Product:

Mac_os_x

(Apple)
Date ID Summary Products Score Patch
2015-01-28 CVE-2015-0235 Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." Mac_os_x, Debian_linux, Glibc, Pureapplication_system, Security_access_manager_for_enterprise_single_sign\-On, Communications_application_session_controller, Communications_eagle_application_processor, Communications_eagle_lnp_application_processor, Communications_lsms, Communications_policy_management, Communications_session_border_controller, Communications_user_data_repository, Communications_webrtc_session_controller, Exalogic_infrastructure, Linux, Vm_virtualbox, Virtualization N/A
2009-10-23 CVE-2009-3767 libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Mac_os_x, Fedora, Openldap N/A
2009-09-08 CVE-2009-3095 The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. Http_server, Mac_os_x, Debian_linux, Fedora, Opensuse, Linux_enterprise_desktop, Linux_enterprise_server N/A
2009-06-08 CVE-2009-1955 The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. Apr\-Util, Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Http_server, Linux_enterprise_server N/A
2020-10-16 CVE-2020-9891 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. Ipad_os, Iphone_os, Mac_os_x, Tvos, Watchos 7.8
2020-10-16 CVE-2020-9890 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. Ipad_os, Iphone_os, Mac_os_x, Tvos, Watchos 7.8
2020-10-16 CVE-2020-9889 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. Ipad_os, Iphone_os, Mac_os_x, Tvos, Watchos 7.8
2020-10-16 CVE-2020-9885 An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group. Ipad_os, Iphone_os, Mac_os_x, Tvos, Watchos 5.5
2020-10-16 CVE-2020-9888 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. Ipad_os, Iphone_os, Mac_os_x, Tvos, Watchos 7.8
2020-10-16 CVE-2020-9799 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges. Mac_os_x 7.8