Macos Security Vulnerabilities and Issues — Macos CVE List

Lucene search

AppleMacos

2687 matches found

CVE•added 2022/03/14 11:15 a.m.•7594 views

CVE-2022-22720

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

9.8CVSS9.4AI score0.3179EPSS

CVE•added 2024/02/21 7:15 a.m.•6978 views

CVE-2023-42853

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.

5.5CVSS6.6AI score0.00038EPSS

CVE•added 2024/02/21 7:15 a.m.•6943 views

CVE-2023-42836

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An attacker may be able to access connected network volumes mounted in the home directory.

5.3CVSS5.2AI score0.00205EPSS

CVE•added 2024/02/21 7:15 a.m.•6891 views

CVE-2023-42952

The issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.1. An app with root privileges may be able to access private information.

4.4CVSS6.7AI score0.00025EPSS

CVE•added 2024/02/21 7:15 a.m.•6864 views

CVE-2023-42835

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to access user data.

7.5CVSS7.2AI score0.00103EPSS

CVE•added 2021/12/20 12:15 p.m.•6725 views

CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earl...

9.8CVSS9.9AI score0.85858EPSS

CVE•added 2024/02/21 7:15 a.m.•6707 views

CVE-2023-42889

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to bypass certain Privacy preferences.

5.5CVSS6.7AI score0.00055EPSS

CVE•added 2024/02/21 7:15 a.m.•6603 views

CVE-2023-42839

This issue was addressed with improved state management. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

6.2CVSS7AI score0.00051EPSS

CVE•added 2024/02/21 7:15 a.m.•6598 views

CVE-2023-42878

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

5.5CVSS7AI score0.00053EPSS

CVE•added 2024/02/21 7:15 a.m.•6215 views

CVE-2023-42953

A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

5.5CVSS7.2AI score0.00042EPSS

CVE•added 2024/02/21 7:15 a.m.•6213 views

CVE-2023-42843

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.

7.5CVSS5.2AI score0.00071EPSS

CVE•added 2024/02/21 7:15 a.m.•6204 views

CVE-2023-42946

This issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to leak sensitive user information.

7.5CVSS7.1AI score0.00144EPSS

CVE•added 2024/02/21 7:15 a.m.•6172 views

CVE-2023-42834

A privacy issue was addressed with improved handling of files. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.

6.2CVSS7AI score0.0006EPSS

CVE•added 2024/02/21 7:15 a.m.•6149 views

CVE-2023-42823

The issue was resolved by sanitizing logging This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.

5.5CVSS7.1AI score0.00046EPSS

CVE•added 2024/04/04 8:15 p.m.•4703 views

CVE-2023-38709

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

7.3CVSS7.1AI score0.03698EPSS

CVE•added 2024/02/21 7:15 a.m.•4526 views

CVE-2023-42873

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.5AI score0.00077EPSS

CVE•added 2024/02/21 7:15 a.m.•4514 views

CVE-2023-42860

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system.

7.7CVSS6.7AI score0.00574EPSS

CVE•added 2024/02/21 7:15 a.m.•4486 views

CVE-2023-42942

This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges.

7.8CVSS7AI score0.00126EPSS

CVE•added 2024/02/21 7:15 a.m.•4469 views

CVE-2023-42848

The issue was addressed with improved bounds checks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. Processing a maliciously crafted image may lead to heap corruption.

7.8CVSS6.9AI score0.00043EPSS

CVE•added 2024/02/21 7:15 a.m.•4356 views

CVE-2023-42945

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may gain unauthorized access to Bluetooth.

9.1CVSS7.5AI score0.00057EPSS

CVE•added 2024/02/21 7:15 a.m.•4081 views

CVE-2023-42838

An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

8.6CVSS8.2AI score0.00035EPSS

CVE•added 2024/02/21 7:15 a.m.•3850 views

CVE-2023-42877

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system.

7.7CVSS6.6AI score0.00034EPSS

CVE•added 2023/12/18 4:15 p.m.•3805 views

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connecti...

5.9CVSS6.7AI score0.64791EPSS

CVE•added 2024/04/04 8:15 p.m.•3711 views

CVE-2024-24795

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

6.3CVSS7AI score0.01253EPSS

CVE•added 2024/05/14 3:13 p.m.•3593 views

CVE-2024-27818

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution.

7.8CVSS5.3AI score0.00034EPSS

CVE•added 2024/02/21 7:15 a.m.•3077 views

CVE-2023-42840

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.

5.5CVSS6.6AI score0.00039EPSS

CVE•added 2022/03/25 9:15 a.m.•3060 views

CVE-2018-25032

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

7.5CVSS8.1AI score0.00095EPSS

CVE•added 2024/05/14 3:13 p.m.•2864 views

CVE-2024-27789

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Ventura 13.6.7, macOS Sonoma 14.4. An app may be able to access user-sensitive data.

5.5CVSS5.2AI score0.00061EPSS

CVE•added 2024/02/21 7:15 a.m.•2849 views

CVE-2023-42858

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.

5.5CVSS6.6AI score0.00048EPSS

CVE•added 2021/12/20 12:15 p.m.•2483 views

CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forger...

8.2CVSS8.7AI score0.11965EPSS

CVE•added 2024/05/14 3:13 p.m.•2439 views

CVE-2024-27816

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker may be able to access user data.

5.5CVSS5.3AI score0.00028EPSS

CVE•added 2022/03/14 11:15 a.m.•2333 views

CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

9.1CVSS9.4AI score0.23333EPSS

CVE•added 2020/12/08 10:15 p.m.•2107 views

CVE-2020-27918

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary cod...

7.8CVSS8.6AI score0.00164EPSS

CVE•added 2022/03/14 11:15 a.m.•2000 views

CVE-2022-22719

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

7.5CVSS8.7AI score0.34984EPSS

CVE•added 2021/02/16 5:15 p.m.•1905 views

CVE-2021-23841

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if t...

5.9CVSS7AI score0.00665EPSS

CVE•added 2023/06/23 6:15 p.m.•1770 views

CVE-2023-32373

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is awa...

8.8CVSS8.6AI score0.00012EPSS

CVE•added 2023/06/23 6:15 p.m.•1743 views

CVE-2023-28204

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this...

6.5CVSS6.6AI score0.00039EPSS

CVE•added 2023/06/23 6:15 p.m.•1629 views

CVE-2023-32409

The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue ...

8.6CVSS7.7AI score0.00354EPSS

CVE•added 2022/07/28 2:15 a.m.•1580 views

CVE-2022-2294

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.02193EPSS

CVE•added 2021/09/08 3:15 p.m.•1427 views

CVE-2021-30661

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report tha...

8.8CVSS9.1AI score0.00218EPSS

CVE•added 2021/04/02 6:15 p.m.•1341 views

CVE-2021-1789

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to a...

8.8CVSS8.6AI score0.00238EPSS

CVE•added 2021/03/26 9:15 p.m.•1319 views

CVE-2020-7463

In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-fre...

5.5CVSS5.8AI score0.00049EPSS

CVE•added 2022/05/26 6:15 p.m.•1284 views

CVE-2022-22675

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report...

9.3CVSS8.2AI score0.00531EPSS

CVE•added 2021/04/02 7:15 p.m.•1255 views

CVE-2021-1871

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issu...

9.8CVSS8.6AI score0.00997EPSS

CVE•added 2021/04/02 7:15 p.m.•1249 views

CVE-2021-1870

9.8CVSS8.6AI score0.00524EPSS

CVE•added 2021/08/24 7:15 p.m.•1243 views

CVE-2021-30860

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this is...

7.8CVSS6.5AI score0.69382EPSS

CVE•added 2021/08/24 7:15 p.m.•1226 views

CVE-2021-30858

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

8.8CVSS8.9AI score0.0118EPSS

CVE•added 2022/05/26 6:15 p.m.•1220 views

CVE-2022-22674

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory.

5.5CVSS5.9AI score0.00145EPSS

CVE•added 2020/11/03 3:15 a.m.•1218 views

CVE-2020-15969

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.03155EPSS

CVE•added 2021/09/08 3:15 p.m.•1200 views

CVE-2021-30665

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that t...

8.8CVSS8.9AI score0.00562EPSS

Total number of security vulnerabilities2687