Filtered by vendor Apple
Subscribe
Total
11236 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6147 | 2 Apple, Pixar | 3 Ipados, Iphone Os, Openusd | 2022-05-13 | 6.8 MEDIUM | 7.8 HIGH |
| A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow. | |||||
| CVE-2022-24099 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2022-05-13 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-27783 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2022-05-13 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in After Effects. | |||||
| CVE-2015-8126 | 9 Apple, Canonical, Debian and 6 more | 21 Mac Os X, Ubuntu Linux, Debian Linux and 18 more | 2022-05-13 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. | |||||
| CVE-2014-0408 | 2 Apple, Oracle | 2 Mac Os X, Jre | 2022-05-13 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 7u45, when running on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | |||||
| CVE-2022-22666 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption. | |||||
| CVE-2020-15358 | 5 Apple, Canonical, Oracle and 2 more | 16 Icloud, Ipados, Iphone Os and 13 more | 2022-05-12 | 2.1 LOW | 5.5 MEDIUM |
| In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. | |||||
| CVE-2014-3620 | 2 Apple, Haxx | 3 Mac Os X, Curl, Libcurl | 2022-05-11 | 5.0 MEDIUM | N/A |
| cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. | |||||
| CVE-2021-30829 | 1 Apple | 2 Mac Os X, Macos | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| A URI parsing issue was addressed with improved parsing. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to execute arbitrary files. | |||||
| CVE-2021-30772 | 1 Apple | 2 Mac Os X, Macos | 2022-05-03 | 9.3 HIGH | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to gain root privileges. | |||||
| CVE-2020-9990 | 1 Apple | 1 Mac Os X | 2022-05-03 | 6.9 MEDIUM | 7.8 HIGH |
| A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-34423 | 5 Apple, Google, Linux and 2 more | 31 Iphone Os, Macos, Android and 28 more | 2022-04-29 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115, Zoom On-Premise Recording Connector before version 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code. | |||||
| CVE-2020-12243 | 8 Apple, Broadcom, Canonical and 5 more | 26 Mac Os X, Brocade Fabric Operating System, Ubuntu Linux and 23 more | 2022-04-29 | 5.0 MEDIUM | 7.5 HIGH |
| In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). | |||||
| CVE-2020-24556 | 3 Apple, Microsoft, Trendmicro | 5 Macos, Windows, Apex One and 2 more | 2022-04-28 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected. | |||||
| CVE-2020-6558 | 4 Apple, Debian, Google and 1 more | 5 Iphone Os, Debian Linux, Chrome and 2 more | 2022-04-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-9815 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2022-04-27 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||
| CVE-2020-9775 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2022-04-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Time. | |||||
| CVE-2020-13495 | 2 Apple, Pixar | 2 Mac Os X, Openusd | 2022-04-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file. | |||||
| CVE-2020-10016 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2022-04-26 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-28568 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2022-04-25 | 6.9 MEDIUM | 6.5 MEDIUM |
| Adobe Genuine Services version 7.1 (and earlier) is affected by an Insecure file permission vulnerability during installation process. A local authenticated attacker could leverage this vulnerability to achieve privilege escalation in the context of the current user. | |||||