Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Mac Os X
Total 5428 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-30972 1 Apple 2 Mac Os X, Macos 2022-05-26 2.1 LOW 5.5 MEDIUM
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-001 Catalina, macOS Big Sur 11.6.3. A malicious application may be able to bypass certain Privacy preferences.
CVE-2021-30844 1 Apple 2 Mac Os X, Macos 2022-05-26 5.0 MEDIUM 7.5 HIGH
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory.
CVE-2021-30935 1 Apple 2 Mac Os X, Macos 2022-05-26 8.3 HIGH 8.8 HIGH
A logic issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges.
CVE-2021-30977 1 Apple 2 Mac Os X, Macos 2022-05-26 9.3 HIGH 7.8 HIGH
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary code with kernel privileges.
CVE-2020-9973 1 Apple 3 Ipados, Iphone Os, Mac Os X 2022-05-25 9.3 HIGH 7.8 HIGH
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
CVE-2020-9941 1 Apple 5 Ipad Os, Iphone Os, Mac Os X and 2 more 2022-05-25 5.0 MEDIUM 7.5 HIGH
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. A remote attacker may be able to unexpectedly alter application state.
CVE-2020-9961 1 Apple 7 Icloud, Ipad Os, Iphone Os and 4 more 2022-05-25 6.8 MEDIUM 7.8 HIGH
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.
CVE-2020-9986 1 Apple 1 Mac Os X 2022-05-24 4.3 MEDIUM 3.3 LOW
A file access issue existed with certain home folder files. This was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.7. A malicious application may be able to read sensitive location information.
CVE-2020-8285 8 Apple, Debian, Fedoraproject and 5 more 29 Mac Os X, Macos, Debian Linux and 26 more 2022-05-13 5.0 MEDIUM 7.5 HIGH
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
CVE-2020-8284 8 Apple, Debian, Fedoraproject and 5 more 28 Mac Os X, Macos, Debian Linux and 25 more 2022-05-13 4.3 MEDIUM 3.7 LOW
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
CVE-2020-8286 7 Apple, Debian, Fedoraproject and 4 more 19 Mac Os X, Macos, Debian Linux and 16 more 2022-05-13 5.0 MEDIUM 7.5 HIGH
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
CVE-2014-0408 2 Apple, Oracle 2 Mac Os X, Jre 2022-05-13 9.3 HIGH N/A
Unspecified vulnerability in Oracle Java SE 7u45, when running on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CVE-2015-8126 9 Apple, Canonical, Debian and 6 more 21 Mac Os X, Ubuntu Linux, Debian Linux and 18 more 2022-05-13 7.5 HIGH N/A
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
CVE-2015-4000 12 Apple, Canonical, Debian and 9 more 25 Iphone Os, Mac Os X, Safari and 22 more 2022-05-13 4.3 MEDIUM 3.7 LOW
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
CVE-2014-3620 2 Apple, Haxx 3 Mac Os X, Curl, Libcurl 2022-05-11 5.0 MEDIUM N/A
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.
CVE-2021-30724 1 Apple 5 Ipad Os, Iphone Os, Mac Os X and 2 more 2022-05-03 4.6 MEDIUM 7.8 HIGH
This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local attacker may be able to elevate their privileges.
CVE-2020-9990 1 Apple 1 Mac Os X 2022-05-03 6.9 MEDIUM 7.8 HIGH
A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.
CVE-2021-30772 1 Apple 2 Mac Os X, Macos 2022-05-03 9.3 HIGH 7.8 HIGH
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to gain root privileges.
CVE-2021-30829 1 Apple 2 Mac Os X, Macos 2022-05-03 4.6 MEDIUM 7.8 HIGH
A URI parsing issue was addressed with improved parsing. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to execute arbitrary files.
CVE-2020-36230 4 Apache, Apple, Debian and 1 more 5 Bookkeeper, Mac Os X, Macos and 2 more 2022-04-30 5.0 MEDIUM 7.5 HIGH
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.