Filtered by vendor Apple
Subscribe
Search
Total
10011 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30740 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2021-09-22 | 9.3 HIGH | 7.8 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-30744 | 1 Apple | 6 Ipad Os, Iphone Os, Macos and 3 more | 2021-09-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2021-30743 | 1 Apple | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2021-09-22 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-30752 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2021-09-22 | 6.8 MEDIUM | 7.8 HIGH |
| Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An out-of-bounds read was addressed with improved input validation. | |||||
| CVE-2021-30734 | 1 Apple | 6 Ipad Os, Iphone Os, Macos and 3 more | 2021-09-22 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-20838 | 2 Apple, Pcre | 2 Macos, Pcre | 2021-09-22 | 4.3 MEDIUM | 7.5 HIGH |
| libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. | |||||
| CVE-2020-27894 | 1 Apple | 1 Macos | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The issue was addressed with additional user controls. This issue is fixed in macOS Big Sur 11.0.1. Users may be unable to remove metadata indicating where files were downloaded from. | |||||
| CVE-2010-1282 | 3 Adobe, Apple, Microsoft | 3 Shockwave Player, Macos, Windows | 2021-09-22 | 4.3 MEDIUM | N/A |
| Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file. | |||||
| CVE-2010-1283 | 3 Adobe, Apple, Microsoft | 3 Shockwave Player, Macos, Windows | 2021-09-22 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record. | |||||
| CVE-2010-1281 | 3 Adobe, Apple, Microsoft | 3 Shockwave Player, Macos, Windows | 2021-09-22 | 9.3 HIGH | N/A |
| iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. | |||||
| CVE-2021-30731 | 1 Apple | 2 Mac Os X, Macos | 2021-09-22 | 1.9 LOW | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina. An unprivileged application may be able to capture USB devices. | |||||
| CVE-2021-30723 | 1 Apple | 4 Ipad Os, Iphone Os, Mac Os X and 1 more | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. | |||||
| CVE-2021-30726 | 1 Apple | 2 Mac Os X, Macos | 2021-09-22 | 9.3 HIGH | 7.8 HIGH |
| A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking. | |||||
| CVE-2021-30725 | 1 Apple | 4 Ipad Os, Iphone Os, Mac Os X and 1 more | 2021-09-22 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | |||||
| CVE-2020-10663 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Macos, Debian Linux, Fedora and 3 more | 2021-09-22 | 5.0 MEDIUM | 7.5 HIGH |
| The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. | |||||
| CVE-2021-30728 | 1 Apple | 2 Mac Os X, Macos | 2021-09-22 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2010-0127 | 3 Adobe, Apple, Microsoft | 3 Shockwave Player, Macos, Windows | 2021-09-22 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file. | |||||
| CVE-2010-0128 | 3 Adobe, Apple, Microsoft | 4 Director, Shockwave Player, Macos and 1 more | 2021-09-22 | 9.3 HIGH | N/A |
| Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation. | |||||
| CVE-2021-30722 | 1 Apple | 2 Mac Os X, Macos | 2021-09-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information. | |||||
| CVE-1999-1412 | 2 Apache, Apple | 2 Http Server, Macos | 2021-09-22 | 5.0 MEDIUM | N/A |
| A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. | |||||
| CVE-1999-1393 | 1 Apple | 1 Macos | 2021-09-22 | 4.6 MEDIUM | N/A |
| Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible. | |||||
| CVE-1999-1543 | 1 Apple | 1 Macos | 2021-09-22 | 4.6 MEDIUM | N/A |
| MacOS uses weak encryption for passwords that are stored in the Users & Groups Data File. | |||||
| CVE-1999-0524 | 9 Apple, Cisco, Hp and 6 more | 12 Mac Os X, Macos, Ios and 9 more | 2021-09-22 | 0.0 LOW | N/A |
| ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | |||||
| CVE-1999-1076 | 1 Apple | 1 Macos | 2021-09-22 | 4.6 MEDIUM | N/A |
| Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session. | |||||
| CVE-2007-1913 | 8 Apple, Hp, Ibm and 5 more | 11 Macos, Hp-ux, Tru64 and 8 more | 2021-09-22 | 5.0 MEDIUM | N/A |
| The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | |||||
| CVE-2007-1915 | 7 Apple, Hp, Ibm and 4 more | 10 Macos, Hp-ux, Tru64 and 7 more | 2021-09-22 | 7.5 HIGH | N/A |
| Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | |||||
| CVE-2007-1916 | 8 Apple, Hp, Ibm and 5 more | 11 Macos, Hp-ux, Tru64 and 8 more | 2021-09-22 | 10.0 HIGH | N/A |
| Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | |||||
| CVE-2010-0243 | 2 Apple, Microsoft | 2 Macos, Office | 2021-09-22 | 9.3 HIGH | N/A |
| Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow." | |||||
| CVE-2009-1792 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2021-09-22 | 9.3 HIGH | N/A |
| The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument). | |||||
| CVE-2007-1918 | 8 Apple, Hp, Ibm and 5 more | 11 Macos, Hp-ux, Tru64 and 8 more | 2021-09-22 | 5.0 MEDIUM | N/A |
| The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before 20070109 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | |||||
| CVE-2010-0130 | 3 Adobe, Apple, Microsoft | 3 Shockwave Player, Macos, Windows | 2021-09-22 | 9.3 HIGH | N/A |
| Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file. | |||||
| CVE-2010-0986 | 3 Adobe, Apple, Microsoft | 3 Shockwave Player, Macos, Windows | 2021-09-22 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file. | |||||
| CVE-2001-0102 | 1 Apple | 1 Macos | 2021-09-22 | 7.2 HIGH | N/A |
| "Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and allows the Normal user to log in as the Owner account without a password. | |||||
| CVE-2013-6853 | 3 Apple, Mozilla, Yahoo | 3 Macos, Firefox, Toolbar | 2021-09-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim. | |||||
| CVE-2021-30739 | 1 Apple | 2 Mac Os X, Macos | 2021-09-22 | 4.6 MEDIUM | 7.8 HIGH |
| A local attacker may be able to elevate their privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A memory corruption issue was addressed with improved validation. | |||||
| CVE-2013-0074 | 2 Apple, Microsoft | 9 Macos, Silverlight, Windows 7 and 6 more | 2021-09-22 | 9.3 HIGH | N/A |
| Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability." | |||||
| CVE-2010-1280 | 3 Adobe, Apple, Microsoft | 3 Shockwave Player, Macos, Windows | 2021-09-22 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file. | |||||
| CVE-1999-0590 | 3 Apple, Linux, Microsoft | 6 Macos, Linux Kernel, Windows 2000 and 3 more | 2021-09-22 | 10.0 HIGH | N/A |
| A system does not present an appropriate legal message or warning to a user who is accessing it. | |||||
| CVE-2010-0987 | 3 Adobe, Apple, Microsoft | 3 Shockwave Player, Macos, Windows | 2021-09-22 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file. | |||||
| CVE-2015-1234 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2021-09-22 | 6.8 MEDIUM | N/A |
| Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands. | |||||
| CVE-2015-1233 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2021-09-22 | 7.5 HIGH | N/A |
| Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2021-30735 | 1 Apple | 2 Mac Os X, Macos | 2021-09-22 | 9.3 HIGH | 7.8 HIGH |
| A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking. | |||||
| CVE-2016-4122 | 6 Adobe, Apple, Google and 3 more | 12 Flash Player, Flash Player For Linux, Mac Os X and 9 more | 2021-09-22 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2000-0041 | 1 Apple | 1 Macos | 2021-09-22 | 5.0 MEDIUM | N/A |
| Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack. | |||||
| CVE-2015-2742 | 3 Apple, Mozilla, Oracle | 3 Macos, Firefox, Solaris | 2021-09-22 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attackers to obtain sensitive information by leveraging access to a crash-reporting data stream. | |||||
| CVE-2014-8439 | 4 Adobe, Apple, Linux and 1 more | 8 Air, Air Sdk, Air Sdk And Compiler and 5 more | 2021-09-22 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. | |||||
| CVE-2021-30778 | 1 Apple | 1 Macos | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to bypass Privacy preferences. | |||||
| CVE-2007-1917 | 8 Apple, Hp, Ibm and 5 more | 11 Macos, Hp-ux, Tru64 and 8 more | 2021-09-22 | 10.0 HIGH | N/A |
| Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | |||||
| CVE-2011-4370 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Reader, Adobe Reader and 3 more | 2021-09-22 | 7.5 HIGH | N/A |
| Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373. | |||||
| CVE-2021-30749 | 1 Apple | 6 Ipad Os, Iphone Os, Macos and 3 more | 2021-09-22 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||