Product:

Mac_os_x

(Apple)
Date Id Summary Products Score Patch Annotated
2020-12-08 CVE-2020-27896 A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to modify the file system. Mac_os_x, Macos 5.5
2021-10-19 CVE-2021-30844 A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory. Mac_os_x, Macos 7.5
2021-10-28 CVE-2021-30833 This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files. Mac_os_x, Macos 5.5
2020-12-08 CVE-2020-10006 This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files. Mac_os_x 5.5
2022-08-24 CVE-2022-32837 This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory. Ipados, Iphone_os, Mac_os_x, Macos, Tvos 7.8
2020-05-28 CVE-2019-20807 In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). Mac_os_x, Ubuntu_linux, Debian_linux, Leap, Command_center, San_\&_nas, Vim 5.3
2015-04-24 CVE-2015-3414 SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Php, Sqlite N/A
2015-04-24 CVE-2015-3415 The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Php, Sqlite N/A
2015-04-24 CVE-2015-3416 The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Php, Sqlite N/A
2007-06-25 CVE-2007-2401 CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks. Mac_os_x, Mac_os_x_server N/A