Filtered by vendor Apple
Subscriptions
Filtered by product Mac Os X
Subscriptions
Total
5567 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9782 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.5 High |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files. | ||||
| CVE-2020-9779 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.1 High |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory. | ||||
| CVE-2020-9776 | 1 Apple | 1 Mac Os X | 2024-11-21 | 3.3 Low |
| This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to access a user's call history. | ||||
| CVE-2020-9775 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2024-11-21 | 5.3 Medium |
| An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Time. | ||||
| CVE-2020-9774 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.5 High |
| An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed. | ||||
| CVE-2020-9772 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 5.5 Medium |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A sandboxed process may be able to circumvent sandbox restrictions. | ||||
| CVE-2020-9771 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.1 High |
| This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A user may gain access to protected parts of the file system. | ||||
| CVE-2020-9769 | 1 Apple | 1 Mac Os X | 2024-11-21 | 9.8 Critical |
| Multiple issues were addressed by updating to version 8.1.1850. This issue is fixed in macOS Catalina 10.15.4. Multiple issues in Vim. | ||||
| CVE-2020-8286 | 9 Apple, Debian, Fedoraproject and 6 more | 22 Mac Os X, Macos, Debian Linux and 19 more | 2024-11-21 | 7.5 High |
| curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. | ||||
| CVE-2020-8285 | 10 Apple, Debian, Fedoraproject and 7 more | 32 Mac Os X, Macos, Debian Linux and 29 more | 2024-11-21 | 7.5 High |
| curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. | ||||
| CVE-2020-8284 | 10 Apple, Debian, Fedoraproject and 7 more | 31 Mac Os X, Macos, Debian Linux and 28 more | 2024-11-21 | 3.7 Low |
| A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. | ||||
| CVE-2020-8037 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Mac Os X, Macos, Debian Linux and 3 more | 2024-11-21 | 7.5 High |
| The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. | ||||
| CVE-2020-6616 | 3 Apple, Google, Samsung | 7 Ipados, Iphone Os, Mac Os X and 4 more | 2024-11-21 | 6.5 Medium |
| Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020). | ||||
| CVE-2020-6574 | 6 Apple, Debian, Fedoraproject and 3 more | 7 Mac Os X, Debian Linux, Fedora and 4 more | 2024-11-21 | 7.8 High |
| Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary. | ||||
| CVE-2020-6477 | 4 Apple, Fedoraproject, Google and 1 more | 5 Mac Os X, Fedora, Chrome and 2 more | 2024-11-21 | 7.8 High |
| Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file. | ||||
| CVE-2020-4004 | 2 Apple, Vmware | 5 Mac Os X, Cloud Foundation, Esxi and 2 more | 2024-11-21 | 8.2 High |
| VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. | ||||
| CVE-2020-3999 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2024-11-21 | 6.5 Medium |
| VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition. | ||||
| CVE-2020-3995 | 2 Apple, Vmware | 5 Mac Os X, Cloud Foundation, Esxi and 2 more | 2024-11-21 | 5.3 Medium |
| In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time. | ||||
| CVE-2020-3982 | 2 Apple, Vmware | 6 Mac Os X, Cloud Foundation, Esxi and 3 more | 2024-11-21 | 7.7 High |
| VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap. | ||||
| CVE-2020-3981 | 2 Apple, Vmware | 5 Mac Os X, Cloud Foundation, Esxi and 2 more | 2024-11-21 | 5.8 Medium |
| VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process. | ||||