MAC OS X

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-23	CVE-2018-4302	NULL Pointer Dereference vulnerability in Apple products A null pointer dereference was addressed with improved validation. local low complexity apple CWE-476	7.8
2021-12-23	CVE-2018-4478	Improper Privilege Management vulnerability in Apple mac OS X A validation issue was addressed with improved logic. low complexity apple CWE-269	6.8
2021-12-23	CVE-2019-8643	Unspecified vulnerability in Apple mac OS X CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. network low complexity apple critical	9.8
2021-12-23	CVE-2019-8702	Exposure of Resource to Wrong Sphere vulnerability in Apple mac OS X This issue was addressed with a new entitlement. local low complexity apple CWE-668	5.5
2021-12-23	CVE-2019-8703	Unspecified vulnerability in Apple products This issue was addressed with improved entitlements. network low complexity apple critical	9.8
2021-12-23	CVE-2020-3886	Use After Free vulnerability in Apple mac OS X A use after free issue was addressed with improved memory management. local low complexity apple CWE-416	7.8
2021-12-23	CVE-2020-3896	Unspecified vulnerability in Apple mac OS X This issue was addressed by removing the vulnerable code. local low complexity apple	5.5
2021-12-23	CVE-2021-30767	Unspecified vulnerability in Apple products A logic issue was addressed with improved state management. local low complexity apple	5.5
2021-12-20	CVE-2021-44224	NULL Pointer Dereference vulnerability in multiple products A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). network low complexity apache fedoraproject debian tenable oracle apple CWE-476	8.2
2021-12-20	CVE-2021-44790	Out-of-bounds Write vulnerability in multiple products A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). network low complexity apache fedoraproject debian tenable netapp oracle apple CWE-787 critical	9.8