Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Mac Os X
Total 5428 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-0235 7 Apple, Debian, Gnu and 4 more 18 Mac Os X, Debian Linux, Glibc and 15 more 2022-07-05 10.0 HIGH N/A
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
CVE-2014-1359 1 Apple 3 Iphone Os, Mac Os X, Tvos 2022-06-30 10.0 HIGH N/A
Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.
CVE-2016-0718 9 Apple, Canonical, Debian and 6 more 14 Mac Os X, Ubuntu Linux, Debian Linux and 11 more 2022-06-27 7.5 HIGH 9.8 CRITICAL
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2016-9843 9 Apple, Canonical, Debian and 6 more 23 Iphone Os, Mac Os X, Tvos and 20 more 2022-06-27 7.5 HIGH 9.8 CRITICAL
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
CVE-2022-26775 1 Apple 2 Mac Os X, Macos 2022-06-23 7.5 HIGH 9.8 CRITICAL
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution.
CVE-2016-9842 7 Apple, Canonical, Debian and 4 more 18 Iphone Os, Mac Os X, Tvos and 15 more 2022-06-22 6.8 MEDIUM 8.8 HIGH
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
CVE-2016-9841 8 Apple, Canonical, Debian and 5 more 38 Iphone Os, Mac Os X, Tvos and 35 more 2022-06-22 7.5 HIGH 9.8 CRITICAL
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2016-9840 7 Apple, Canonical, Debian and 4 more 18 Iphone Os, Mac Os X, Tvos and 15 more 2022-06-22 6.8 MEDIUM 8.8 HIGH
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2022-26757 1 Apple 6 Ipados, Iphone Os, Mac Os X and 3 more 2022-06-20 9.3 HIGH 7.8 HIGH
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
CVE-2022-26691 4 Apple, Debian, Fedoraproject and 1 more 6 Cups, Mac Os X, Macos and 3 more 2022-06-16 7.2 HIGH 6.7 MEDIUM
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.
CVE-2021-22925 6 Apple, Fedoraproject, Haxx and 3 more 10 Mac Os X, Macos, Fedora and 7 more 2022-06-14 5.0 MEDIUM 5.3 MEDIUM
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
CVE-2019-13565 7 Apple, Canonical, Debian and 4 more 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more 2022-06-13 5.0 MEDIUM 7.5 HIGH
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.
CVE-2019-13057 7 Apple, Canonical, Debian and 4 more 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more 2022-06-13 3.5 LOW 4.9 MEDIUM
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)
CVE-2021-44719 2 Apple, Docker 3 Mac Os X, Macos, Docker Desktop 2022-06-09 6.6 MEDIUM 8.4 HIGH
Docker Desktop 4.3.0 has Incorrect Access Control.
CVE-2022-26770 1 Apple 2 Mac Os X, Macos 2022-06-08 9.3 HIGH 7.8 HIGH
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.
CVE-2022-26769 1 Apple 2 Mac Os X, Macos 2022-06-08 9.3 HIGH 7.8 HIGH
A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.
CVE-2022-26698 1 Apple 2 Mac Os X, Macos 2022-06-08 5.8 MEDIUM 7.1 HIGH
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
CVE-2022-26697 1 Apple 2 Mac Os X, Macos 2022-06-08 5.8 MEDIUM 7.1 HIGH
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
CVE-2022-26688 1 Apple 2 Mac Os X, Macos 2022-06-08 4.9 MEDIUM 4.4 MEDIUM
An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files.
CVE-2022-22672 1 Apple 4 Ipados, Iphone Os, Mac Os X and 1 more 2022-06-08 9.3 HIGH 7.8 HIGH
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to execute arbitrary code with kernel privileges.