Filtered by vendor Apple
Subscribe
Total
10175 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5540 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2020-08-24 | 4.0 MEDIUM | 7.7 HIGH |
| VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process. | |||||
| CVE-2019-6230 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2020-08-24 | 6.8 MEDIUM | 8.6 HIGH |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3,macOS Mojave 10.14.3,tvOS 12.1.2,watchOS 5.1.3. A malicious application may be able to break out of its sandbox. | |||||
| CVE-2019-14319 | 3 Apple, Google, Tiktok | 3 Iphone Os, Android, Tiktok | 2020-08-24 | 3.3 LOW | 6.5 MEDIUM |
| The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic. | |||||
| CVE-2019-13672 | 2 Apple, Google | 2 Iphone Os, Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page on iOS. | |||||
| CVE-2019-13667 | 2 Apple, Google | 2 Iphone Os, Chrome | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-12172 | 4 Apple, Linux, Microsoft and 1 more | 4 Mac Os X, Linux Kernel, Windows and 1 more | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137. | |||||
| CVE-2019-8770 | 1 Apple | 1 Mac Os X | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| The issue was addressed with improved permissions logic. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access recent documents. | |||||
| CVE-2019-6211 | 1 Apple | 2 Iphone Os, Mac Os X | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8760 | 1 Apple | 1 Iphone Os | 2020-08-24 | 4.6 MEDIUM | 6.8 MEDIUM |
| This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID. | |||||
| CVE-2019-7086 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2018-5067 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-5028 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2019-8758 | 1 Apple | 1 Mac Os X | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2019-8748 | 1 Apple | 1 Mac Os X | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2018-4111 | 1 Apple | 1 Mac Os X | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature. | |||||
| CVE-2019-8745 | 1 Apple | 4 Icloud, Itunes, Mac Os X and 1 more | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15, tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing a maliciously crafted text file may lead to arbitrary code execution. | |||||
| CVE-2018-4106 | 1 Apple | 1 Mac Os X | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Bracketed Paste Mode of the "Terminal" component. It allows user-assisted attackers to inject arbitrary commands within pasted content. | |||||
| CVE-2019-8699 | 1 Apple | 1 Iphone Os | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A logic issue existed in the handling of answering phone calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4. The initiator of a phone call may be able to cause the recipient to answer a simultaneous Walkie-Talkie connection. | |||||
| CVE-2018-4978 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2019-8677 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||