CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X » 10.3.4 : Security Vulnerabilities

Cpe Name:cpe:/o:apple:mac_os_x:10.3.4
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-8906 125 2019-02-18 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
2 CVE-2018-20506 190 Exec Code Overflow 2019-04-03 2019-06-19
6.8
None Remote Medium Not required Partial Partial Partial
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
3 CVE-2018-20505 89 DoS Sql 2019-04-03 2019-06-19
5.0
None Remote Low Not required None None Partial
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
4 CVE-2018-18313 125 2018-12-07 2019-09-06
6.4
None Remote Low Not required Partial None Partial
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
5 CVE-2018-18311 119 Overflow 2018-12-07 2019-07-16
7.5
None Remote Low Not required Partial Partial Partial
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
6 CVE-2018-12015 22 Dir. Trav. Bypass 2018-06-07 2019-08-06
6.4
None Remote Low Not required None Partial Partial
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
7 CVE-2018-8897 362 2018-05-08 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
8 CVE-2018-5383 347 2018-08-07 2019-10-02
4.3
None Local Network Medium Not required Partial Partial None
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
9 CVE-2018-4470 254 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6.
10 CVE-2018-4465 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
11 CVE-2018-4463 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.
12 CVE-2018-4462 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2.
13 CVE-2018-4461 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
14 CVE-2018-4460 20 DoS 2019-04-03 2019-04-09
4.0
None Remote Low Single system None None Partial
A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
15 CVE-2018-4456 119 Overflow Mem. Corr. 2019-04-03 2019-05-14
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6, macOS Mojave 10.14.
16 CVE-2018-4450 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.
17 CVE-2018-4449 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.
18 CVE-2018-4447 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
19 CVE-2018-4435 20 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
20 CVE-2018-4434 125 2019-04-03 2019-04-05
6.6
None Local Low Not required Complete None Complete
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2.
21 CVE-2018-4431 200 +Info 2019-04-03 2019-04-05
4.9
None Local Low Not required Complete None None
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
22 CVE-2018-4427 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to: iOS 12.1, watchOS 5.1.2, tvOS 12.1.1, macOS High Sierra 10.13.6 Security Update 2018-003 High Sierra, macOS Sierra 10.12.6 Security Update 2018-006.
23 CVE-2018-4426 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
24 CVE-2018-4425 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
25 CVE-2018-4424 119 Overflow 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A buffer overflow was addressed with improved size validation. This issue affected versions prior to macOS Mojave 10.14.1.
26 CVE-2018-4423 20 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A logic issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.1.
27 CVE-2018-4422 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.
28 CVE-2018-4421 119 Overflow 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.
29 CVE-2018-4420 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
30 CVE-2018-4419 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
31 CVE-2018-4418 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
32 CVE-2018-4417 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
33 CVE-2018-4415 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.
34 CVE-2018-4414 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
35 CVE-2018-4413 119 Overflow 2019-04-03 2019-04-05
7.1
None Remote Medium Not required Complete None None
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
36 CVE-2018-4412 119 Overflow Mem. Corr. 2019-04-03 2019-04-08
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
37 CVE-2018-4411 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.
38 CVE-2018-4410 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.1.
39 CVE-2018-4408 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved input validation This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
40 CVE-2018-4407 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
6.5
None Remote Low Single system Partial Partial Partial
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
41 CVE-2018-4406 20 DoS 2019-04-03 2019-04-05
4.0
None Remote Low Single system None None Partial
A denial of service issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.
42 CVE-2018-4403 200 +Info 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
This issue was addressed by removing additional entitlements. This issue affected versions prior to macOS Mojave 10.14.1.
43 CVE-2018-4402 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1.
44 CVE-2018-4401 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
45 CVE-2018-4400 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required None None Partial
A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1.
46 CVE-2018-4399 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
47 CVE-2018-4398 20 2019-04-03 2019-04-05
5.0
None Remote Low Not required None Partial None
An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8.
48 CVE-2018-4396 20 2019-04-03 2019-04-05
4.3
None Remote Medium Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
49 CVE-2018-4395 20 2019-04-03 2019-04-08
2.1
None Local Low Not required None None Partial
This issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
50 CVE-2018-4394 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1.
Total number of vulnerabilities : 375   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.