Vulnerabilities > Apple > MAC OS X > 10.15.4

DATE CVE VULNERABILITY TITLE RISK
2020-04-14 CVE-2020-11761 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in OpenEXR before 2.4.1.
5.5
2020-04-14 CVE-2020-11760 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in OpenEXR before 2.4.1.
5.5
2020-04-14 CVE-2020-11759 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in OpenEXR before 2.4.1.
5.5
2020-04-14 CVE-2020-11758 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in OpenEXR before 2.4.1.
5.5
2020-04-02 CVE-2019-14868 Command Injection vulnerability in multiple products
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables.
local
low complexity
ksh-project debian apple CWE-77
7.8
2020-02-27 CVE-2020-3878 Out-of-bounds Read vulnerability in Apple products
An out-of-bounds read was addressed with improved input validation.
network
apple CWE-125
6.8
2020-02-24 CVE-2019-20044 Improper Check for Dropped Privileges vulnerability in multiple products
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option.
local
low complexity
zsh fedoraproject debian apple CWE-273
7.8
2019-12-19 CVE-2019-19906 Off-by-one Error vulnerability in multiple products
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet.
7.5
2019-12-11 CVE-2019-14899 Man-in-the-Middle vulnerability in multiple products
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream.
low complexity
freebsd linux openbsd apple CWE-300
7.4
2016-07-23 CVE-2016-5131 Use After Free vulnerability in multiple products
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
8.8