Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mac_os_x
(Apple)Repositories |
• https://github.com/madler/zlib
• https://github.com/apache/httpd • https://github.com/file/file • https://github.com/Perl/perl5 • https://github.com/openssh/openssh-portable |
#Vulnerabilities | 3205 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2010-08-19 | CVE-2010-2520 | Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | Mac_os_x, Ubuntu_linux, Debian_linux, Freetype | N/A | ||
2010-08-19 | CVE-2010-2497 | Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | Mac_os_x, Debian_linux, Freetype | N/A | ||
2020-12-08 | CVE-2020-10013 | A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges. | Ipados, Iphone_os, Mac_os_x, Tvos | 7.8 | ||
2020-12-08 | CVE-2020-9949 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra, tvOS 14.0. An application may be able to execute arbitrary code with kernel privileges. | Ipados, Iphone_os, Mac_os_x, Tvos, Watchos | 7.8 | ||
2020-12-08 | CVE-2020-9963 | The issue was addressed with improved handling of icon caches. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious app may be able to determine the existence of files on the computer. | Ipados, Iphone_os, Mac_os_x | 5.5 | ||
2020-12-08 | CVE-2020-27932 | A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges. | Icloud, Ipados, Iphone_os, Itunes, Mac_os_x, Macos, Watchos | 7.8 | ||
2020-12-08 | CVE-2020-27930 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution. | Ipados, Iphone_os, Mac_os_x, Macos, Watchos | 7.8 | ||
2012-07-03 | CVE-2012-1148 | Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. | Mac_os_x, Libexpat | N/A | ||
2012-07-03 | CVE-2012-1147 | readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. | Mac_os_x, Libexpat | N/A | ||
2007-03-13 | CVE-2007-0720 | The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted. | Mac_os_x, Cups | N/A |