This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apple First view 2021-09-20
Product Macos Last view 2024-11-01
Version 13.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:apple:macos

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2024-11-01 CVE-2024-44234

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.

5.5 2024-11-01 CVE-2024-44233

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.

5.5 2024-11-01 CVE-2024-44232

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.

5.5 2024-10-28 CVE-2024-44302

The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory.

6.5 2024-10-28 CVE-2024-44297

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted message may lead to a denial-of-service.

6.5 2024-10-28 CVE-2024-44294

A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker with root privileges may be able to delete protected system files.

7.5 2024-10-28 CVE-2024-44289

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to read sensitive location information.

5.5 2024-10-28 CVE-2024-44287

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious application may be able to modify protected parts of the file system.

5.5 2024-10-28 CVE-2024-44284

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Parsing a maliciously crafted file may lead to an unexpected app termination.

5.5 2024-10-28 CVE-2024-44282

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Parsing a file may lead to disclosure of user information.

5.5 2024-10-28 CVE-2024-44281

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Parsing a file may lead to disclosure of user information.

5.5 2024-10-28 CVE-2024-44273

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to access private information.

8.6 2024-10-28 CVE-2024-44270

A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A sandboxed process may be able to circumvent sandbox restrictions.

5.5 2024-10-28 CVE-2024-44269

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A malicious app may use shortcuts to access restricted files.

5.5 2024-10-28 CVE-2024-44267

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious application may be able to modify protected parts of the file system.

2.4 2024-10-28 CVE-2024-44265

The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker with physical access can input Game Controller events to apps running on a locked device.

5.5 2024-10-28 CVE-2024-44264

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious app may be able to create symlinks to protected regions of the disk.

7.8 2024-10-28 CVE-2024-44255

A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to run arbitrary shortcuts without user consent.

5.5 2024-10-28 CVE-2024-44254

This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 11.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, iOS 18.1 and iPadOS 18.1. An app may be able to access sensitive user data.

5.5 2024-10-28 CVE-2024-44253

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to modify protected parts of the file system.

5.5 2024-10-28 CVE-2024-44247

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious application may be able to modify protected parts of the file system.

4.3 2024-10-28 CVE-2024-44244

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash.

5.5 2024-10-28 CVE-2024-44239

An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. An app may be able to leak sensitive kernel state.

5.5 2024-10-28 CVE-2024-44236

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to unexpected app termination.

3.3 2024-10-28 CVE-2024-44222

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to read sensitive location information.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
21% (50) CWE-787 Out-of-bounds Write
15% (35) CWE-125 Out-of-bounds Read
11% (27) CWE-416 Use After Free
8% (19) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
4% (11) CWE-362 Race Condition
4% (10) CWE-532 Information Leak Through Log Files
4% (10) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
3% (8) CWE-59 Improper Link Resolution Before File Access ('Link Following')
3% (7) CWE-281 Improper Preservation of Permissions
2% (6) CWE-190 Integer Overflow or Wraparound
1% (4) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (4) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (3) CWE-754 Improper Check for Unusual or Exceptional Conditions
1% (3) CWE-306 Missing Authentication for Critical Function
1% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (3) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
1% (3) CWE-20 Improper Input Validation
0% (2) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (2) CWE-668 Exposure of Resource to Wrong Sphere
0% (2) CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
0% (2) CWE-295 Certificate Issues
0% (2) CWE-287 Improper Authentication
0% (2) CWE-276 Incorrect Default Permissions
0% (1) CWE-665 Improper Initialization
0% (1) CWE-522 Insufficiently Protected Credentials