Filtered by vendor Apple
Subscribe
Search
Total
10011 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9808 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2021-07-21 | 5.8 MEDIUM | 7.1 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to cause unexpected system termination or write kernel memory. | |||||
| CVE-2019-8592 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, tvOS 12.3, watchOS 5.2.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, iOS 13. Playing a malicious audio file may lead to arbitrary code execution. | |||||
| CVE-2019-8711 | 1 Apple | 1 Iphone Os | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A logic issue existed with the display of notification previews. This issue was addressed with improved validation. This issue is fixed in iOS 13. Notification previews may show on Bluetooth accessories even when previews are disabled. | |||||
| CVE-2020-9793 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause arbitrary code execution. | |||||
| CVE-2019-8694 | 1 Apple | 1 Mac Os X | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-9777 | 1 Apple | 2 Ipados, Iphone Os | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest version of a video. This issue is fixed in iOS 13.4 and iPadOS 13.4. Cropped videos may not be shared properly via Mail. | |||||
| CVE-2020-3863 | 1 Apple | 1 Mac Os X | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2019-8838 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-9773 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2021-07-21 | 4.3 MEDIUM | 3.3 LOW |
| The issue was addressed with improved handling of icon caches. This issue is fixed in iOS 14.0 and iPadOS 14.0. A malicious application may be able to identify what other applications a user has installed. | |||||
| CVE-2020-9907 | 1 Apple | 3 Ipad Os, Iphone Os, Tvos | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2019-8548 | 1 Apple | 1 Watchos | 2021-07-21 | 2.1 LOW | 2.4 LOW |
| An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear when the device goes to sleep. | |||||
| CVE-2020-9776 | 1 Apple | 1 Mac Os X | 2021-07-21 | 4.3 MEDIUM | 3.3 LOW |
| This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to access a user's call history. | |||||
| CVE-2020-14451 | 2 Apple, Mattermost | 2 Iphone Os, Mattermost Mobile | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMSA-2020-0013. | |||||
| CVE-2019-8750 | 1 Apple | 2 Icloud, Watchos | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Multiple issues in libxslt. | |||||
| CVE-2019-8610 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8608 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2021-07-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8852 | 1 Apple | 1 Mac Os X | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2019-9536 | 1 Apple | 1 Iphone 3gs | 2021-07-21 | 6.9 MEDIUM | 6.8 MEDIUM |
| Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware. | |||||
| CVE-2019-8635 | 1 Apple | 1 Mac Os X | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2020-3845 | 1 Apple | 1 Mac Os X | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2020-9613 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. | |||||
| CVE-2020-3916 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos. | |||||
| CVE-2020-9819 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption. | |||||
| CVE-2020-9835 | 1 Apple | 2 Ipad Os, Iphone Os | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 13.5 and iPadOS 13.5. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing. | |||||
| CVE-2019-8601 | 1 Apple | 7 Icloud, Iphone Os, Itunes and 4 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8725 | 1 Apple | 1 Safari | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history. | |||||
| CVE-2020-9614 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. | |||||
| CVE-2019-8681 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-6514 | 6 Apple, Canonical, Debian and 3 more | 11 Ipados, Iphone Os, Safari and 8 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. | |||||
| CVE-2020-9596 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. | |||||
| CVE-2020-9592 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. | |||||
| CVE-2020-3999 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2021-07-21 | 2.1 LOW | 6.5 MEDIUM |
| VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition. | |||||
| CVE-2020-3841 | 1 Apple | 3 Ipados, Iphone Os, Safari | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The issue was addressed with improved UI handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, Safari 13.0.5. A local user may unknowingly send a password unencrypted over the network. | |||||
| CVE-2020-9904 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-3905 | 1 Apple | 1 Mac Os X | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-6553 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Iphone Os, Debian Linux, Fedora and 1 more | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6528 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Iphone Os, Debian Linux, Fedora and 3 more | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2020-3882 | 1 Apple | 1 Mac Os X | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. Importing a maliciously crafted calendar invitation may exfiltrate user information. | |||||
| CVE-2020-6403 | 3 Apple, Google, Opensuse | 3 Iphone Os, Chrome, Backports Sle | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2020-3858 | 1 Apple | 2 Ipados, Iphone Os | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2019-8781 | 1 Apple | 1 Mac Os X | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-3980 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2021-07-21 | 3.7 LOW | 6.7 MEDIUM |
| VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed. | |||||
| CVE-2019-8825 | 1 Apple | 4 Icloud, Iphone Os, Itunes and 1 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 10.7, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-7076 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2019-8546 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A local user may be able to view sensitive user information. | |||||
| CVE-2020-27895 | 1 Apple | 1 Itunes | 2021-07-21 | 4.3 MEDIUM | 3.3 LOW |
| An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. This issue is fixed in iTunes 12.11 for Windows. A malicious application may be able to access local users Apple IDs. | |||||
| CVE-2020-3913 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, watchOS 6.2. A malicious application may be able to elevate privileges. | |||||
| CVE-2019-8716 | 1 Apple | 1 Mac Os X | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2019-7815 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| Adobe Acrobat and Reader versions 2019.010.20091 and earlier, 2019.010.20091 and earlier, 2017.011.30120 and earlier version, and 2015.006.30475 and earlier have a data leakage (sensitive) vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-3904 | 1 Apple | 1 Mac Os X | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| Multiple memory corruption issues were addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||