Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mac_os_x
(Apple)| Repositories |
• https://github.com/madler/zlib
• https://github.com/apache/httpd • https://github.com/file/file • https://github.com/Perl/perl5 • https://github.com/openssh/openssh-portable |
| #Vulnerabilities | 3205 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-09 | CVE-2020-9788 | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.5. A file may be incorrectly rendered to execute JavaScript. | Mac_os_x | N/A | ||
| 2020-06-09 | CVE-2020-9847 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox. | Mac_os_x | N/A | ||
| 2020-06-09 | CVE-2020-9841 | An integer overflow was addressed through improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. | Mac_os_x | N/A | ||
| 2020-06-09 | CVE-2020-9832 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout. | Mac_os_x | N/A | ||
| 2020-06-09 | CVE-2020-9831 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout. | Mac_os_x | N/A | ||
| 2010-11-17 | CVE-2010-4008 | libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. | Openoffice, Iphone_os, Itunes, Mac_os_x, Safari, Ubuntu_linux, Debian_linux, Chrome, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation, Suse_linux_enterprise_server, Libxml2 | N/A | ||
| 2011-07-07 | CVE-2011-2192 | The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. | Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Libcurl | N/A | ||
| 2009-08-21 | CVE-2009-2474 | neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | Mac_os_x, Ubuntu_linux, Fedora, Neon | N/A | ||
| 2012-02-16 | CVE-2011-3026 | Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. | Iphone_os, Mac_os_x, Mac_os_x_server, Chrome, Opensuse, Linux_enterprise_server, Suse_linux_enterprise_server | N/A | ||
| 2020-04-01 | CVE-2020-3883 | This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to use arbitrary entitlements. | Ipad_os, Iphone_os, Mac_os_x, Tvos, Watchos | N/A |