Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mac_os_x
(Apple)| Repositories |
• https://github.com/madler/zlib
• https://github.com/apache/httpd • https://github.com/file/file • https://github.com/Perl/perl5 • https://github.com/openssh/openssh-portable |
| #Vulnerabilities | 3208 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-10-19 | CVE-2021-30850 | An access issue was addressed with improved access restrictions. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6, tvOS 15. A user may gain access to protected parts of the file system. | Mac_os_x, Macos, Tvos | 5.5 | ||
| 2021-10-28 | CVE-2021-30833 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files. | Mac_os_x, Macos | 5.5 | ||
| 2021-10-28 | CVE-2021-30821 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges. | Mac_os_x, Macos | 7.8 | ||
| 2021-10-28 | CVE-2021-30824 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges. | Mac_os_x, Macos | 7.8 | ||
| 2021-10-28 | CVE-2021-30834 | A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution. | Ipados, Iphone_os, Mac_os_x, Macos, Tvos, Watchos | 7.8 | ||
| 2021-12-19 | CVE-2021-4136 | vim is vulnerable to Heap-based Buffer Overflow | Mac_os_x, Macos, Fedora, Vim | 7.8 | ||
| 2021-12-20 | CVE-2021-44224 | A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). | Http_server, Mac_os_x, Macos, Debian_linux, Fedora, Communications_element_manager, Communications_operations_monitor, Communications_session_report_manager, Communications_session_route_manager, Http_server, Instantis_enterprisetrack, Tenable\.sc | 8.2 | ||
| 2021-12-20 | CVE-2021-44790 | A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. | Http_server, Mac_os_x, Macos, Debian_linux, Fedora, Cloud_backup, Communications_element_manager, Communications_operations_monitor, Communications_session_report_manager, Communications_session_route_manager, Http_server, Instantis_enterprisetrack, Zfs_storage_appliance_kit, Tenable\.sc | 9.8 | ||
| 2021-12-23 | CVE-2021-30767 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local user may be able to modify protected parts of the file system. | Ipados, Iphone_os, Mac_os_x, Macos, Watchos | 5.5 | ||
| 2021-12-23 | CVE-2020-3886 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with kernel privileges. | Mac_os_x | 7.8 |