Filtered by vendor Apple
Subscribe
Search
Total
10011 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7053 | 2 Apple, Microsoft | 2 Itunes, Windows | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iTunes before 12.6.2 on Windows is affected. The issue involves the "iTunes" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2018-4154 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-10-03 | 7.6 HIGH | 7.0 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Storage" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2018-4155 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-10-03 | 7.6 HIGH | 7.0 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2018-4152 | 1 Apple | 1 Mac Os X | 2019-10-03 | 7.6 HIGH | 7.0 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Notes" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2018-17472 | 4 Apple, Debian, Google and 1 more | 6 Iphone Os, Debian Linux, Chrome and 3 more | 2019-10-03 | 6.8 MEDIUM | 9.6 CRITICAL |
| Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page. | |||||
| CVE-2017-7084 | 1 Apple | 1 Mac Os X | 2019-10-03 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Application Firewall" component. It allows remote attackers to bypass intended settings in opportunistic circumstances by leveraging incorrect handling of a denied setting after an upgrade. | |||||
| CVE-2018-4151 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-10-03 | 7.6 HIGH | 7.0 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2018-4100 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. watchOS before 4.2.2 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message. | |||||
| CVE-2018-4157 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-10-03 | 7.6 HIGH | 7.0 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2018-4131 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-10-03 | 4.3 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass the Secure Input Mode protection mechanism, and log keystrokes of arbitrary apps, via a crafted app that scans key states. | |||||
| CVE-2018-16045 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-10-03 | 9.3 HIGH | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2018-16044 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-10-03 | 9.3 HIGH | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2017-2381 | 1 Apple | 1 Mac Os X | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "sudo" component. It allows remote authenticated users to gain privileges by leveraging membership in the admin group on a network directory server. | |||||
| CVE-2017-7161 | 2 Apple, Canonical | 2 Safari, Ubuntu Linux | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection. | |||||
| CVE-2018-4091 | 1 Apple | 1 Mac Os X | 2019-10-03 | 7.5 HIGH | 10.0 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Sandbox" component. It allows bypass of a sandbox protection mechanism. | |||||
| CVE-2018-4115 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access restrictions by leveraging incorrect configuration-profile persistence. | |||||
| CVE-2018-4172 | 1 Apple | 1 Iphone Os | 2019-10-03 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Find My iPhone" component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the "Find My iPhone" feature via vectors involving a backup restore. | |||||
| CVE-2017-18190 | 3 Apple, Canonical, Debian | 3 Cups, Ubuntu Linux, Debian Linux | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). | |||||
| CVE-2017-2376 | 1 Apple | 2 Iphone Os, Safari | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page. | |||||
| CVE-2017-17688 | 11 Apple, Bloop, Emclient and 8 more | 11 Mail, Airmail, Emclient and 8 more | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| ** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification. | |||||
| CVE-2017-2386 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. | |||||
| CVE-2018-4113 | 4 Apple, Canonical, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing. | |||||
| CVE-2017-17689 | 16 9folders, Apple, Bloop and 13 more | 17 Nine, Mail, Airmail and 14 more | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | |||||
| CVE-2017-11255 | 3 Adobe, Apple, Microsoft | 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF color map data. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-2423 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with an empty signature. | |||||
| CVE-2017-11230 | 3 Adobe, Apple, Microsoft | 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 engine. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-13786 | 1 Apple | 1 Mac Os X | 2019-10-03 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It does not properly restrict the DMA mapping time of FileVault decryption buffers, which allows attackers to read cleartext APFS data via a crafted Thunderbolt adapter. | |||||
| CVE-2018-4300 | 1 Apple | 1 Cups | 2019-09-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10. | |||||
| CVE-2015-1098 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-09-27 | 6.8 MEDIUM | 7.3 HIGH |
| iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. | |||||
| CVE-2014-2019 | 1 Apple | 1 Iphone Os | 2019-09-27 | 4.9 MEDIUM | 4.6 MEDIUM |
| The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value. | |||||
| CVE-2009-1690 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2019-09-26 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers." | |||||
| CVE-2011-3441 | 1 Apple | 1 Iphone Os | 2019-09-26 | 4.3 MEDIUM | N/A |
| libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname. | |||||
| CVE-2010-1797 | 1 Apple | 1 Iphone Os | 2019-09-26 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1029 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2019-09-26 | 5.0 MEDIUM | N/A |
| Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences. | |||||
| CVE-2013-0980 | 1 Apple | 1 Iphone Os | 2019-09-26 | 2.1 LOW | N/A |
| The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature. | |||||
| CVE-2013-0979 | 1 Apple | 1 Iphone Os | 2019-09-26 | 1.9 LOW | N/A |
| lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink. | |||||
| CVE-2013-0978 | 1 Apple | 2 Iphone Os, Tvos | 2019-09-26 | 2.1 LOW | N/A |
| The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code. | |||||
| CVE-2013-0977 | 1 Apple | 2 Iphone Os, Tvos | 2019-09-26 | 4.6 MEDIUM | N/A |
| dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments. | |||||
| CVE-2013-0981 | 1 Apple | 2 Iphone Os, Tvos | 2019-09-26 | 7.2 HIGH | N/A |
| The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code. | |||||
| CVE-2010-0038 | 1 Apple | 1 Iphone Os | 2019-09-26 | 4.6 MEDIUM | N/A |
| Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption. | |||||
| CVE-2009-3273 | 1 Apple | 1 Iphone Os | 2019-09-26 | 7.5 HIGH | N/A |
| iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate. | |||||
| CVE-2019-7959 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud, Mac Os X, Windows | 2019-08-21 | 10.0 HIGH | 9.8 CRITICAL |
| Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-16026 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-08-21 | 9.3 HIGH | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-16025 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-08-21 | 9.3 HIGH | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7794 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-08-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-16024 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-08-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2019-7795 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-08-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-15989 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-08-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-16023 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-08-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-12770 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||