Filtered by vendor Apple
Subscribe
Search
Total
2989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2105 | 7 Apple, Canonical, Debian and 4 more | 14 Mac Os X, Ubuntu Linux, Debian Linux and 11 more | 2019-02-21 | 5.0 MEDIUM | 7.5 HIGH |
| Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. | |||||
| CVE-2018-4186 | 1 Apple | 1 Safari | 2019-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation. | |||||
| CVE-2018-4194 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-01-29 | 6.8 MEDIUM | 8.8 HIGH |
| In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. | |||||
| CVE-2018-15983 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2019-01-28 | 6.8 MEDIUM | 7.8 HIGH |
| Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2018-4404 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-01-23 | 9.3 HIGH | 7.8 HIGH |
| In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling. | |||||
| CVE-2018-4330 | 1 Apple | 1 Iphone Os | 2019-01-23 | 9.3 HIGH | 7.8 HIGH |
| In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling. | |||||
| CVE-2017-13887 | 1 Apple | 1 Mac Os X | 2019-01-23 | 5.0 MEDIUM | 7.5 HIGH |
| In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management. | |||||
| CVE-2016-7576 | 1 Apple | 1 Iphone Os | 2019-01-17 | 9.3 HIGH | 7.8 HIGH |
| In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. | |||||
| CVE-2017-13888 | 1 Apple | 1 Iphone Os | 2019-01-17 | 5.0 MEDIUM | 7.5 HIGH |
| In iOS before 11.2, a type confusion issue was addressed with improved memory handling. | |||||
| CVE-2018-15978 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2018-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2015-3206 | 1 Apple | 1 Pykerberos | 2018-12-20 | 6.8 MEDIUM | 8.1 HIGH |
| The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack. | |||||
| CVE-2018-6983 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2018-12-19 | 7.2 HIGH | 8.8 HIGH |
| VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host. | |||||
| CVE-2016-7606 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-7662 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows remote attackers to spoof certificates via unspecified vectors. | |||||
| CVE-2016-7660 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references. | |||||
| CVE-2016-7659 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file. | |||||
| CVE-2016-7658 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file. | |||||
| CVE-2016-7644 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. | |||||
| CVE-2016-7643 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted web site. | |||||
| CVE-2016-7637 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2016-7621 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via unspecified vectors. | |||||
| CVE-2016-7616 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Disk Images" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-7613 | 1 Apple | 4 Iphone Os, Mac Os X, Safari and 1 more | 2018-10-30 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages object-lifetime mishandling during process spawning. | |||||
| CVE-2016-7612 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-7595 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font. | |||||
| CVE-2016-7594 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ICU" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2016-7589 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2016-7588 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreMedia Playback" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted MP4 file. | |||||
| CVE-2016-4693 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the 3DES cipher. | |||||
| CVE-2016-4691 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font. | |||||
| CVE-2016-1111 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted Graphics State dictionary. | |||||
| CVE-2018-12826 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Mac Os X, Chrome Os and 7 more | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-12827 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Mac Os X, Chrome Os and 7 more | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2016-4232 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2018-10-12 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information from process memory via unspecified vectors. | |||||
| CVE-2016-4223 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2018-10-12 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4224 and CVE-2016-4225. | |||||
| CVE-2016-4224 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2018-10-12 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4225. | |||||
| CVE-2016-4222 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2018-10-12 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248. | |||||
| CVE-2016-4225 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2018-10-12 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4224. | |||||
| CVE-2016-1018 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2018-10-12 | 9.3 HIGH | 8.8 HIGH |
| Stack-based buffer overflow in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via crafted JPEG-XR data. | |||||
| CVE-2016-1017 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2018-10-12 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in the LoadVars.decode function in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1031. | |||||
| CVE-2016-1015 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2018-10-12 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code by overriding NetConnection object properties to leverage an unspecified "type confusion," a different vulnerability than CVE-2016-1019. | |||||
| CVE-2016-1014 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2018-10-12 | 7.2 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows local users to gain privileges via a Trojan horse resource in an unspecified directory. | |||||
| CVE-2016-1016 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2018-10-12 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via a flash.geom.Matrix callback, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1017, and CVE-2016-1031. | |||||
| CVE-2016-1778 | 1 Apple | 2 Iphone Os, Safari | 2018-10-09 | 9.3 HIGH | 8.8 HIGH |
| WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | |||||
| CVE-2016-1723 | 1 Apple | 3 Iphone Os, Safari, Watchos | 2018-10-09 | 9.3 HIGH | 8.8 HIGH |
| WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726. | |||||
| CVE-2016-1726 | 1 Apple | 3 Iphone Os, Safari, Watchos | 2018-10-09 | 9.3 HIGH | 8.8 HIGH |
| WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1725. | |||||
| CVE-2016-1725 | 1 Apple | 3 Iphone Os, Safari, Watchos | 2018-10-09 | 9.3 HIGH | 8.8 HIGH |
| WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1726. | |||||
| CVE-2016-0956 | 5 Adobe, Apache, Apple and 2 more | 5 Experience Manager, Sling, Mac Os X and 2 more | 2018-10-09 | 7.8 HIGH | 7.5 HIGH |
| The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2018-5007 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2018-09-17 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-5008 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2018-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||