Filtered by vendor Apple
Subscribe
Search
Total
10011 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15358 | 5 Apple, Canonical, Oracle and 2 more | 16 Icloud, Ipados, Iphone Os and 13 more | 2022-05-12 | 2.1 LOW | 5.5 MEDIUM |
| In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. | |||||
| CVE-2020-13434 | 7 Apple, Canonical, Debian and 4 more | 15 Icloud, Ipad Os, Iphone Os and 12 more | 2022-05-12 | 2.1 LOW | 5.5 MEDIUM |
| SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. | |||||
| CVE-2021-23841 | 6 Apple, Debian, Netapp and 3 more | 22 Ipad Os, Iphone Os, Macos and 19 more | 2022-05-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). | |||||
| CVE-2014-3620 | 2 Apple, Haxx | 3 Mac Os X, Curl, Libcurl | 2022-05-11 | 5.0 MEDIUM | N/A |
| cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. | |||||
| CVE-2021-30772 | 1 Apple | 2 Mac Os X, Macos | 2022-05-03 | 9.3 HIGH | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to gain root privileges. | |||||
| CVE-2021-30665 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-05-03 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2021-30829 | 1 Apple | 2 Mac Os X, Macos | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| A URI parsing issue was addressed with improved parsing. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to execute arbitrary files. | |||||
| CVE-2020-9990 | 1 Apple | 1 Mac Os X | 2022-05-03 | 6.9 MEDIUM | 7.8 HIGH |
| A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-30724 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local attacker may be able to elevate their privileges. | |||||
| CVE-2020-36230 | 4 Apache, Apple, Debian and 1 more | 5 Bookkeeper, Mac Os X, Macos and 2 more | 2022-04-30 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. | |||||
| CVE-2022-27536 | 2 Apple, Golang | 2 Macos, Go | 2022-04-29 | 5.0 MEDIUM | 7.5 HIGH |
| Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic. | |||||
| CVE-2021-34423 | 5 Apple, Google, Linux and 2 more | 31 Iphone Os, Macos, Android and 28 more | 2022-04-29 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115, Zoom On-Premise Recording Connector before version 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code. | |||||
| CVE-2020-12243 | 8 Apple, Broadcom, Canonical and 5 more | 26 Mac Os X, Brocade Fabric Operating System, Ubuntu Linux and 23 more | 2022-04-29 | 5.0 MEDIUM | 7.5 HIGH |
| In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). | |||||
| CVE-2020-13494 | 2 Apple, Pixar | 2 Macos, Openusd | 2022-04-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file. | |||||
| CVE-2020-13497 | 2 Apple, Pixar | 2 Macos, Openusd | 2022-04-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in String Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | |||||
| CVE-2020-13493 | 2 Apple, Pixar | 2 Macos, Openusd | 2022-04-28 | 6.8 MEDIUM | 7.8 HIGH |
| A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file. | |||||
| CVE-2020-13498 | 2 Apple, Pixar | 2 Macos, Openusd | 2022-04-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in SdfPath Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | |||||
| CVE-2020-24556 | 3 Apple, Microsoft, Trendmicro | 5 Macos, Windows, Apex One and 2 more | 2022-04-28 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected. | |||||
| CVE-2020-6558 | 4 Apple, Debian, Google and 1 more | 5 Iphone Os, Debian Linux, Chrome and 2 more | 2022-04-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-14155 | 4 Apple, Gitlab, Oracle and 1 more | 4 Macos, Gitlab, Communications Cloud Native Core Policy and 1 more | 2022-04-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | |||||
| CVE-2020-9815 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2022-04-27 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||
| CVE-2020-9775 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2022-04-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Time. | |||||
| CVE-2020-6477 | 4 Apple, Fedoraproject, Google and 1 more | 5 Mac Os X, Fedora, Chrome and 2 more | 2022-04-26 | 4.6 MEDIUM | 7.8 HIGH |
| Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file. | |||||
| CVE-2020-13495 | 2 Apple, Pixar | 2 Mac Os X, Openusd | 2022-04-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file. | |||||
| CVE-2021-1788 | 3 Apple, Debian, Fedoraproject | 9 Ipados, Iphone Os, Mac Os X and 6 more | 2022-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-6616 | 3 Apple, Google, Samsung | 7 Ipad Os, Iphone Os, Mac Os X and 4 more | 2022-04-26 | 3.3 LOW | 6.5 MEDIUM |
| Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020). | |||||
| CVE-2021-1871 | 3 Apple, Debian, Fedoraproject | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2022-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2021-1844 | 3 Apple, Debian, Fedoraproject | 8 Ipad Os, Iphone Os, Macos and 5 more | 2022-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-11765 | 6 Apple, Canonical, Debian and 3 more | 12 Icloud, Ipad Os, Iphone Os and 9 more | 2022-04-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. | |||||
| CVE-2020-11758 | 6 Apple, Canonical, Debian and 3 more | 12 Icloud, Ipad Os, Iphone Os and 9 more | 2022-04-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. | |||||
| CVE-2020-10016 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2022-04-26 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-40702 | 3 Adobe, Apple, Microsoft | 3 Premiere Elements, Macos, Windows | 2022-04-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious psd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-39824 | 3 Adobe, Apple, Microsoft | 3 Premiere Elements, Macos, Windows | 2022-04-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious png file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-40700 | 3 Adobe, Apple, Microsoft | 3 Premiere Elements, Macos, Windows | 2022-04-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-40701 | 3 Adobe, Apple, Microsoft | 3 Premiere Elements, Macos, Windows | 2022-04-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-28568 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2022-04-25 | 6.9 MEDIUM | 6.5 MEDIUM |
| Adobe Genuine Services version 7.1 (and earlier) is affected by an Insecure file permission vulnerability during installation process. A local authenticated attacker could leverage this vulnerability to achieve privilege escalation in the context of the current user. | |||||
| CVE-2021-36065 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2022-04-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by a heap-based buffer overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-40703 | 3 Adobe, Apple, Microsoft | 3 Premiere Elements, Macos, Windows | 2022-04-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-40531 | 2 Apple, Sketch | 2 Macos, Sketch | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| Sketch before 75 allows library feeds to be used to bypass file quarantine. Files are automatically downloaded and opened, without the com.apple.quarantine extended attribute. This results in remote code execution, as demonstrated by CommandString in a terminal profile to Terminal.app. | |||||
| CVE-2021-43013 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2022-04-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Media Encoder version 15.4.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-43015 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2022-04-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe InCopy version 16.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. | |||||
| CVE-2022-24356 | 2 Apple, Foxit | 3 Macos, Pdf Editor, Pdf Reader | 2022-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the OnMouseExit method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14848. | |||||
| CVE-2010-1286 | 3 Adobe, Apple, Microsoft | 7 Shockwave Player, Macos, Windows and 4 more | 2022-02-28 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. | |||||
| CVE-2010-1287 | 3 Adobe, Apple, Microsoft | 7 Shockwave Player, Macos, Windows and 4 more | 2022-02-28 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. | |||||
| CVE-2010-1288 | 3 Adobe, Apple, Microsoft | 7 Shockwave Player, Macos, Windows and 4 more | 2022-02-28 | 9.3 HIGH | N/A |
| Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2010-1291 | 3 Adobe, Apple, Microsoft | 7 Shockwave Player, Macos, Windows and 4 more | 2022-02-28 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1290. | |||||
| CVE-2010-1289 | 3 Adobe, Apple, Microsoft | 7 Shockwave Player, Macos, Windows and 4 more | 2022-02-28 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291. | |||||
| CVE-2010-1292 | 3 Adobe, Apple, Microsoft | 7 Shockwave Player, Macos, Windows and 4 more | 2022-02-28 | 9.3 HIGH | N/A |
| The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. | |||||
| CVE-2010-1284 | 3 Adobe, Apple, Microsoft | 7 Shockwave Player, Macos, Windows and 4 more | 2022-02-28 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. | |||||
| CVE-2021-30954 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2022-02-25 | 9.3 HIGH | 7.8 HIGH |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||