Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mac_os_x
(Apple)| Repositories |
• https://github.com/madler/zlib
• https://github.com/apache/httpd • https://github.com/file/file • https://github.com/Perl/perl5 • https://github.com/openssh/openssh-portable |
| #Vulnerabilities | 3205 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-10-19 | CVE-2021-30844 | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory. | Mac_os_x, Macos | 7.5 | ||
| 2021-10-28 | CVE-2021-30833 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files. | Mac_os_x, Macos | 5.5 | ||
| 2020-12-08 | CVE-2020-10006 | This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files. | Mac_os_x | 5.5 | ||
| 2022-08-24 | CVE-2022-32837 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory. | Ipados, Iphone_os, Mac_os_x, Macos, Tvos | 7.8 | ||
| 2020-05-28 | CVE-2019-20807 | In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). | Mac_os_x, Ubuntu_linux, Debian_linux, Leap, Command_center, San_\&_nas, Vim | 5.3 | ||
| 2015-04-24 | CVE-2015-3414 | SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. | Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Php, Sqlite | N/A | ||
| 2015-04-24 | CVE-2015-3415 | The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. | Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Php, Sqlite | N/A | ||
| 2015-04-24 | CVE-2015-3416 | The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. | Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Php, Sqlite | N/A | ||
| 2007-06-25 | CVE-2007-2401 | CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks. | Mac_os_x, Mac_os_x_server | N/A | ||
| 2007-06-25 | CVE-2007-2399 | WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. | Mac_os_x, Mac_os_x_server | N/A |