Filtered by vendor Apple
Subscribe
Search
Total
1588 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5044 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2021-09-08 | 6.8 MEDIUM | 6.3 MEDIUM |
| Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2017-5045 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2021-09-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page. | |||||
| CVE-2017-5046 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2021-09-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure. | |||||
| CVE-2017-5033 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2021-09-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword. | |||||
| CVE-2017-5038 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2021-09-08 | 6.8 MEDIUM | 6.3 MEDIUM |
| Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. | |||||
| CVE-2021-33597 | 3 Apple, F-secure, Microsoft | 6 Macos, Business Suite, Client Security and 3 more | 2021-08-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine. | |||||
| CVE-2020-7463 | 2 Apple, Freebsd | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2021-07-22 | 4.9 MEDIUM | 5.5 MEDIUM |
| In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. | |||||
| CVE-2019-8515 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information. | |||||
| CVE-2020-3836 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An access issue was addressed with improved memory management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. A malicious application may be able to determine kernel memory layout. | |||||
| CVE-2019-8727 | 1 Apple | 1 Iphone Os | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 13. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2020-3884 | 1 Apple | 1 Mac Os X | 2021-07-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution. | |||||
| CVE-2020-15651 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < 28. | |||||
| CVE-2020-3980 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2021-07-21 | 3.7 LOW | 6.7 MEDIUM |
| VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed. | |||||
| CVE-2020-3874 | 1 Apple | 2 Ipados, Iphone Os | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issued existed in the naming of screenshots. The issue was corrected with improved naming. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Screenshots of the Messages app may reveal additional message content. | |||||
| CVE-2019-5873 | 2 Apple, Google | 2 Iphone Os, Chrome | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy validation in navigation in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-9536 | 1 Apple | 1 Iphone 3gs | 2021-07-21 | 6.9 MEDIUM | 6.8 MEDIUM |
| Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware. | |||||
| CVE-2019-5812 | 2 Apple, Google | 2 Iphone Os, Chrome | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2020-3866 | 1 Apple | 1 Mac Os X | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Catalina 10.15.3. Searching for and opening a file from an attacker controlled NFS mount may bypass Gatekeeper. | |||||
| CVE-2019-8608 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2021-07-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8546 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A local user may be able to view sensitive user information. | |||||
| CVE-2019-8711 | 1 Apple | 1 Iphone Os | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A logic issue existed with the display of notification previews. This issue was addressed with improved validation. This issue is fixed in iOS 13. Notification previews may show on Bluetooth accessories even when previews are disabled. | |||||
| CVE-2019-8793 | 1 Apple | 2 Ipados, Iphone Os | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| A consistency issue existed in deciding when to show the screen recording indicator. The issue was resolved with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2. A local user may be able to record the screen without a visible screen recording indicator. | |||||
| CVE-2019-8522 | 1 Apple | 1 Mac Os X | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4. An encrypted volume may be unmounted and remounted by a different user without prompting for the password. | |||||
| CVE-2019-8725 | 1 Apple | 1 Safari | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history. | |||||
| CVE-2020-3916 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos. | |||||
| CVE-2020-3889 | 1 Apple | 1 Mac Os X | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to read arbitrary files. | |||||
| CVE-2020-3881 | 1 Apple | 1 Mac Os X | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to view sensitive user information. | |||||
| CVE-2020-9770 | 1 Apple | 2 Ipados, Iphone Os | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic. | |||||
| CVE-2020-9809 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2021-07-21 | 7.1 HIGH | 5.5 MEDIUM |
| An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine kernel memory layout. | |||||
| CVE-2020-9797 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine another application's memory layout. | |||||
| CVE-2020-3841 | 1 Apple | 3 Ipados, Iphone Os, Safari | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The issue was addressed with improved UI handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, Safari 13.0.5. A local user may unknowingly send a password unencrypted over the network. | |||||
| CVE-2020-3882 | 1 Apple | 1 Mac Os X | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. Importing a maliciously crafted calendar invitation may exfiltrate user information. | |||||
| CVE-2020-3872 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory. | |||||
| CVE-2020-6514 | 6 Apple, Canonical, Debian and 3 more | 11 Ipados, Iphone Os, Safari and 8 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. | |||||
| CVE-2020-9856 | 1 Apple | 1 Mac Os X | 2021-07-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges. | |||||
| CVE-2020-9835 | 1 Apple | 2 Ipad Os, Iphone Os | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 13.5 and iPadOS 13.5. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing. | |||||
| CVE-2020-9819 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption. | |||||
| CVE-2019-8898 | 1 Apple | 5 Ipados, Iphone Os, Itunes and 2 more | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited. | |||||
| CVE-2019-8774 | 1 Apple | 3 Ipad Os, Iphone Os, Mac Os X | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service. | |||||
| CVE-2019-8761 | 1 Apple | 1 Mac Os X | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information. | |||||
| CVE-2019-8569 | 1 Apple | 1 Mac Os X | 2021-07-21 | 7.2 HIGH | 6.7 MEDIUM |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2020-3852 | 1 Apple | 1 Safari | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A logic issue was addressed with improved validation. This issue is fixed in Safari 13.0.5. A URL scheme may be incorrectly ignored when determining multimedia permission for a website. | |||||
| CVE-2020-9982 | 1 Apple | 1 Music | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Apple Music 3.4.0 for Android. A malicious application may be able to leak a user's credentials. | |||||
| CVE-2020-27902 | 1 Apple | 2 Ipados, Iphone Os | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| An authentication issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2. A person with physical access to an iOS device may be able to access stored passwords without authentication. | |||||
| CVE-2020-3999 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2021-07-21 | 2.1 LOW | 6.5 MEDIUM |
| VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition. | |||||
| CVE-2019-8525 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2021-07-21 | 7.2 HIGH | 6.7 MEDIUM |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-3981 | 2 Apple, Vmware | 5 Mac Os X, Cloud Foundation, Esxi and 2 more | 2021-07-21 | 3.5 LOW | 5.8 MEDIUM |
| VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process. | |||||
| CVE-2019-8597 | 1 Apple | 7 Icloud, Iphone Os, Itunes and 4 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-9833 | 1 Apple | 1 Mac Os X | 2021-07-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.5. A local user may be able to read kernel memory. | |||||
| CVE-2020-9812 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2021-07-21 | 7.1 HIGH | 5.5 MEDIUM |
| An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory. | |||||