macOS
by Apple Inc.
CVEs (3,324)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-9824 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2020 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A non-privileged user may be able to modify restricted network settings. | ||
| CVE-2019-8741 | Hig | 0.49 | 7.5 | 0.02 | Feb 28, 2020 | A denial of service issue was addressed with improved input validation. | ||
| CVE-2020-3877 | Hig | 0.49 | 7.5 | 0.02 | Feb 27, 2020 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | ||
| CVE-2019-8788 | Hig | 0.49 | 7.5 | 0.01 | Dec 18, 2019 | An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Improper URL processing may lead to data exfiltration. | ||
| CVE-2019-8787 | Hig | 0.49 | 7.5 | 0.01 | Dec 18, 2019 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A remote attacker may be able to leak memory. | ||
| CVE-2019-8772 | Hig | 0.49 | 7.5 | 0.01 | Dec 18, 2019 | An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF. | ||
| CVE-2019-8516 | Hig | 0.49 | 7.5 | 0.02 | Dec 18, 2019 | A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service. | ||
| CVE-2018-4398 | Hig | 0.49 | 7.5 | 0.02 | Apr 3, 2019 | An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8. | ||
| CVE-2018-4369 | Hig | 0.49 | 7.5 | 0.02 | Apr 3, 2019 | A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. | ||
| CVE-2018-4276 | Hig | 0.49 | 7.5 | 0.01 | Apr 3, 2019 | A null pointer dereference was addressed with improved validation. This issue affected versions prior to macOS High Sierra 10.13.6. | ||
| CVE-2018-4248 | Hig | 0.49 | 7.5 | 0.02 | Apr 3, 2019 | An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2. | ||
| CVE-2018-4203 | Hig | 0.49 | 7.5 | 0.02 | Apr 3, 2019 | An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. | ||
| CVE-2019-6219 | Hig | 0.49 | 7.5 | 0.02 | Mar 5, 2019 | A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service. | ||
| CVE-2018-4217 | Hig | 0.49 | 7.5 | 0.01 | Jan 11, 2019 | In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing. | ||
| CVE-2018-4185 | Hig | 0.49 | 7.5 | 0.03 | Jan 11, 2019 | In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. | ||
| CVE-2018-4230 | Hig | 0.49 | 7.0 | 0.04 | Jun 8, 2018 | An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits… | ||
| CVE-2018-4227 | Hig | 0.49 | 7.5 | 0.02 | Jun 8, 2018 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration. | ||
| CVE-2018-4221 | Hig | 0.49 | 7.5 | 0.01 | Jun 8, 2018 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Security" component. It allows web sites to track users by leveraging the transmission of S/MIME client certificates. | ||
| CVE-2018-4184 | Hig | 0.49 | 7.5 | 0.01 | Jun 8, 2018 | An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Speech" component. It allows attackers to bypass a sandbox protection mechanism to obtain microphone access. | ||
| CVE-2018-4142 | Hig | 0.49 | 7.5 | 0.03 | Apr 3, 2018 | An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service… |
- risk 0.49cvss 7.5epss 0.01
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A non-privileged user may be able to modify restricted network settings.
- risk 0.49cvss 7.5epss 0.02
A denial of service issue was addressed with improved input validation.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
- risk 0.49cvss 7.5epss 0.01
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Improper URL processing may lead to data exfiltration.
- risk 0.49cvss 7.5epss 0.01
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A remote attacker may be able to leak memory.
- risk 0.49cvss 7.5epss 0.01
An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF.
- risk 0.49cvss 7.5epss 0.02
A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service.
- risk 0.49cvss 7.5epss 0.02
An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8.
- risk 0.49cvss 7.5epss 0.02
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
- risk 0.49cvss 7.5epss 0.01
A null pointer dereference was addressed with improved validation. This issue affected versions prior to macOS High Sierra 10.13.6.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
- risk 0.49cvss 7.5epss 0.02
A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service.
- risk 0.49cvss 7.5epss 0.01
In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing.
- risk 0.49cvss 7.5epss 0.03
In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.
- risk 0.49cvss 7.0epss 0.04
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits…
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Security" component. It allows web sites to track users by leveraging the transmission of S/MIME client certificates.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Speech" component. It allows attackers to bypass a sandbox protection mechanism to obtain microphone access.
- risk 0.49cvss 7.5epss 0.03
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service…
Page 75 of 167