Filtered by vendor Apple
Subscribe
Search
Total
10011 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9806 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2021-12-01 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-9807 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2021-12-01 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-3900 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2021-12-01 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-3899 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2021-12-01 | 9.3 HIGH | 8.8 HIGH |
| A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. | |||||
| CVE-2020-3895 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2021-12-01 | 9.3 HIGH | 8.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2017-3085 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Mac Os X, Macos and 8 more | 2021-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. | |||||
| CVE-2018-25010 | 5 Apple, Debian, Netapp and 2 more | 6 Ipad Os, Iphone Os, Debian Linux and 3 more | 2021-11-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability. | |||||
| CVE-2018-25014 | 5 Apple, Debian, Netapp and 2 more | 6 Ipados, Iphone Os, Debian Linux and 3 more | 2021-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2018-25011 | 5 Apple, Debian, Netapp and 2 more | 6 Ipados, Iphone Os, Debian Linux and 3 more | 2021-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-10001 | 2 Apple, Debian | 2 Mac Os X, Debian Linux | 2021-11-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory. | |||||
| CVE-2019-8710 | 1 Apple | 1 Icloud | 2021-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8766 | 1 Apple | 2 Icloud, Watchos | 2021-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8765 | 1 Apple | 1 Watchos | 2021-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8763 | 1 Apple | 6 Icloud, Ipados, Iphone Os and 3 more | 2021-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8743 | 1 Apple | 1 Watchos | 2021-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8735 | 1 Apple | 3 Icloud, Itunes, Tvos | 2021-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8733 | 1 Apple | 3 Icloud, Itunes, Tvos | 2021-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8726 | 1 Apple | 3 Icloud, Itunes, Tvos | 2021-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-30847 | 1 Apple | 7 Ipados, Iphone Os, Itunes and 4 more | 2021-11-30 | 6.8 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2020-36330 | 5 Apple, Debian, Netapp and 2 more | 6 Ipados, Iphone Os, Debian Linux and 3 more | 2021-11-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. | |||||
| CVE-2021-40833 | 3 Apple, F-secure, Microsoft | 7 Macos, Atlant, Elements Endpoint Protection and 4 more | 2021-11-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. | |||||
| CVE-2021-30917 | 1 Apple | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2021-11-29 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2016-4124 | 8 Adobe, Apple, Google and 5 more | 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more | 2021-11-26 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2016-4125 | 8 Adobe, Apple, Google and 5 more | 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more | 2021-11-26 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2016-4126 | 5 Adobe, Apple, Google and 2 more | 10 Air Desktop Runtime, Flash Player, Flash Player For Linux and 7 more | 2021-11-26 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2017-3072 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Mac Os X, Macos and 8 more | 2021-11-26 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3071 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Mac Os X, Macos and 8 more | 2021-11-26 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3080 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Mac Os X, Macos and 8 more | 2021-11-26 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure. | |||||
| CVE-2017-3074 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Mac Os X, Macos and 8 more | 2021-11-26 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3073 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Mac Os X, Macos and 8 more | 2021-11-26 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3070 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Mac Os X, Macos and 8 more | 2021-11-26 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-4127 | 8 Adobe, Apple, Google and 5 more | 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more | 2021-11-26 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2017-3069 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Mac Os X, Macos and 8 more | 2021-11-26 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-4171 | 8 Adobe, Apple, Google and 5 more | 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more | 2021-11-26 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016. | |||||
| CVE-2016-4130 | 8 Adobe, Apple, Google and 5 more | 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more | 2021-11-26 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2021-43016 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2021-11-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2016-4123 | 8 Adobe, Apple, Google and 5 more | 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more | 2021-11-24 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2016-4128 | 8 Adobe, Apple, Google and 5 more | 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more | 2021-11-24 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2016-4129 | 8 Adobe, Apple, Google and 5 more | 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more | 2021-11-24 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2021-43019 | 2 Adobe, Apple | 2 Creative Cloud Desktop Application, Macos | 2021-11-24 | 9.3 HIGH | 7.8 HIGH |
| Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. An unauthenticated attacker could leverage this vulnerability to remove files and escalate privileges under the context of SYSTEM . An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability on the product installer. User interaction is required before product installation to abuse this vulnerability. | |||||
| CVE-2021-30874 | 1 Apple | 3 Ipad Os, Iphone Os, Macos | 2021-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A VPN configuration may be installed by an app without user permission. | |||||
| CVE-2021-30867 | 1 Apple | 3 Ipad Os, Iphone Os, Macos | 2021-11-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| The issue was addressed with improved authentication. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to access photo metadata without needing permission to access photos. | |||||
| CVE-2021-30866 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2021-11-23 | 3.3 LOW | 6.5 MEDIUM |
| A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A device may be passively tracked by its WiFi MAC address. | |||||
| CVE-2021-30852 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
| A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-30851 | 3 Apple, Debian, Fedoraproject | 8 Ipad Os, Iphone Os, Macos and 5 more | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution. | |||||
| CVE-2021-30861 | 1 Apple | 2 Macos, Safari | 2021-11-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may bypass Gatekeeper checks. | |||||
| CVE-2017-3068 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Mac Os X, Macos and 8 more | 2021-11-23 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-7886 | 3 Adobe, Apple, Microsoft | 4 Indesign, Indesign Server, Macos and 1 more | 2021-11-23 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe InDesign version 11.4.1 and earlier, Adobe InDesign Server 11.0.0 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3099 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Mac Os X, Macos and 8 more | 2021-11-23 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3100 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Mac Os X, Macos and 8 more | 2021-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure. | |||||