Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mac_os_x
(Apple)| Repositories |
• https://github.com/madler/zlib
• https://github.com/apache/httpd • https://github.com/file/file • https://github.com/Perl/perl5 • https://github.com/openssh/openssh-portable |
| #Vulnerabilities | 3209 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-12-08 | CVE-2020-10007 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to determine kernel memory layout. | Mac_os_x | 5.5 | ||
| 2020-12-08 | CVE-2020-10009 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions. | Mac_os_x | 5.5 | ||
| 2020-12-08 | CVE-2020-10010 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges. | Ipados, Iphone_os, Mac_os_x, Tvos, Watchos | 7.8 | ||
| 2020-12-08 | CVE-2020-10012 | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted document may lead to a cross site scripting attack. | Mac_os_x, Macos | 6.1 | ||
| 2020-12-08 | CVE-2020-10014 | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to break out of its sandbox. | Mac_os_x, Macos | 6.3 | ||
| 2020-12-08 | CVE-2020-10006 | This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files. | Mac_os_x | 5.5 | ||
| 2020-05-28 | CVE-2019-20807 | In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). | Mac_os_x, Ubuntu_linux, Debian_linux, Leap, Command_center, San_\&_nas, Vim | 5.3 | ||
| 2015-04-24 | CVE-2015-3414 | SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. | Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Php, Sqlite | N/A | ||
| 2015-04-24 | CVE-2015-3415 | The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. | Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Php, Sqlite | N/A | ||
| 2015-04-24 | CVE-2015-3416 | The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. | Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Php, Sqlite | N/A |