Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Macos
(Apple)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2034 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-01-21 | CVE-2013-0340 | expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for... | Ipados, Iphone_os, Macos, Tvos, Watchos, Libexpat, Python | N/A | ||
| 2019-07-01 | CVE-2019-13118 | In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. | Icloud, Iphone_os, Itunes, Mac_os_x, Macos, Tvos, Ubuntu_linux, Fedora, Active_iq_unified_manager, Cloud_backup, Clustered_data_ontap, E\-Series_performance_analyzer, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Plug\-In_for_symantec_netbackup, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Leap, Jdk, Libxslt | 5.3 | ||
| 2020-04-28 | CVE-2020-10663 | The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. | Macos, Debian_linux, Fedora, Json, Leap | 7.5 | ||
| 2019-12-11 | CVE-2019-14899 | A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. | Ipados, Iphone_os, Mac_os_x, Macos, Tvos, Freebsd, Linux_kernel, Openbsd | 7.4 | ||
| 2021-10-28 | CVE-2020-10005 | A resource exhaustion issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. An attacker in a privileged network position may be able to perform denial of service. | Macos | 6.5 | ||
| 2020-12-08 | CVE-2020-10012 | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted document may lead to a cross site scripting attack. | Mac_os_x, Macos | 6.1 | ||
| 2020-12-08 | CVE-2020-10014 | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to break out of its sandbox. | Mac_os_x, Macos | 6.3 | ||
| 2000-06-01 | CVE-1999-0590 | A system does not present an appropriate legal message or warning to a user who is accessing it. | Macos, Linux_kernel, Windows_2000, Windows_95, Windows_98, Windows_nt | N/A | ||
| 2020-12-08 | CVE-2020-10016 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to execute arbitrary code with kernel privileges. | Ipados, Iphone_os, Mac_os_x, Macos, Tvos, Watchos | 7.8 | ||
| 2021-12-23 | CVE-2017-13892 | An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan. Sharing contact information may lead to unexpected data sharing. | Mac_os_x, Macos | 7.5 |