Product:

Mac_os_x

(Apple)
Repositories https://github.com/madler/zlib
https://github.com/apache/httpd
https://github.com/file/file
https://github.com/Perl/perl5
https://github.com/openssh/openssh-portable
#Vulnerabilities 3205
Date Id Summary Products Score Patch Annotated
2020-05-28 CVE-2019-20807 In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). Mac_os_x, Ubuntu_linux, Debian_linux, Leap, Command_center, San_\&_nas, Vim 5.3
2015-04-24 CVE-2015-3414 SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Php, Sqlite N/A
2015-04-24 CVE-2015-3415 The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Php, Sqlite N/A
2015-04-24 CVE-2015-3416 The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Php, Sqlite N/A
2007-06-25 CVE-2007-2401 CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks. Mac_os_x, Mac_os_x_server N/A
2007-06-25 CVE-2007-2399 WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. Mac_os_x, Mac_os_x_server N/A
2021-09-08 CVE-2021-30721 A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information. Mac_os_x, Macos 6.5
2021-09-08 CVE-2021-30776 A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Playing a malicious audio file may lead to an unexpected application termination. Iphone_os, Mac_os_x, Macos, Tvos, Watchos 5.5
2021-09-08 CVE-2021-30783 An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A sandboxed process may be able to circumvent sandbox restrictions. Mac_os_x, Macos 6.5
2021-09-08 CVE-2021-1784 A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to modify protected parts of the file system. Mac_os_x, Macos 7.5