Macos@* Security Vulnerabilities and Issues — Page 7 of Macos@* CVE List

Lucene search

AppleMacos*

2754 matches found

CVE•added 2021/09/08 2:15 p.m.•243 views

CVE-2021-30799

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.

9.3CVSS8.8AI score0.00766EPSS

CVE•added 2022/09/23 7:15 p.m.•243 views

CVE-2022-26700

A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution.

8.8CVSS8.3AI score0.00165EPSS

CVE•added 2023/10/25 7:15 p.m.•243 views

CVE-2023-40405

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information.

3.3CVSS3.8AI score0.00047EPSS

CVE•added 2023/10/25 7:15 p.m.•243 views

CVE-2023-42438

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. Visiting a malicious website may lead to user interface spoofing.

4.3CVSS4.3AI score0.001EPSS

CVE•added 2023/10/25 7:15 p.m.•242 views

CVE-2023-41988

This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.

6.8CVSS6AI score0.00115EPSS

CVE•added 2023/10/25 7:15 p.m.•242 views

CVE-2023-42854

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to cause a denial-of-service to Endpoint Security clients.

5.5CVSS5.6AI score0.00022EPSS

CVE•added 2019/12/18 6:15 p.m.•241 views

CVE-2019-8681

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitr...

8.8CVSS8.6AI score0.00816EPSS

CVE•added 2019/12/18 6:15 p.m.•241 views

CVE-2019-8768

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items.

5.3CVSS5.5AI score0.0039EPSS

CVE•added 2024/11/20 12:15 a.m.•241 views

CVE-2024-44309

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple...

6.3CVSS5.3AI score0.00543EPSS

In wild

CVE•added 2025/01/27 10:15 p.m.•241 views

CVE-2025-24138

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A malicious application may be able to leak sensitive user information.

5.5CVSS5.9AI score0.00017EPSS

CVE•added 2019/12/18 6:15 p.m.•239 views

CVE-2019-8689

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may l...

9.3CVSS8.6AI score0.29403EPSS

CVE•added 2023/10/25 7:15 p.m.•239 views

CVE-2023-40444

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may be able to access user-sensitive data.

5.5CVSS5.2AI score0.00031EPSS

CVE•added 2019/12/18 6:15 p.m.•238 views

CVE-2019-8676

9.3CVSS8.6AI score0.03566EPSS

CVE•added 2022/05/26 8:15 p.m.•238 views

CVE-2022-26776

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution.

9.8CVSS8.8AI score0.01644EPSS

CVE•added 2022/07/07 1:15 p.m.•238 views

CVE-2022-32205

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl

4.3CVSS6.2AI score0.02767EPSS

CVE•added 2021/09/08 2:15 p.m.•237 views

CVE-2021-30720

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers.

5.8CVSS5.7AI score0.00464EPSS

CVE•added 2022/05/26 7:15 p.m.•237 views

CVE-2022-26706

An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions.

5.5CVSS6AI score0.01331EPSS

CVE•added 2022/05/26 7:15 p.m.•237 views

CVE-2022-26711

An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

9.8CVSS8.9AI score0.01615EPSS

CVE•added 2019/12/18 6:15 p.m.•236 views

CVE-2019-8673

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2021/01/26 6:15 p.m.•236 views

CVE-2020-36223

A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).

7.5CVSS7.3AI score0.06501EPSS

CVE•added 2021/09/08 3:15 p.m.•236 views

CVE-2021-30689

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.

6.1CVSS5.9AI score0.00573EPSS

CVE•added 2022/02/22 8:15 p.m.•236 views

CVE-2022-0714

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.

8.4CVSS7AI score0.00205EPSS

CVE•added 2021/09/08 2:15 p.m.•235 views

CVE-2021-30797

This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.

8.8CVSS8AI score0.00516EPSS

CVE•added 2021/07/20 7:15 a.m.•235 views

CVE-2021-36976

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).

6.5CVSS6.8AI score0.00106EPSS

CVE•added 2020/10/27 8:15 p.m.•234 views

CVE-2019-8696

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.

8.8CVSS7.7AI score0.01419EPSS

CVE•added 2021/09/08 2:15 p.m.•233 views

CVE-2021-30744

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site sc...

6.1CVSS6.1AI score0.00573EPSS

CVE•added 2023/02/27 8:15 p.m.•233 views

CVE-2023-23520

A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root.

5.9CVSS4.8AI score0.0008EPSS

CVE•added 2019/12/18 6:15 p.m.•232 views

CVE-2019-8611

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.5AI score0.28043EPSS

Web

CVE•added 2022/03/14 9:15 p.m.•232 views

CVE-2022-0943

Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.

8.4CVSS7.8AI score0.00048EPSS

CVE•added 2022/01/20 6:15 p.m.•232 views

CVE-2022-21658

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::remove_dir_all standard library function is vulnerable a race condition enabling symlink following (CWE-363)....

7.3CVSS6.4AI score0.00785EPSS

CVE•added 2022/01/18 4:15 p.m.•231 views

CVE-2022-0261

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8CVSS8.8AI score0.00166EPSS

CVE•added 2022/01/26 12:15 p.m.•231 views

CVE-2022-0359

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8CVSS8AI score0.00084EPSS

CVE•added 2022/02/23 2:15 p.m.•231 views

CVE-2022-0729

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.

8.8CVSS8.2AI score0.00321EPSS

CVE•added 2019/12/18 6:15 p.m.•230 views

CVE-2019-8679

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2021/01/26 6:15 p.m.•228 views

CVE-2020-36228

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.

7.5CVSS7.3AI score0.67687EPSS

CVE•added 2021/01/26 6:15 p.m.•227 views

CVE-2020-36222

A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.

7.5CVSS7.3AI score0.36767EPSS

CVE•added 2022/02/14 12:15 p.m.•226 views

CVE-2022-0572

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

8.4CVSS8.2AI score0.00848EPSS

CVE•added 2020/10/27 8:15 p.m.•225 views

CVE-2019-8675

8.8CVSS7.7AI score0.01419EPSS

CVE•added 2022/05/31 2:15 p.m.•225 views

CVE-2022-1942

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8CVSS7.7AI score0.0051EPSS

CVE•added 2019/12/18 6:15 p.m.•224 views

CVE-2019-8683

8.8CVSS8.5AI score0.00825EPSS

CVE•added 2024/01/09 6:15 p.m.•224 views

CVE-2022-48618

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been expl...

7CVSS6.3AI score0.0018EPSS

In wild

CVE•added 2021/01/26 6:15 p.m.•223 views

CVE-2020-36221

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).

7.5CVSS7.4AI score0.49482EPSS

CVE•added 2021/01/26 6:15 p.m.•223 views

CVE-2020-36225

A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

7.5CVSS7.3AI score0.00625EPSS

CVE•added 2021/01/26 6:15 p.m.•223 views

CVE-2020-36227

A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.

7.5CVSS7.3AI score0.59373EPSS

CVE•added 2021/12/25 7:15 p.m.•223 views

CVE-2021-4166

vim is vulnerable to Out-of-bounds Read

7.1CVSS8.1AI score0.00224EPSS

CVE•added 2022/01/28 10:15 p.m.•223 views

CVE-2022-0392

Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.

7.8CVSS7.9AI score0.00086EPSS

CVE•added 2019/12/18 6:15 p.m.•222 views

CVE-2019-8615

6.5CVSS7.9AI score0.00728EPSS