Apple macOS - 4271 CVEs (Page 22/36)

About “Apple macOS”

A curated feed of “Apple macOS”-related CVEs appears below. We currently track 4271 CVEs for this tag (all time). In the last 365 days, 751 were published. Average CVSS is 6.8 (all time; 6.5 over 365d), and 54% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-284 - Improper Access Control, CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2022-05-26

Critical

CVE-2022-26708

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution.

CVSS: 9.8 CWE: N/A View on NVD

Medium

CVE-2022-26706

An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Mo…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2022-26704

A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileg…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD

High

CVE-2022-26701

A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel…

CVSS: 7.5 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD

High

CVE-2022-26698

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2022-26697

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD

Critical

CVE-2022-26694

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data.

CVSS: 9.1 CWE: N/A View on NVD

Critical

CVE-2022-26693

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data.

CVSS: 9.1 CWE: N/A View on NVD

Medium

CVE-2022-26691

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain ele…

CVSS: 6.7 CWE: CWE-697 - Incorrect Comparison View on NVD

Medium

CVE-2022-26690

Description: A race condition was addressed with additional validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to modify protected parts of the file system.

CVSS: 4.7 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD

Medium

CVE-2022-26688

An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with…

CVSS: 4.4 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD

Medium

CVE-2022-22676

An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it do…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2022-22675

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2022-22674

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2022-22672

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2022-22663

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 1…

CVSS: 5.5 CWE: N/A View on NVD

Medium

CVE-2022-22662

A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may…

CVSS: 6.5 CWE: N/A View on NVD

Medium

CVE-2022-22616

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gateke…

CVSS: 5.5 CWE: N/A View on NVD

2022-05-18

Medium

CVE-2022-22787

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a…

CVSS: 5.9 CWE: CWE-295 - Improper Certificate Validation View on NVD

Medium

CVE-2022-22785

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a mor…

CVSS: 5.9 CWE: CWE-565 - Reliance on Cookies without Validation and Integrity Checking View on NVD

High

CVE-2022-22784

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of…

CVSS: 8.1 CWE: CWE-91 - XML Injection (aka Blind XPath Injection) View on NVD

2022-04-28

High

CVE-2022-22781

The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor…

CVSS: 7.5 CWE: CWE-354 - Improper Validation of Integrity Check Value View on NVD

2022-04-20

High

CVE-2022-27536

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client…

CVSS: 7.5 CWE: CWE-295 - Improper Certificate Validation View on NVD

2022-04-14

Medium

CVE-2022-1257

Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The se…

CVSS: 6.1 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD

2022-03-23

High

CVE-2022-1030

Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid t…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

2022-03-18

High

CVE-2022-22669

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2022-22665

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2022-22664

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unex…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2022-22661

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to e…

CVSS: 7.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD

Medium

CVE-2022-22660

This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI.

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2022-22657

A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead…

CVSS: 7.8 CWE: CWE-665 - Improper Initialization View on NVD

Low

CVE-2022-22656

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able…

CVSS: 3.3 CWE: CWE-287 - Improper Authentication View on NVD

High

CVE-2022-22651

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt k…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2022-22650

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's…

CVSS: 5.5 CWE: CWE-281 - Improper Preservation of Permissions View on NVD

Medium

CVE-2022-22648

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memor…

CVSS: 5.5 CWE: N/A View on NVD

Medium

CVE-2022-22647

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass…

CVSS: 4.6 CWE: N/A View on NVD

Medium

CVE-2022-22644

A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to access…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2022-22643

This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have…

CVSS: 7.5 CWE: N/A View on NVD

Critical

CVE-2022-22641

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated priv…

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2022-22640

A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute a…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2022-22639

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.

CVSS: 7.8 CWE: N/A View on NVD

Medium

CVE-2022-22638

A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, ma…

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD

High

CVE-2022-22633

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Critical

CVE-2022-22632

A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application…

CVSS: 9.8 CWE: N/A View on NVD

High

CVE-2022-22631

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be ab…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2022-22627

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafte…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2022-22626

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2022-22625

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously craft…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2022-22621

This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able…

CVSS: 4.6 CWE: N/A View on NVD

High

CVE-2022-22620

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Pro…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2022-22617

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain ele…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2022-22615

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5,…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2022-22614

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2022-22613

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2022-22612

A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Proce…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2022-22611

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processin…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2022-22609

The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read o…

CVSS: 7.5 CWE: N/A View on NVD

Medium

CVE-2022-22600

The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass ce…

CVSS: 5.5 CWE: N/A View on NVD

Low

CVE-2022-22599

Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. A person with physica…

CVSS: 2.4 CWE: N/A View on NVD

High

CVE-2022-22597

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2022-22594

A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A webs…

CVSS: 6.5 CWE: CWE-346 - Origin Validation Error View on NVD

High

CVE-2022-22593

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, m…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

Medium

CVE-2022-22592

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted w…

CVSS: 6.5 CWE: N/A View on NVD

High

CVE-2022-22591

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2022-22590

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2022-22589

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously…

CVSS: 6.1 CWE: N/A View on NVD

Critical

CVE-2022-22587

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Critical

CVE-2022-22586

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privile…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2022-22585

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macO…

CVSS: 7.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD

High

CVE-2022-22584

A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file m…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2022-22583

A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access r…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2022-22579

An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2022-22578

A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. A malicious application may be able to gain root pr…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2021-30771

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6, watchOS 7.5, tvOS 14.6. Processing a maliciously crafted font…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

2022-03-10

High

CVE-2022-25294

Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. Al…

CVSS: 7.8 CWE: N/A View on NVD

2022-03-09

High

CVE-2022-24753

Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files.…

CVSS: 7.7 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

2022-02-18

Medium

CVE-2022-24370

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. User interaction is required to exploit this…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2022-24356

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. User interaction is required to exploit this vulnera…

CVSS: 8.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

2022-02-10

Medium

CVE-2022-0018

An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when…

CVSS: 6.1 CWE: CWE-201 - Insertion of Sensitive Information Into Sent Data View on NVD

High

CVE-2022-0016

An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SY…

CVSS: 7.4 CWE: CWE-703 - Improper Check or Handling of Exceptional Conditions View on NVD

2022-02-09

Medium

CVE-2022-22780

The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version…

CVSS: 4.7 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD

Low

CVE-2022-22779

The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and…

CVSS: 3.7 CWE: CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer View on NVD

2022-02-04

High

CVE-2022-24115

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 202…

CVSS: 7.8 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD

High

CVE-2022-24114

Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (ma…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD

2022-01-20

High

CVE-2022-21658

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_d…

CVSS: 7.3 CWE: CWE-363 - Race Condition Enabling Link Following View on NVD

2022-01-04

High

CVE-2021-41388

Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections befor…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD

High

CVE-2021-45980

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API.

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2021-45979

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API.

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

High

CVE-2021-45978

Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via xfa.host.gotoURL in the XFA API.

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

2021-12-30

High

CVE-2021-20172

All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. The installer of the macOS version of Netgear Genie handles certain files in an insecur…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD

2021-12-23

Medium

CVE-2021-30767

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3.…

CVSS: 5.5 CWE: N/A View on NVD

Medium

CVE-2020-3896

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2020-3886

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD

Critical

CVE-2019-8703

This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.

CVSS: 9.8 CWE: N/A View on NVD

Medium

CVE-2019-8702

This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user…

CVSS: 5.5 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD

Critical

CVE-2019-8643

CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management..

CVSS: 9.8 CWE: N/A View on NVD

Medium

CVE-2018-4478

A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical…

CVSS: 6.8 CWE: CWE-269 - Improper Privilege Management View on NVD

High

CVE-2018-4302

A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing malic…

CVSS: 7.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD

Medium

CVE-2017-13910

An access issue was addressed with additional sandbox restrictions on applications. This issue is fixed in macOS High Sierra 10.13. An application may be able to access restricted files.

CVSS: 5.5 CWE: N/A View on NVD

Medium

CVE-2017-13909

An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iC…

CVSS: 5.5 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD

High

CVE-2017-13908

An issue in handling file permissions was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capita…

CVSS: 7.8 CWE: N/A View on NVD

Medium

CVE-2017-13907

A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The…

CVSS: 6.8 CWE: N/A View on NVD

High

CVE-2017-13906

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macO…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD

High

CVE-2017-13905

A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capi…

CVSS: 8.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD

High

CVE-2017-13892

An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Si…

CVSS: 7.5 CWE: N/A View on NVD

High

CVE-2017-13835

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated privileges.

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD

2021-12-14

Medium

CVE-2021-34425

The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. In ver…

CVSS: 4.7 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD

2021-11-29

High

CVE-2021-34800

Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147

CVSS: 7.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD

2021-11-24

High

CVE-2021-34424

A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Critical

CVE-2021-34423

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and…

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

2021-11-23

Medium

CVE-2021-40831

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation…

CVSS: 6.3 CWE: CWE-295 - Improper Certificate Validation View on NVD

Medium

CVE-2021-40829

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not…

CVSS: 6.3 CWE: CWE-295 - Improper Certificate Validation View on NVD

2021-11-08

Medium

CVE-2021-37850

ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the…

CVSS: 5.5 CWE: N/A View on NVD

2021-11-02

Low

CVE-2021-42754

An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera withou…

CVSS: 3.2 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

2021-10-28

Medium

CVE-2021-30833

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2021-30824

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2021-30823

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network posi…

CVSS: 6.5 CWE: N/A View on NVD

High

CVE-2021-30821

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application m…

CVSS: 7.8 CWE: N/A View on NVD

Medium

CVE-2021-30817

A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to access data about the accounts the user is using Family S…

CVSS: 5.5 CWE: N/A View on NVD

Medium

CVE-2021-30813

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. A person with access to a host Mac may be able to bypass the Login Window in Remote Desktop for a locked i…

CVSS: 6.5 CWE: N/A View on NVD