Apple macOS vulnerabilities

3,139 known vulnerabilities affecting apple/mac_os_x.

Total CVEs

3,139

CISA KEV

actively exploited

Public exploits

277

Exploited in wild

Severity breakdown

CRITICAL302HIGH1409MEDIUM1236LOW192

Vulnerabilities

Page 21 of 157

CVE-2021-1778MEDIUMCVSS 5.5≥ 10.14, < 10.14.6≥ 10.15, < 10.15.7+2 more2021-04-02

CVE-2021-1778 [MEDIUM] CWE-125 CVE-2021-1778: An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds check An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.

nvd

CVE-2021-1766MEDIUMCVSS 5.5≥ 10.14, < 10.14.6≥ 10.15, < 10.15.7+2 more2021-04-02

CVE-2021-1766 [MEDIUM] CVE-2021-1766: This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security U This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.

nvd

CVE-2021-1791MEDIUMCVSS 5.5≥ 10.14, < 10.14.6≥ 10.15, < 10.15.7+2 more2021-04-02

CVE-2021-1791 [MEDIUM] CWE-125 CVE-2021-1791: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to disclose kernel memory

nvd

CVE-2020-27935MEDIUMCVSS 6.3fixed in 11.0.12021-04-02

CVE-2020-27935 [MEDIUM] CVE-2020-27935: Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbox restrictions.

nvd

CVE-2021-1786MEDIUMCVSS 5.5≥ 10.14, < 10.14.6≥ 10.15, < 10.15.7+2 more2021-04-02

CVE-2021-1786 [MEDIUM] CVE-2021-1786: A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11. A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to create or modify system files.

nvd

CVE-2020-29610MEDIUMCVSS 5.5≥ 10.14, < 10.14.6≥ 10.15, < 10.15.7+2 more2021-04-02

CVE-2020-29610 [MEDIUM] CWE-125 CVE-2020-29610: An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7 An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may disclose restricted memory.

nvd

CVE-2020-27946MEDIUMCVSS 5.5≥ 10.14, < 10.14.6≥ 10.15, < 10.15.7+2 more2021-04-02

CVE-2020-27946 [MEDIUM] CVE-2020-27946: An information disclosure issue was addressed with improved state management. This issue is fixed in An information disclosure issue was addressed with improved state management. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font may result in the disclosure of process memory.

nvd

CVE-2021-1769MEDIUMCVSS 5.5≥ 10.14, < 10.14.6≥ 10.15, < 10.15.7+2 more2021-04-02

CVE-2021-1769 [MEDIUM] CVE-2021-1769: A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.2, Sec A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

nvd

CVE-2021-1760MEDIUMCVSS 5.5≥ 10.14, < 10.14.6≥ 10.15, < 10.15.7+2 more2021-04-02

CVE-2021-1760 [MEDIUM] CWE-787 CVE-2021-1760: A memory corruption issue was addressed with improved state management. This issue is fixed in macOS A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application could execute arbitrary code leading to compromise of user information.

nvd

CVE-2020-9978MEDIUMCVSS 4.5≥ 10.14, < 10.14.6≥ 10.15, < 10.15.7+2 more2021-04-02

CVE-2020-9978 [MEDIUM] CVE-2020-9978: This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11. This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network position may be able to unexpectedly alter application state.

nvd

CVE-2020-27949MEDIUMCVSS 5.5≥ 10.14, < 10.14.6≥ 10.15, < 10.15.7+2 more2021-04-02

CVE-2020-27949 [MEDIUM] CVE-2020-27949: This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed i This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace.

nvd

CVE-2020-29608MEDIUMCVSS 5.5≥ 10.14, < 10.14.6≥ 10.15, < 10.15.7+2 more2021-04-02

CVE-2020-29608 [MEDIUM] CWE-125 CVE-2020-29608: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, watchOS 7.2. A remote attacker may be able to lea

nvd

CVE-2020-29623LOWCVSS 3.3≥ 10.14, < 10.14.6≥ 10.15, < 10.15.7+2 more2021-04-02

CVE-2020-29623 [LOW] CVE-2020-29623: "Clear History and Website Data" did not clear the history. The issue was addressed with improved da "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.

nvd

CVE-2021-1771LOWCVSS 3.3≥ 10.14, < 10.14.6≥ 10.15, < 10.15.7+2 more2021-04-02

CVE-2021-1771 [LOW] CVE-2021-1771: This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security U This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A user that is removed from an iMessage group could rejoin the group.

nvd

CVE-2020-36230HIGHCVSS 7.5≥ 10.14.0, < 10.14.6v10.14.62021-01-26

CVE-2020-36230 [HIGH] CWE-617 CVE-2020-36230: A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.50 A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.

nvd

CVE-2020-36223HIGHCVSS 7.5≥ 10.14.0, < 10.14.6v10.14.62021-01-26

CVE-2020-36223 [HIGH] CWE-125 CVE-2020-36223: A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).

nvd

CVE-2020-36229HIGHCVSS 7.5≥ 10.14.0, < 10.14.6v10.14.62021-01-26

CVE-2020-36229 [HIGH] CWE-843 CVE-2020-36229: A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X. A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.

nvd

CVE-2020-36221HIGHCVSS 7.5≥ 10.14.0, < 10.14.6v10.14.62021-01-26

CVE-2020-36221 [HIGH] CWE-191 CVE-2020-36221: An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certif An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).

nvd

CVE-2020-36222HIGHCVSS 7.5≥ 10.14.0, < 10.14.6v10.14.62021-01-26

CVE-2020-36222 [HIGH] CWE-617 CVE-2020-36222: A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the sasl A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.

nvd

CVE-2020-36226HIGHCVSS 7.5≥ 10.14.0, < 10.14.6v10.14.62021-01-26

CVE-2020-36226 [HIGH] CVE-2020-36226: A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.

nvd

← Previous21 / 157Next →