Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mac_os_x
(Apple)| Repositories |
• https://github.com/madler/zlib
• https://github.com/apache/httpd • https://github.com/file/file • https://github.com/Perl/perl5 • https://github.com/openssh/openssh-portable |
| #Vulnerabilities | 3208 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-10-07 | CVE-2014-3565 | snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message. | Mac_os_x, Ubuntu_linux, Net\-Snmp | N/A | ||
| 2015-12-15 | CVE-2015-7499 | Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. | Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Icewall_federation_agent, Icewall_file_manager, Leap, Opensuse, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation, Libxml2 | N/A | ||
| 2015-12-15 | CVE-2015-7500 | The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. | Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Icewall_federation_agent, Icewall_file_manager, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation, Libxml2 | N/A | ||
| 2016-05-26 | CVE-2016-0718 | Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | Mac_os_x, Ubuntu_linux, Debian_linux, Libexpat, Policy_auditor, Firefox, Leap, Opensuse, Python, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Studio_onsite | 9.8 | ||
| 2016-06-09 | CVE-2016-4448 | Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | Icloud, Iphone_os, Itunes, Mac_os_x, Tvos, Watchos, Icewall_federation_agent, Web_gateway, Linux, Vm_server, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Slackware_linux, Log_correlation_engine, Libxml2 | 9.8 | ||
| 2016-06-09 | CVE-2016-4447 | The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. | Iphone_os, Itunes, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Icewall_federation_agent, Web_gateway, Vm_server, Libxml2 | 7.5 | ||
| 2018-03-12 | CVE-2014-8129 | LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c. | Iphone_os, Mac_os_x, Debian_linux, Libtiff, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus | 8.8 | ||
| 2020-04-02 | CVE-2019-14868 | In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. | Mac_os_x, Debian_linux, Ksh | 7.8 | ||
| 2022-05-26 | CVE-2022-26757 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | Ipados, Iphone_os, Mac_os_x, Macos, Tvos, Watchos | 7.8 | ||
| 2022-09-23 | CVE-2022-32849 | An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information. | Ipados, Iphone_os, Mac_os_x, Macos, Tvos | 5.5 |