Vulnerabilities > Apple > MAC OS X > 10.15.4

DATE CVE VULNERABILITY TITLE RISK
2020-04-14 CVE-2020-11761 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in OpenEXR before 2.4.1. 		5.5
5.5
2020-04-14 CVE-2020-11760 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in OpenEXR before 2.4.1. 		5.5
5.5
2020-04-14 CVE-2020-11759 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in OpenEXR before 2.4.1. 		5.5
5.5
2020-04-14 CVE-2020-11758 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in OpenEXR before 2.4.1. 		5.5
5.5
2020-04-02 CVE-2019-14868 In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables.
local
low complexity
ksh-project debian apple
7.8
7.8
2020-02-27 CVE-2020-3878 Out-of-bounds Read vulnerability in Apple products
An out-of-bounds read was addressed with improved input validation.
local
low complexity
apple CWE-125
7.8
7.8
2020-02-24 CVE-2019-20044 Improper Check for Dropped Privileges vulnerability in multiple products
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option.
local
low complexity
zsh fedoraproject debian apple CWE-273
7.8
7.8
2019-12-19 CVE-2019-19906 Off-by-one Error vulnerability in multiple products
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. 		7.5
7.5
2019-12-11 CVE-2019-14899 A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream.
low complexity
freebsd linux openbsd apple
7.4
7.4
2016-09-25 CVE-2016-4778 Permissions, Privileges, and Access Controls vulnerability in Apple products
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
local
low complexity
apple CWE-264
7.8
7.8