Search
Total
5437 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8657 | 5 Adobe, Apple, Google and 2 more | 9 Air, Air Sdk, Air Sdk \\\& Compiler and 6 more | 2016-11-28 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8658, and CVE-2015-8820. | |||||
| CVE-2015-8658 | 5 Adobe, Apple, Google and 2 more | 9 Air, Air Sdk, Air Sdk \\\& Compiler and 6 more | 2016-11-28 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, and CVE-2015-8820. | |||||
| CVE-2015-8654 | 5 Adobe, Apple, Google and 2 more | 9 Air, Air Sdk, Air Sdk \\\& Compiler and 6 more | 2016-11-28 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8656, CVE-2015-8657, CVE-2015-8658, and CVE-2015-8820. | |||||
| CVE-2015-8652 | 5 Adobe, Apple, Google and 2 more | 9 Air, Air Sdk, Air Sdk \\\& Compiler and 6 more | 2016-11-28 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, CVE-2015-8658, and CVE-2015-8820. | |||||
| CVE-2015-3720 | 1 Apple | 1 Mac Os X | 2016-11-28 | 4.3 MEDIUM | N/A |
| The kernel in Apple OS X before 10.10.4 does not properly manage memory in kernel-extension APIs, which allows attackers to obtain sensitive memory-layout information via a crafted app. | |||||
| CVE-2015-1157 | 1 Apple | 3 Iphone Os, Itunes, Mac Os X | 2016-11-28 | 7.8 HIGH | N/A |
| CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message. | |||||
| CVE-2013-1775 | 2 Apple, Todd Miller | 2 Mac Os X, Sudo | 2016-11-28 | 6.9 MEDIUM | N/A |
| sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. | |||||
| CVE-2015-0973 | 3 Apple, Libpng, Oracle | 3 Mac Os X, Libpng, Solaris | 2016-10-20 | 7.5 HIGH | N/A |
| Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. | |||||
| CVE-2014-9495 | 2 Apple, Libpng | 2 Mac Os X, Libpng | 2016-10-18 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. | |||||
| CVE-2002-1383 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2016-10-18 | 10.0 HIGH | N/A |
| Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and (2) the image handling code in CUPS filters, as demonstrated by mksun. | |||||
| CVE-2001-1411 | 1 Apple | 1 Mac Os X | 2016-10-18 | 7.2 HIGH | N/A |
| Format string vulnerability in gm4 (aka m4) on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs. | |||||
| CVE-2001-1412 | 1 Apple | 1 Mac Os X | 2016-10-18 | 2.1 LOW | N/A |
| nidump on MacOS X before 10.3 allows local users to read the encrypted passwords from the password file by specifying passwd as a command line argument. | |||||
| CVE-2014-1595 | 2 Apple, Mozilla | 4 Mac Os X, Firefox, Firefox Esr and 1 more | 2016-10-04 | 2.1 LOW | N/A |
| Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information. | |||||
| CVE-2013-5987 | 2 Apple, Nvidia | 2 Mac Os X, Gpu Driver | 2016-08-23 | 7.2 HIGH | N/A |
| Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors. | |||||
| CVE-2009-0158 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2016-08-23 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server. | |||||
| CVE-2016-1860 | 1 Apple | 1 Mac Os X | 2016-06-22 | 4.3 MEDIUM | 3.3 LOW |
| Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862. | |||||
| CVE-2016-1862 | 1 Apple | 1 Mac Os X | 2016-06-22 | 4.3 MEDIUM | 3.3 LOW |
| Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860. | |||||
| CVE-2015-8823 | 5 Adobe, Apple, Google and 2 more | 13 Air, Air Sdk, Air Sdk \& Compiler and 10 more | 2016-05-26 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted text property, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, CVE-2015-8821, and CVE-2015-8822. | |||||
| CVE-2016-1208 | 2 Apple, Filemaker | 2 Mac Os X, Filemaker | 2016-05-19 | 5.0 MEDIUM | 7.5 HIGH |
| The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors. | |||||
| CVE-2005-2741 | 2 Apple, Perry Kiehtreiber | 3 Mac Os X, Mac Os X Server, Securityd | 2016-05-09 | 7.2 HIGH | N/A |
| Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators. | |||||
| CVE-2014-8611 | 2 Apple, Freebsd | 3 Iphone Os, Mac Os X, Freebsd | 2016-04-06 | 6.9 MEDIUM | N/A |
| The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application. | |||||
| CVE-2009-5044 | 2 Apple, Gnu | 2 Mac Os X, Groff | 2016-03-30 | 3.3 LOW | N/A |
| contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. | |||||
| CVE-2009-5078 | 2 Apple, Gnu | 2 Mac Os X, Groff | 2016-03-30 | 6.4 MEDIUM | 6.5 MEDIUM |
| contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document. | |||||
| CVE-2016-0955 | 4 Adobe, Apple, Linux and 1 more | 4 Experience Manager, Mac Os X, Linux Kernel and 1 more | 2016-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog. | |||||
| CVE-2016-0957 | 4 Adobe, Apple, Linux and 1 more | 5 Dispatcher, Experience Manager, Mac Os X and 2 more | 2016-02-25 | 7.8 HIGH | 7.5 HIGH |
| Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. | |||||
| CVE-2016-0958 | 4 Adobe, Apple, Linux and 1 more | 4 Experience Manager, Mac Os X, Linux Kernel and 1 more | 2016-02-18 | 7.8 HIGH | 7.5 HIGH |
| Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object. | |||||
| CVE-2015-7024 | 1 Apple | 1 Mac Os X | 2016-01-12 | 6.9 MEDIUM | 6.7 MEDIUM |
| Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature. | |||||
| CVE-2015-6980 | 1 Apple | 1 Mac Os X | 2016-01-12 | 7.2 HIGH | 7.8 HIGH |
| Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2014-1381 | 1 Apple | 1 Mac Os X | 2015-12-22 | 10.0 HIGH | N/A |
| Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted call. | |||||
| CVE-2014-1380 | 1 Apple | 1 Mac Os X | 2015-12-22 | 2.6 LOW | N/A |
| The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke observers, which allows physically proximate attackers to bypass the screen-lock protection mechanism, and enter characters into an arbitrary window under the lock window, via keyboard input. | |||||
| CVE-2014-1375 | 1 Apple | 1 Mac Os X | 2015-12-22 | 2.1 LOW | N/A |
| Intel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. | |||||
| CVE-2014-1371 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2015-12-22 | 7.5 HIGH | N/A |
| Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message. | |||||
| CVE-2014-1378 | 1 Apple | 1 Mac Os X | 2015-12-22 | 2.1 LOW | N/A |
| IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. | |||||
| CVE-2014-1317 | 1 Apple | 1 Mac Os X | 2015-12-22 | 2.1 LOW | N/A |
| iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2015-5859 | 1 Apple | 2 Iphone Os, Mac Os X | 2015-11-30 | 4.3 MEDIUM | N/A |
| The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2014-4499 | 1 Apple | 1 Mac Os X | 2015-11-30 | 2.1 LOW | N/A |
| The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file. | |||||
| CVE-2014-4497 | 1 Apple | 1 Mac Os X | 2015-11-30 | 10.0 HIGH | N/A |
| Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (write to kernel memory) via a crafted app. | |||||
| CVE-2014-1379 | 1 Apple | 1 Mac Os X | 2015-11-20 | 10.0 HIGH | N/A |
| Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application. | |||||
| CVE-2014-1377 | 1 Apple | 1 Mac Os X | 2015-11-20 | 10.0 HIGH | N/A |
| Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application. | |||||
| CVE-2014-1376 | 1 Apple | 1 Mac Os X | 2015-11-20 | 10.0 HIGH | N/A |
| Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application. | |||||
| CVE-2014-1372 | 1 Apple | 1 Mac Os X | 2015-11-20 | 4.9 MEDIUM | N/A |
| Graphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from kernel memory and bypass the ASLR protection mechanism via a crafted call. | |||||
| CVE-2014-1373 | 1 Apple | 1 Mac Os X | 2015-11-20 | 10.0 HIGH | N/A |
| Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application. | |||||
| CVE-2015-0310 | 4 Adobe, Apple, Linux and 1 more | 4 Flash Player, Mac Os X, Linux Kernel and 1 more | 2015-11-13 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015. | |||||
| CVE-2013-4669 | 5 Apple, Fortinet, Google and 2 more | 7 Mac Os X, Forticlient, Forticlient Lite and 4 more | 2015-11-04 | 5.4 MEDIUM | N/A |
| FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem. | |||||
| CVE-2015-7003 | 1 Apple | 1 Mac Os X | 2015-10-27 | 6.8 MEDIUM | N/A |
| coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app. | |||||
| CVE-2015-6987 | 1 Apple | 1 Mac Os X | 2015-10-27 | 2.1 LOW | N/A |
| The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of service (application crash) via crafted bookmark metadata in a folder. | |||||
| CVE-2015-6985 | 1 Apple | 1 Mac Os X | 2015-10-27 | 6.8 MEDIUM | N/A |
| Apple Type Services (ATS) in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web page. | |||||
| CVE-2015-7021 | 1 Apple | 1 Mac Os X | 2015-10-27 | 7.2 HIGH | N/A |
| The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or cause a denial of service (kernel memory corruption) via unspecified vectors. | |||||
| CVE-2015-5945 | 1 Apple | 1 Mac Os X | 2015-10-27 | 7.2 HIGH | N/A |
| The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters. | |||||
| CVE-2015-7020 | 1 Apple | 1 Mac Os X | 2015-10-27 | 5.6 MEDIUM | N/A |
| The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7019. | |||||