Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mac_os_x
(Apple)| Repositories |
• https://github.com/madler/zlib
• https://github.com/apache/httpd • https://github.com/file/file • https://github.com/Perl/perl5 • https://github.com/openssh/openssh-portable |
| #Vulnerabilities | 3208 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-12-08 | CVE-2020-9945 | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing. | Mac_os_x, Safari | 4.3 | ||
| 2020-10-16 | CVE-2020-9918 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | Mac_os_x, Tvos, Watchos | 9.8 | ||
| 2020-10-27 | CVE-2020-9973 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | Ipados, Iphone_os, Mac_os_x | 7.8 | ||
| 2020-10-22 | CVE-2020-9986 | A file access issue existed with certain home folder files. This was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.7. A malicious application may be able to read sensitive location information. | Mac_os_x | 3.3 | ||
| 2015-11-13 | CVE-2015-8126 | Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. | Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Libpng, Leap, Opensuse, Jdk, Jre, Linux, Solaris, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Satellite, Linux_enterprise_desktop, Linux_enterprise_server | N/A | ||
| 2014-11-18 | CVE-2014-3620 | cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. | Mac_os_x, Curl, Libcurl | N/A | ||
| 2020-10-22 | CVE-2020-9990 | A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges. | Mac_os_x | 7.8 | ||
| 2021-09-08 | CVE-2021-30772 | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to gain root privileges. | Mac_os_x, Macos | 7.8 | ||
| 2021-10-19 | CVE-2021-30829 | A URI parsing issue was addressed with improved parsing. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to execute arbitrary files. | Mac_os_x, Macos | 7.8 | ||
| 2020-04-28 | CVE-2020-12243 | In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). | Mac_os_x, Brocade_fabric_operating_system, Ubuntu_linux, Debian_linux, Cloud_backup, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Steelstore_cloud_integrated_storage, Openldap, Leap, Solaris, Zfs_storage_appliance_kit | 7.5 |