/08 2:15 p.m.•121 views

CVE-2021-30737

A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted...

8.8CVSS8.4AI score0.01324EPSS

CVE•added 2021/04/02 7:15 p.m.•119 views

CVE-2021-1797

The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files.

5.5CVSS5.7AI score0.00046EPSS

CVE•added 2021/08/24 7:15 p.m.•111 views

CVE-2021-30855

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. An application may be able to access restri...

5.5CVSS5.3AI score0.00214EPSS

CVE•added 2021/04/02 7:15 p.m.•109 views

CVE-2021-1753

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

7.8CVSS7.6AI score0.00364EPSS

CVE•added 2021/04/02 7:15 p.m.•107 views

CVE-2021-1818

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected application termination or a...

9.8CVSS8.2AI score0.03783EPSS

CVE•added 2021/08/24 7:15 p.m.•107 views

CVE-2021-30919

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted PDF may lead t...

7.8CVSS7.5AI score0.00601EPSS

CVE•added 2021/04/02 7:15 p.m.•106 views

CVE-2021-1761

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.

7.5CVSS6.5AI score0.01185EPSS

CVE•added 2021/09/08 2:15 p.m.•106 views

CVE-2021-30724

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local attacker may be able to elevate their privileges.

7.8CVSS7AI score0.00207EPSS

CVE•added 2021/04/02 7:15 p.m.•104 views

CVE-2021-1793

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

7.8CVSS8AI score0.00462EPSS

CVE•added 2021/09/08 3:15 p.m.•104 views

CVE-2021-1857

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing...

6.5CVSS6.5AI score0.00605EPSS

CVE•added 2021/09/08 3:15 p.m.•103 views

CVE-2021-1811

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously ...

6.5CVSS6.3AI score0.00605EPSS

CVE•added 2021/10/19 2:15 p.m.•103 views

CVE-2021-30835

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution.

7.8CVSS7.9AI score0.00402EPSS

CVE•added 2021/08/24 7:15 p.m.•103 views

CVE-2021-30949

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to execute arbitrary code with kernel pr...

9.3CVSS7.8AI score0.00564EPSS

CVE•added 2021/04/02 6:15 p.m.•102 views

CVE-2020-29618

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may le...

7.8CVSS7.7AI score0.00849EPSS

CVE•added 2021/04/02 7:15 p.m.•102 views

CVE-2021-1805

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.4AI score0.00334EPSS

CVE•added 2021/09/08 3:15 p.m.•100 views

CVE-2021-30715

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service.

7.5CVSS6.7AI score0.00653EPSS

CVE•added 2021/08/24 7:15 p.m.•100 views

CVE-2021-30910

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted file may disclose user information.

5.5CVSS5.2AI score0.00327EPSS

Total number of security vulnerabilities331