Product:

Mac_os_x

(Apple)
Date Id Summary Products Score Patch Annotated
2017-06-20 CVE-2017-3167 In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Http_server, Mac_os_x, Debian_linux, Clustered_data_ontap, Oncommand_unified_manager, Storagegrid, Secure_global_desktop, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Jboss_core_services 9.8
2017-06-20 CVE-2017-7668 The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. Http_server, Mac_os_x, Debian_linux, Clustered_data_ontap, Oncommand_unified_manager, Storagegrid, Secure_global_desktop, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 7.5
2017-07-13 CVE-2017-9788 In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. Http_server, Mac_os_x, Debian_linux, Oncommand_unified_manager, Storage_automation_store, Secure_global_desktop, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Jboss_core_services, Jboss_enterprise_application_platform, Jboss_enterprise_web_server 9.1
2018-12-07 CVE-2018-18311 Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Web_gateway, E\-Series_santricity_os_controller, Snap_creator_framework, Snapcenter, Snapdriver, Perl, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform 9.8
2018-12-07 CVE-2018-18313 Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. Mac_os_x, Ubuntu_linux, Debian_linux, E\-Series_santricity_os_controller, Snap_creator_framework, Snapcenter, Snapdrive, Perl, Enterprise_linux 9.1
2019-01-11 CVE-2018-4298 In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed in Remote Management. This issue was addressed through improved permission validation. Apple_tv, Iphone_os, Mac_os_x, Watchos 9.8
2019-07-01 CVE-2019-13118 In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. Icloud, Iphone_os, Itunes, Mac_os_x, Macos, Tvos, Ubuntu_linux, Fedora, Active_iq_unified_manager, Cloud_backup, Clustered_data_ontap, E\-Series_performance_analyzer, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Plug\-In_for_symantec_netbackup, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Leap, Jdk, Libxslt 5.3
2019-07-26 CVE-2019-13565 An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches,... Mac_os_x, Ubuntu_linux, Debian_linux, Traffix_signaling_delivery_controller, Openldap, Leap, Blockchain_platform, Solaris, Zfs_storage_appliance_kit 7.5
2019-10-03 CVE-2018-14461 The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). Mac_os_x, Debian_linux, Fedora, Leap, Enterprise_linux, Tcpdump 7.5
2019-10-03 CVE-2018-14462 The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). Mac_os_x, Debian_linux, Traffix_signaling_delivery_controller, Fedora, Leap, Enterprise_linux, Tcpdump 7.5