Total
5568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1260 | 4 Apple, Bzip, Canonical and 1 more | 4 Mac Os X, Bzip2, Ubuntu Linux and 1 more | 2020-11-13 | 5.0 MEDIUM | N/A |
| bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). | |||||
| CVE-2019-8656 | 1 Apple | 1 Mac Os X | 2020-11-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper. | |||||
| CVE-2020-9782 | 1 Apple | 1 Mac Os X | 2020-11-04 | 6.4 MEDIUM | 7.5 HIGH |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files. | |||||
| CVE-2020-3851 | 1 Apple | 1 Mac Os X | 2020-11-03 | 6.8 MEDIUM | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to gain elevated privileges. | |||||
| CVE-2018-4433 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2020-11-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of the file system. | |||||
| CVE-2019-8851 | 1 Apple | 1 Mac Os X | 2020-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A Mac may not lock immediately upon wake. | |||||
| CVE-2018-4296 | 1 Apple | 1 Mac Os X | 2020-11-02 | 7.5 HIGH | 9.8 CRITICAL |
| This issue is fixed in macOS Mojave 10.14. A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. | |||||
| CVE-2019-8640 | 1 Apple | 1 Mac Os X | 2020-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2019-8642 | 1 Apple | 1 Mac Os X | 2020-11-02 | 4.3 MEDIUM | 3.3 LOW |
| An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing. | |||||
| CVE-2019-8645 | 1 Apple | 1 Mac Os X | 2020-11-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail. | |||||
| CVE-2020-9774 | 1 Apple | 1 Mac Os X | 2020-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed. | |||||
| CVE-2019-8777 | 1 Apple | 1 Mac Os X | 2020-10-30 | 2.1 LOW | 2.4 LOW |
| A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A local attacker may be able to view contacts from the lock screen. | |||||
| CVE-2019-7288 | 1 Apple | 2 Iphone Os, Mac Os X | 2020-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos . | |||||
| CVE-2019-6238 | 1 Apple | 1 Mac Os X | 2020-10-30 | 6.8 MEDIUM | 7.8 HIGH |
| A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted package may lead to arbitrary code execution. | |||||
| CVE-2019-8564 | 1 Apple | 1 Mac Os X | 2020-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position can modify driver state. | |||||
| CVE-2019-8573 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2020-10-30 | 7.8 HIGH | 7.5 HIGH |
| An input validation issue was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause a system denial of service. | |||||
| CVE-2019-8579 | 1 Apple | 1 Mac Os X | 2020-10-30 | 4.6 MEDIUM | 7.8 HIGH |
| An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An application may be able to gain elevated privileges. | |||||
| CVE-2019-8839 | 1 Apple | 1 Mac Os X | 2020-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An attacker in a privileged position may be able to perform a denial of service attack. | |||||
| CVE-2020-3982 | 2 Apple, Vmware | 6 Mac Os X, Cloud Foundation, Esxi and 3 more | 2020-10-30 | 4.9 MEDIUM | 7.7 HIGH |
| VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap. | |||||
| CVE-2020-3995 | 2 Apple, Vmware | 5 Mac Os X, Cloud Foundation, Esxi and 2 more | 2020-10-30 | 3.5 LOW | 5.3 MEDIUM |
| In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time. | |||||