Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Macos
(Apple)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 1416 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-02-27 | CVE-2022-46723 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A remote user may be able to write arbitrary files. | Macos | 9.8 | ||
| 2023-02-27 | CVE-2023-23493 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3. An encrypted volume may be unmounted and remounted by a different user without prompting for the password. | Macos | 3.3 | ||
| 2023-02-27 | CVE-2022-32902 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences. | Macos | 5.5 | ||
| 2023-02-27 | CVE-2020-9846 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs. | Macos | 5.3 | ||
| 2023-02-27 | CVE-2022-22582 | A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files. | Mac_os_x, Macos | 5.5 | ||
| 2019-12-11 | CVE-2019-14899 | A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. | Ipados, Iphone_os, Mac_os_x, Macos, Tvos, Freebsd, Linux_kernel, Openbsd | 7.4 | ||
| 2022-11-01 | CVE-2022-32915 | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | Macos | 7.8 | ||
| 2022-11-01 | CVE-2022-42818 | This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity. | Macos | 5.9 | ||
| 2022-05-20 | CVE-2022-29181 | Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent. | Macos, Nokogiri | 8.2 | ||
| 2022-04-12 | CVE-2021-28544 | Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. | Subversion, Macos, Debian_linux, Fedora | 4.3 |