Product:

Mac_os_x

(Apple)
Date Id Summary Products Score Patch Annotated
2014-10-07 CVE-2014-3565 snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message. Mac_os_x, Ubuntu_linux, Net\-Snmp N/A
2015-12-15 CVE-2015-7499 Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Icewall_federation_agent, Icewall_file_manager, Leap, Opensuse, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation, Libxml2 N/A
2015-12-15 CVE-2015-7500 The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Icewall_federation_agent, Icewall_file_manager, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation, Libxml2 N/A
2016-05-26 CVE-2016-0718 Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Mac_os_x, Ubuntu_linux, Debian_linux, Libexpat, Policy_auditor, Firefox, Leap, Opensuse, Python, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Studio_onsite 9.8
2016-06-09 CVE-2016-4448 Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Icloud, Iphone_os, Itunes, Mac_os_x, Tvos, Watchos, Icewall_federation_agent, Web_gateway, Linux, Vm_server, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Slackware_linux, Log_correlation_engine, Libxml2 9.8
2016-06-09 CVE-2016-4447 The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. Iphone_os, Itunes, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Icewall_federation_agent, Web_gateway, Vm_server, Libxml2 7.5
2018-03-12 CVE-2014-8129 LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c. Iphone_os, Mac_os_x, Debian_linux, Libtiff, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus 8.8
2020-04-02 CVE-2019-14868 In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. Mac_os_x, Debian_linux, Ksh 7.8
2015-05-21 CVE-2015-4000 The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. Iphone_os, Mac_os_x, Safari, Ubuntu_linux, Debian_linux, Chrome, Hp\-Ux, Content_manager, Internet_explorer, Firefox, Firefox_esr, Firefox_os, Network_security_services, Seamonkey, Thunderbird, Openssl, Opera_browser, Jdk, Jre, Jrockit, Sparc\-Opl_service_processor, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Suse_linux_enterprise_server 3.7
2022-05-26 CVE-2022-26757 A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. Ipados, Iphone_os, Mac_os_x, Macos, Tvos, Watchos 7.8