Search
Total
3173 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8559 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-6218 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2019-8593 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. An application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2019-6211 | 1 Apple | 2 Iphone Os, Mac Os X | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8648 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution. | |||||
| CVE-2019-8562 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2020-08-24 | 6.8 MEDIUM | 9.6 CRITICAL |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2019-8628 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8760 | 1 Apple | 1 Iphone Os | 2020-08-24 | 4.6 MEDIUM | 6.8 MEDIUM |
| This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID. | |||||
| CVE-2017-11103 | 5 Apple, Debian, Freebsd and 2 more | 6 Iphone Os, Mac Os X, Debian Linux and 3 more | 2020-08-18 | 6.8 MEDIUM | 8.1 HIGH |
| Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated. | |||||
| CVE-2016-4669 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2020-08-14 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors. | |||||
| CVE-2018-4162 | 4 Apple, Canonical, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2020-08-14 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2010-2249 | 8 Apple, Canonical, Debian and 5 more | 12 Iphone Os, Itunes, Safari and 9 more | 2020-08-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. | |||||
| CVE-2010-1205 | 10 Apple, Canonical, Debian and 7 more | 17 Iphone Os, Itunes, Mac Os X and 14 more | 2020-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | |||||
| CVE-2019-15126 | 2 Apple, Broadcom | 15 Ipados, Iphone Os, Mac Os X and 12 more | 2020-08-11 | 2.9 LOW | 3.1 LOW |
| An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. | |||||
| CVE-2010-3259 | 4 Apple, Canonical, Google and 1 more | 5 Iphone Os, Safari, Ubuntu Linux and 2 more | 2020-08-04 | 4.3 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site. | |||||
| CVE-2010-3257 | 4 Apple, Canonical, Google and 1 more | 5 Iphone Os, Safari, Ubuntu Linux and 2 more | 2020-08-04 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus. | |||||
| CVE-2010-3116 | 4 Apple, Canonical, Google and 1 more | 5 Iphone Os, Safari, Ubuntu Linux and 2 more | 2020-08-04 | 10.0 HIGH | N/A |
| Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins. | |||||
| CVE-2010-4494 | 10 Apache, Apple, Debian and 7 more | 17 Openoffice, Iphone Os, Itunes and 14 more | 2020-07-31 | 7.5 HIGH | N/A |
| Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | |||||
| CVE-2020-6498 | 2 Apple, Google | 2 Iphone Os, Chrome | 2020-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2020-6497 | 2 Apple, Google | 2 Iphone Os, Chrome | 2020-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted URI. | |||||
| CVE-2020-9818 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2020-06-12 | 6.8 MEDIUM | 8.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination. | |||||
| CVE-2020-9816 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-06-11 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. | |||||
| CVE-2020-9792 | 1 Apple | 3 Ipad Os, Iphone Os, Mac Os X | 2020-06-11 | 2.1 LOW | 4.6 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A USB device may be able to cause a denial of service. | |||||
| CVE-2020-9795 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2020-06-11 | 9.3 HIGH | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-9800 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-06-11 | 6.8 MEDIUM | 8.8 HIGH |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-9823 | 1 Apple | 2 Ipad Os, Iphone Os | 2020-06-11 | 5.0 MEDIUM | 7.5 HIGH |
| This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5. Users removed from an iMessage conversation may still be able to alter state. | |||||
| CVE-2020-9789 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-06-11 | 9.3 HIGH | 8.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2020-9790 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-06-11 | 9.3 HIGH | 8.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2020-9820 | 1 Apple | 2 Ipados, Iphone Os | 2020-06-11 | 5.0 MEDIUM | 7.5 HIGH |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to modify the file system. | |||||
| CVE-2020-9825 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2020-06-11 | 6.8 MEDIUM | 7.8 HIGH |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A malicious application may be able to bypass Privacy preferences. | |||||
| CVE-2020-9826 | 1 Apple | 3 Ipad Os, Iphone Os, Mac Os X | 2020-06-11 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service. | |||||
| CVE-2020-9791 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-06-11 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||
| CVE-2020-9829 | 1 Apple | 4 Ipad Os, Iphone Os, Tvos and 1 more | 2020-06-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted text message may lead to application denial of service. | |||||
| CVE-2020-9827 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-06-10 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service. | |||||
| CVE-2020-9837 | 1 Apple | 4 Ipad Os, Iphone Os, Mac Os X and 1 more | 2020-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory. | |||||
| CVE-2020-9838 | 1 Apple | 2 Ipad Os, Iphone Os | 2020-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to cause arbitrary code execution. | |||||
| CVE-2020-9852 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-06-09 | 9.3 HIGH | 7.8 HIGH |
| An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2010-4008 | 9 Apache, Apple, Canonical and 6 more | 15 Openoffice, Iphone Os, Itunes and 12 more | 2020-06-04 | 4.3 MEDIUM | N/A |
| libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. | |||||
| CVE-2011-0983 | 3 Apple, Debian, Google | 5 Iphone Os, Itunes, Safari and 2 more | 2020-06-04 | 7.5 HIGH | N/A |
| Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-0981 | 3 Apple, Debian, Google | 5 Iphone Os, Itunes, Safari and 2 more | 2020-06-04 | 7.5 HIGH | N/A |
| Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-1121 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-06-04 | 7.5 HIGH | N/A |
| Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a TEXTAREA element. | |||||
| CVE-2011-1117 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-06-04 | 7.5 HIGH | N/A |
| Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale nodes." | |||||
| CVE-2011-1115 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-06-04 | 7.5 HIGH | N/A |
| Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-1114 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-06-04 | 7.5 HIGH | N/A |
| Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." | |||||
| CVE-2011-1204 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-06-04 | 6.8 MEDIUM | N/A |
| Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2011-1109 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-06-03 | 7.5 HIGH | N/A |
| Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-1107 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2020-06-03 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to spoof the URL bar via unknown vectors. | |||||
| CVE-2011-1203 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-06-03 | 7.5 HIGH | N/A |
| Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-1188 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-06-03 | 7.5 HIGH | N/A |
| Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-1190 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2020-06-02 | 5.0 MEDIUM | N/A |
| The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." | |||||