This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apple First view 2011-06-24
Product Mac Os X Last view 2020-06-09
Version 10.10.2 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:apple:mac_os_x

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.3 2020-06-09 CVE-2020-9856

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges.

7.8 2020-06-09 CVE-2020-9855

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.5. A local attacker may be able to elevate their privileges.

7.8 2020-06-09 CVE-2020-9852

An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.

5.5 2020-06-09 CVE-2020-9851

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to modify protected parts of the file system.

8.6 2020-06-09 CVE-2020-9847

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox.

7.5 2020-06-09 CVE-2020-9844

A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

5.5 2020-06-09 CVE-2020-9842

This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to use arbitrary entitlements.

7.8 2020-06-09 CVE-2020-9841

An integer overflow was addressed through improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.

7 2020-06-09 CVE-2020-9839

A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.

7.5 2020-06-09 CVE-2020-9837

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory.

7.8 2020-06-09 CVE-2020-9834

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.

5.5 2020-06-09 CVE-2020-9833

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.5. A local user may be able to read kernel memory.

5.5 2020-06-09 CVE-2020-9832

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout.

5.5 2020-06-09 CVE-2020-9831

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout.

7.8 2020-06-09 CVE-2020-9830

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.

7.5 2020-06-09 CVE-2020-9827

A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service.

7.5 2020-06-09 CVE-2020-9826

A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service.

7.8 2020-06-09 CVE-2020-9825

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A malicious application may be able to bypass Privacy preferences.

7.5 2020-06-09 CVE-2020-9824

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A non-privileged user may be able to modify restricted network settings.

7.8 2020-06-09 CVE-2020-9822

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to execute arbitrary code with kernel privileges.

7.8 2020-06-09 CVE-2020-9821

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.

7.8 2020-06-09 CVE-2020-9817

A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges.

7.8 2020-06-09 CVE-2020-9816

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

7.8 2020-06-09 CVE-2020-9815

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.

7.8 2020-06-09 CVE-2020-9814

A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
44% (593) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11% (154) CWE-20 Improper Input Validation
11% (148) CWE-200 Information Exposure
6% (92) CWE-125 Out-of-bounds Read
3% (44) CWE-264 Permissions, Privileges, and Access Controls
2% (33) CWE-416 Use After Free
2% (30) CWE-362 Race Condition
1% (24) CWE-476 NULL Pointer Dereference
1% (22) CWE-254 Security Features
1% (18) CWE-284 Access Control (Authorization) Issues
0% (12) CWE-787 Out-of-bounds Write
0% (12) CWE-399 Resource Management Errors
0% (10) CWE-310 Cryptographic Issues
0% (10) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (9) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
0% (9) CWE-17 Code
0% (8) CWE-704 Incorrect Type Conversion or Cast
0% (8) CWE-190 Integer Overflow or Wraparound
0% (8) CWE-189 Numeric Errors
0% (7) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (6) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
0% (5) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (5) CWE-19 Data Handling
0% (4) CWE-295 Certificate Issues
0% (4) CWE-287 Improper Authentication

SAINT Exploits

Description Link
Safari Script Editor AppleScript execution More info here
OS X rootpipe privilege elevation More info here
Mac OS X rsh Environment Variables Privilege Elevation More info here

Open Source Vulnerability Database (OSVDB)

id Description
74382 GNU troff contrib/pdfmark/pdfroff.sh Ghostscript Launch Arbitrary File Manipu...
73111 GNU Troff pdfroff Temporary File Symlink Arbitrary File Overwrite

ExploitDB Exploits

id Description
31875 Python socket.recvfrom_into() - Remote Buffer Overflow
27944 Mac OS X Sudo Password Bypass

OpenVAS Exploits

id Description
2012-11-16 Name : VMSA-2012-0016: VMware security updates for vSphere API and ESX Service Console
File : nvt/gb_VMSA-2012-0016.nasl
2012-10-19 Name : Ubuntu Update for python2.5 USN-1613-1
File : nvt/gb_ubuntu_USN_1613_1.nasl
2012-10-19 Name : Ubuntu Update for python2.4 USN-1613-2
File : nvt/gb_ubuntu_USN_1613_2.nasl
2012-09-26 Name : Gentoo Security Advisory GLSA 201209-06 (expat)
File : nvt/glsa_201209_06.nasl
2012-09-11 Name : Ubuntu Update for xmlrpc-c USN-1527-2
File : nvt/gb_ubuntu_USN_1527_2.nasl
2012-08-30 Name : Fedora Update for groff FEDORA-2012-8577
File : nvt/gb_fedora_2012_8577_groff_fc17.nasl
2012-08-14 Name : Ubuntu Update for expat USN-1527-1
File : nvt/gb_ubuntu_USN_1527_1.nasl
2012-08-10 Name : Debian Security Advisory DSA 2525-1 (expat)
File : nvt/deb_2525_1.nasl
2012-08-03 Name : Mandriva Update for expat MDVSA-2012:041 (expat)
File : nvt/gb_mandriva_MDVSA_2012_041.nasl
2012-07-30 Name : CentOS Update for expat CESA-2012:0731 centos5
File : nvt/gb_CESA-2012_0731_expat_centos5.nasl
2012-07-30 Name : CentOS Update for expat CESA-2012:0731 centos6
File : nvt/gb_CESA-2012_0731_expat_centos6.nasl
2012-06-15 Name : RedHat Update for expat RHSA-2012:0731-01
File : nvt/gb_RHSA-2012_0731-01_expat.nasl
2012-06-08 Name : Fedora Update for groff FEDORA-2012-8590
File : nvt/gb_fedora_2012_8590_groff_fc15.nasl
2012-06-08 Name : Fedora Update for groff FEDORA-2012-8596
File : nvt/gb_fedora_2012_8596_groff_fc16.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0222 Multiple Security Vulnerabilities in Apple iOS
Severity: Category I - VMSKEY: V0061471
2015-B-0105 Multiple Vulnerabilities in Apple QuickTime
Severity: Category II - VMSKEY: V0061349
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2015-A-0158 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0061089
2015-B-0014 Multiple Vulnerabilities in VMware ESXi 5.5
Severity: Category I - VMSKEY: V0058513
2015-B-0013 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0058515
2014-A-0114 Multiple Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0053307
2013-A-0179 Apple Mac OS X Security Update 2013-004
Severity: Category I - VMSKEY: V0040373
2012-A-0189 Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity: Category I - VMSKEY: V0035032

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-02-25 Apple Safari user assisted applescript code execution attempt
RuleID : 52622 - Type : BROWSER-WEBKIT - Revision : 1
2020-02-25 Apple Safari user assisted applescript code execution attempt
RuleID : 52621 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit out-of-bounds read attempt
RuleID : 52342 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit out-of-bounds read attempt
RuleID : 52341 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit memory corruption attempt
RuleID : 52316 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit memory corruption attempt
RuleID : 52315 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit memory corruption attempt
RuleID : 52314 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit memory corruption attempt
RuleID : 52313 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-15 WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt
RuleID : 51832 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-15 WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt
RuleID : 51831 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore JSValue use after free attempt
RuleID : 51824 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore JSValue use after free attempt
RuleID : 51823 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore AIR optimization memory corruption attempt
RuleID : 51822 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore AIR optimization memory corruption attempt
RuleID : 51821 - Type : BROWSER-WEBKIT - Revision : 1
2018-08-16 PHP phar extension remote code execution attempt
RuleID : 47207 - Type : SERVER-WEBAPP - Revision : 2
2018-08-16 Apple Quicktime malformed FPX file memory corruption attempt
RuleID : 47174 - Type : FILE-IMAGE - Revision : 1
2018-08-16 Apple Quicktime malformed FPX file memory corruption attempt
RuleID : 47173 - Type : FILE-IMAGE - Revision : 1
2018-07-31 FreeBSD bspatch utility remote code execution attempt
RuleID : 47048 - Type : FILE-OTHER - Revision : 1
2018-07-31 FreeBSD bspatch utility remote code execution attempt
RuleID : 47047 - Type : FILE-OTHER - Revision : 1
2018-07-19 Apple macOS and iOS fgetattrlist kernel heap overflow attempt
RuleID : 46991 - Type : OS-OTHER - Revision : 1
2018-07-19 Apple macOS and iOS fgetattrlist kernel heap overflow attempt
RuleID : 46990 - Type : OS-OTHER - Revision : 1
2018-07-10 Microsoft Windows Interrupt Service Routine stack rollback attempt
RuleID : 46910 - Type : INDICATOR-COMPROMISE - Revision : 2
2018-07-10 Microsoft Windows Interrupt Service Routine stack rollback attempt
RuleID : 46909 - Type : INDICATOR-COMPROMISE - Revision : 2
2018-07-10 Microsoft Windows processor modification return to user-mode attempt
RuleID : 46908 - Type : INDICATOR-COMPROMISE - Revision : 2
2018-07-10 Microsoft Windows processor modification return to user-mode attempt
RuleID : 46907 - Type : INDICATOR-COMPROMISE - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-14 Name: The remote Debian host is missing a security update.
File: debian_DLA-1633.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote device is missing a vendor-supplied security patch.
File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4e088b6d7c.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9dbe983805.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a7ac26523d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-bdc5bfaedc.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ca03363d57.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote Apple TV device is affected by multiple vulnerabilities.
File: appletv_12_1_1.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14_2.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2018-006.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote host is missing a macOS security update that fixes multiple vulner...
File: macosx_SecUpd_10_13_6_2018-003.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1601.nasl - Type: ACT_GATHER_INFO
2018-11-30 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4347.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2478.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security update.
File: debian_DLA-1573.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security update.
File: debian_DLA-1577.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: The remote Apple TV device is affected by multiple vulnerabilities.
File: appletv_12_1.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL17403481.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: itunes_12_9_1.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: itunes_12_9_1_banner.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14_1.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2018-005.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote host is missing a macOS security update that fixes multiple vulner...
File: macosx_SecUpd_10_13_6_2018-002.nasl - Type: ACT_GATHER_INFO
2018-10-18 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14.nasl - Type: ACT_GATHER_INFO
2018-10-02 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: itunes_12_8_banner.nasl - Type: ACT_GATHER_INFO