Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Mac Os X
Total 5432 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-30860 3 Apple, Freedesktop, Xpdfreader 7 Ipados, Iphone Os, Mac Os X and 4 more 2022-09-30 6.8 MEDIUM 7.8 HIGH
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2022-0530 5 Apple, Debian, Fedoraproject and 2 more 6 Mac Os X, Macos, Debian Linux and 3 more 2022-09-30 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
CVE-2021-45444 4 Apple, Debian, Fedoraproject and 1 more 5 Mac Os X, Macos, Debian Linux and 2 more 2022-09-30 5.1 MEDIUM 7.8 HIGH
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
CVE-2009-3095 6 Apache, Apple, Debian and 3 more 7 Http Server, Mac Os X, Debian Linux and 4 more 2022-09-19 5.0 MEDIUM N/A
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
CVE-2011-0419 9 Apache, Apple, Debian and 6 more 10 Http Server, Portable Runtime, Mac Os X and 7 more 2022-09-19 4.3 MEDIUM N/A
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
CVE-2018-25032 7 Apple, Debian, Fedoraproject and 4 more 23 Mac Os X, Macos, Debian Linux and 20 more 2022-09-16 5.0 MEDIUM 7.5 HIGH
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
CVE-2022-22662 2 Apple, Fedoraproject 3 Mac Os X, Macos, Fedora 2022-09-04 4.3 MEDIUM 6.5 MEDIUM
A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information.
CVE-2020-9883 1 Apple 8 Icloud, Ipad Os, Iphone Os and 5 more 2022-09-03 6.8 MEDIUM 7.8 HIGH
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
CVE-2021-30977 1 Apple 2 Mac Os X, Macos 2022-09-03 9.3 HIGH 7.8 HIGH
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary code with kernel privileges.
CVE-2022-28871 3 Apple, F-secure, Microsoft 4 Mac Os X, Macos, Atlant and 1 more 2022-09-03 5.0 MEDIUM 7.5 HIGH
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.
CVE-2019-20807 6 Apple, Canonical, Debian and 3 more 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more 2022-09-01 4.6 MEDIUM 5.3 MEDIUM
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
CVE-2021-4136 3 Apple, Fedoraproject, Vim 4 Mac Os X, Macos, Fedora and 1 more 2022-09-01 6.8 MEDIUM 7.8 HIGH
vim is vulnerable to Heap-based Buffer Overflow
CVE-2018-14463 7 Apple, Debian, F5 and 4 more 7 Mac Os X, Debian Linux, Traffix Sdc and 4 more 2022-08-27 5.0 MEDIUM 7.5 HIGH
The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.
CVE-2015-3415 5 Apple, Canonical, Debian and 2 more 6 Mac Os X, Watchos, Ubuntu Linux and 3 more 2022-08-16 7.5 HIGH N/A
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
CVE-2015-3414 5 Apple, Canonical, Debian and 2 more 6 Mac Os X, Watchos, Ubuntu Linux and 3 more 2022-08-16 7.5 HIGH N/A
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
CVE-2015-2301 6 Apple, Canonical, Debian and 3 more 11 Mac Os X, Ubuntu Linux, Debian Linux and 8 more 2022-08-16 7.5 HIGH N/A
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.
CVE-2015-3416 5 Apple, Canonical, Debian and 2 more 6 Mac Os X, Watchos, Ubuntu Linux and 3 more 2022-08-16 7.5 HIGH N/A
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
CVE-2016-2105 8 Apple, Canonical, Debian and 5 more 15 Mac Os X, Ubuntu Linux, Debian Linux and 12 more 2022-08-16 5.0 MEDIUM 7.5 HIGH
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
CVE-2016-9840 8 Apple, Canonical, Debian and 5 more 19 Iphone Os, Mac Os X, Tvos and 16 more 2022-08-16 6.8 MEDIUM 8.8 HIGH
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2016-9843 10 Apple, Canonical, Debian and 7 more 24 Iphone Os, Mac Os X, Tvos and 21 more 2022-08-16 7.5 HIGH 9.8 CRITICAL
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.