CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-30880 125 2021-08-24 2021-11-01
5.8
None Remote Medium Not required Partial None Partial
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
2 CVE-2021-30879 125 2021-08-24 2021-11-01
5.8
None Remote Medium Not required Partial None Partial
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
3 CVE-2021-30877 125 2021-08-24 2021-11-01
5.8
None Remote Medium Not required Partial None Partial
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
4 CVE-2021-30876 125 2021-08-24 2021-11-01
5.8
None Remote Medium Not required Partial None Partial
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
5 CVE-2021-30844 2021-10-19 2021-10-22
5.0
None Remote Low Not required Partial None None
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory.
6 CVE-2021-30788 2021-09-08 2021-09-15
5.8
None Remote Medium Not required Partial None Partial
This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.
7 CVE-2021-30715 DoS 2021-09-08 2021-09-16
5.0
None Remote Low Not required None None Partial
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service.
8 CVE-2021-30710 787 DoS Mem. Corr. 2021-09-08 2021-09-16
5.8
None Remote Medium Not required Partial None Partial
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of service or potentially disclose memory contents.
9 CVE-2021-22925 908 2021-08-05 2021-10-20
5.0
None Remote Low Not required Partial None None
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
10 CVE-2021-1809 125 Mem. Corr. 2021-09-08 2021-09-16
5.0
None Remote Low Not required Partial None None
A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to read restricted memory.
11 CVE-2021-1808 125 Mem. Corr. 2021-09-08 2021-09-16
5.0
None Remote Low Not required Partial None None
A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory.
12 CVE-2021-1784 732 2021-09-08 2021-09-16
5.0
None Remote Low Not required None Partial None
A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to modify protected parts of the file system.
13 CVE-2021-1764 416 DoS 2021-04-02 2021-04-09
5.0
None Remote Low Not required None None Partial
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.
14 CVE-2021-1761 DoS 2021-04-02 2021-04-13
5.0
None Remote Low Not required None None Partial
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.
15 CVE-2020-36230 617 DoS 2021-01-26 2021-06-29
5.0
None Remote Low Not required None None Partial
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.
16 CVE-2020-36229 843 DoS 2021-01-26 2021-06-29
5.0
None Remote Low Not required None None Partial
A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.
17 CVE-2020-36226 DoS 2021-01-26 2021-06-29
5.0
None Remote Low Not required None None Partial
A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.
18 CVE-2020-36224 763 DoS 2021-01-26 2021-06-29
5.0
None Remote Low Not required None None Partial
A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
19 CVE-2020-36223 125 DoS 2021-01-26 2021-06-29
5.0
None Remote Low Not required None None Partial
A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).
20 CVE-2020-36222 617 DoS 2021-01-26 2021-06-29
5.0
None Remote Low Not required None None Partial
A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.
21 CVE-2020-36221 191 DoS 2021-01-26 2021-06-29
5.0
None Remote Low Not required None None Partial
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).
22 CVE-2020-25709 617 2021-05-18 2021-09-14
5.0
None Remote Low Not required None None Partial
A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.
23 CVE-2020-9994 2020-10-22 2020-10-26
5.8
None Remote Medium Not required None Partial Partial
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files.
24 CVE-2020-9991 DoS 2020-12-08 2021-03-09
5.0
None Remote Low Not required None None Partial
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.
25 CVE-2020-9941 2020-10-27 2020-12-15
5.0
None Remote Low Not required None Partial None
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. A remote attacker may be able to unexpectedly alter application state.
26 CVE-2020-9924 DoS 2020-10-22 2020-10-27
5.0
None Remote Low Not required None None Partial
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may be able to cause a denial of service.
27 CVE-2020-9905 120 DoS Overflow 2020-10-22 2020-10-27
5.0
None Remote Low Not required None None Partial
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service.
28 CVE-2020-9869 119 Overflow Mem. Corr. 2020-10-22 2021-07-21
5.0
None Remote Low Not required None None Partial
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may cause an unexpected application termination.
29 CVE-2020-9839 362 +Priv 2020-06-09 2020-10-16
5.1
None Remote High Not required Partial Partial Partial
A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.
30 CVE-2020-9837 125 2020-06-09 2020-06-09
5.0
None Remote Low Not required Partial None None
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory.
31 CVE-2020-9828 125 +Info 2020-10-22 2020-10-29
5.0
None Remote Low Not required Partial None None
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to leak sensitive user information.
32 CVE-2020-9827 DoS 2020-06-09 2020-06-10
5.0
None Remote Low Not required None None Partial
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service.
33 CVE-2020-9826 20 DoS 2020-06-09 2020-06-11
5.0
None Remote Low Not required None None Partial
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service.
34 CVE-2020-9824 2020-06-09 2020-06-11
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A non-privileged user may be able to modify restricted network settings.
35 CVE-2020-9808 119 Overflow Mem. Corr. 2020-06-09 2021-07-21
5.8
None Remote Medium Not required None Partial Partial
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to cause unexpected system termination or write kernel memory.
36 CVE-2020-9794 125 DoS 2020-06-09 2021-03-09
5.8
None Remote Medium Not required Partial None Partial
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.
37 CVE-2020-9787 2020-10-22 2020-10-28
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. Some websites may not have appeared in Safari Preferences.
38 CVE-2020-9774 311 2020-10-27 2020-10-30
5.0
None Remote Low Not required Partial None None
An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed.
39 CVE-2020-8286 295 2020-12-14 2021-07-20
5.0
None Remote Low Not required None Partial None
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
40 CVE-2020-8285 787 Overflow 2020-12-14 2021-07-20
5.0
None Remote Low Not required None None Partial
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
41 CVE-2020-8037 770 2020-11-04 2021-04-27
5.0
None Remote Low Not required None None Partial
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
42 CVE-2020-3877 125 Exec Code 2020-02-27 2020-03-02
5.0
None Remote Low Not required None None Partial
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
43 CVE-2020-3855 2020-10-27 2020-10-29
5.8
None Remote Medium Not required None Partial Partial
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. A malicious application may be able to overwrite arbitrary files.
44 CVE-2019-15166 119 Overflow 2019-10-03 2021-09-23
5.0
None Remote Low Not required None None Partial
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
45 CVE-2019-11042 125 2019-08-09 2021-07-22
5.8
None Remote Medium Not required Partial None Partial
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
46 CVE-2019-11041 125 2019-08-09 2021-07-22
5.8
None Remote Medium Not required Partial None Partial
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
47 CVE-2019-8858 2020-10-27 2020-11-24
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A user who shares their screen may not be able to end screen sharing.
48 CVE-2019-8854 2020-10-27 2020-10-30
5.0
None Remote Low Not required Partial None None
A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address.
49 CVE-2019-8788 20 2019-12-18 2019-12-26
5.0
None Remote Low Not required Partial None None
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Improper URL processing may lead to data exfiltration.
50 CVE-2019-8787 125 2019-12-18 2019-12-22
5.0
None Remote Low Not required Partial None None
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A remote attacker may be able to leak memory.
Total number of vulnerabilities : 346   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.