This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apple First view 2016-03-31
Product Mac Os X Last view 2021-12-23
Version 10.11.4 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:apple:mac_os_x

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2021-12-23 CVE-2021-30767

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local user may be able to modify protected parts of the file system.

5.5 2021-12-23 CVE-2020-3896

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to overwrite arbitrary files.

7.8 2021-12-23 CVE-2020-3886

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with kernel privileges.

9.8 2021-12-23 CVE-2019-8703

This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.

5.5 2021-12-23 CVE-2019-8702

This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier.

9.8 2021-12-23 CVE-2019-8643

CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management..

6.8 2021-12-23 CVE-2018-4478

A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges.

7.8 2021-12-23 CVE-2018-4302

A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.

5.5 2021-12-23 CVE-2017-13910

An access issue was addressed with additional sandbox restrictions on applications. This issue is fixed in macOS High Sierra 10.13. An application may be able to access restricted files.

5.5 2021-12-23 CVE-2017-13909

An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens.

7.8 2021-12-23 CVE-2017-13908

An issue in handling file permissions was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A local attacker may be able to execute non-executable text files via an SMB share.

6.8 2021-12-23 CVE-2017-13907

A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked.

7.8 2021-12-23 CVE-2017-13906

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A malicious application may be able to elevate privileges.

8.1 2021-12-23 CVE-2017-13905

A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges.

7.5 2021-12-23 CVE-2017-13892

An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan. Sharing contact information may lead to unexpected data sharing.

7.8 2021-12-23 CVE-2017-13835

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated privileges.

7.8 2021-10-28 CVE-2021-30834

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution.

7.8 2021-10-28 CVE-2021-30824

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.

7.8 2021-10-28 CVE-2021-30821

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.

5.5 2021-10-19 CVE-2021-30850

An access issue was addressed with improved access restrictions. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6, tvOS 15. A user may gain access to protected parts of the file system.

7.8 2021-10-19 CVE-2021-30847

This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.

7.5 2021-10-19 CVE-2021-30844

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory.

7.8 2021-10-19 CVE-2021-30843

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

7.8 2021-10-19 CVE-2021-30842

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

7.8 2021-10-19 CVE-2021-30841

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
25% (310) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
16% (198) CWE-787 Out-of-bounds Write
13% (167) CWE-125 Out-of-bounds Read
10% (135) CWE-20 Improper Input Validation
7% (88) CWE-200 Information Exposure
3% (45) CWE-416 Use After Free
3% (38) CWE-362 Race Condition
2% (33) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (21) CWE-476 NULL Pointer Dereference
1% (15) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (14) CWE-269 Improper Privilege Management
1% (14) CWE-264 Permissions, Privileges, and Access Controls
1% (13) CWE-190 Integer Overflow or Wraparound
0% (12) CWE-665 Improper Initialization
0% (8) CWE-295 Certificate Issues
0% (7) CWE-704 Incorrect Type Conversion or Cast
0% (7) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (6) CWE-668 Exposure of Resource to Wrong Sphere
0% (6) CWE-287 Improper Authentication
0% (6) CWE-284 Access Control (Authorization) Issues
0% (6) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
0% (6) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
0% (5) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (5) CWE-415 Double Free
0% (5) CWE-254 Security Features

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-01-03 Apple Safari WebKit out-of-bounds read attempt
RuleID : 52342 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit out-of-bounds read attempt
RuleID : 52341 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit memory corruption attempt
RuleID : 52316 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit memory corruption attempt
RuleID : 52315 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit memory corruption attempt
RuleID : 52314 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit memory corruption attempt
RuleID : 52313 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-15 WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt
RuleID : 51832 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-15 WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt
RuleID : 51831 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore JSValue use after free attempt
RuleID : 51824 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore JSValue use after free attempt
RuleID : 51823 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore AIR optimization memory corruption attempt
RuleID : 51822 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore AIR optimization memory corruption attempt
RuleID : 51821 - Type : BROWSER-WEBKIT - Revision : 1
2018-08-16 PHP phar extension remote code execution attempt
RuleID : 47207 - Type : SERVER-WEBAPP - Revision : 2
2018-07-31 FreeBSD bspatch utility remote code execution attempt
RuleID : 47048 - Type : FILE-OTHER - Revision : 1
2018-07-31 FreeBSD bspatch utility remote code execution attempt
RuleID : 47047 - Type : FILE-OTHER - Revision : 1
2018-07-19 Apple macOS and iOS fgetattrlist kernel heap overflow attempt
RuleID : 46991 - Type : OS-OTHER - Revision : 1
2018-07-19 Apple macOS and iOS fgetattrlist kernel heap overflow attempt
RuleID : 46990 - Type : OS-OTHER - Revision : 1
2018-07-10 Microsoft Windows Interrupt Service Routine stack rollback attempt
RuleID : 46910 - Type : INDICATOR-COMPROMISE - Revision : 2
2018-07-10 Microsoft Windows Interrupt Service Routine stack rollback attempt
RuleID : 46909 - Type : INDICATOR-COMPROMISE - Revision : 2
2018-07-10 Microsoft Windows processor modification return to user-mode attempt
RuleID : 46908 - Type : INDICATOR-COMPROMISE - Revision : 2
2018-07-10 Microsoft Windows processor modification return to user-mode attempt
RuleID : 46907 - Type : INDICATOR-COMPROMISE - Revision : 2
2018-07-10 Microsoft Windows malicious CONTEXT structure creation attempt
RuleID : 46906 - Type : INDICATOR-COMPROMISE - Revision : 2
2018-07-10 Microsoft Windows malicious CONTEXT structure creation attempt
RuleID : 46905 - Type : INDICATOR-COMPROMISE - Revision : 2
2018-07-10 Microsoft Windows SYSTEM token stealing attempt
RuleID : 46904 - Type : INDICATOR-COMPROMISE - Revision : 2
2018-07-10 Microsoft Windows SYSTEM token stealing attempt
RuleID : 46903 - Type : INDICATOR-COMPROMISE - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-14 Name: The remote Debian host is missing a security update.
File: debian_DLA-1633.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote device is missing a vendor-supplied security patch.
File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4e088b6d7c.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9dbe983805.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a7ac26523d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-bdc5bfaedc.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ca03363d57.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote Apple TV device is affected by multiple vulnerabilities.
File: appletv_12_1_1.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14_2.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2018-006.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote host is missing a macOS security update that fixes multiple vulner...
File: macosx_SecUpd_10_13_6_2018-003.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1601.nasl - Type: ACT_GATHER_INFO
2018-11-30 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4347.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2478.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security update.
File: debian_DLA-1577.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: The remote Apple TV device is affected by multiple vulnerabilities.
File: appletv_12_1.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL17403481.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: itunes_12_9_1.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: itunes_12_9_1_banner.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14_1.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2018-005.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote host is missing a macOS security update that fixes multiple vulner...
File: macosx_SecUpd_10_13_6_2018-002.nasl - Type: ACT_GATHER_INFO
2018-10-18 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14.nasl - Type: ACT_GATHER_INFO
2018-10-02 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: itunes_12_8_banner.nasl - Type: ACT_GATHER_INFO
2018-10-02 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: itunes_12_9.nasl - Type: ACT_GATHER_INFO