Filtered by vendor Apple
Subscribe
Total
10175 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9984 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2023-01-09 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-30914 | 1 Apple | 2 Ipados, Iphone Os | 2023-01-09 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-30902 | 1 Apple | 3 Ipad Os, Ipados, Iphone Os | 2023-01-09 | 4.6 MEDIUM | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A local attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2021-23841 | 7 Apple, Debian, Netapp and 4 more | 23 Ipados, Iphone Os, Macos and 20 more | 2023-01-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). | |||||
| CVE-2020-9976 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2023-01-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0. A malicious application may be able to leak sensitive user information. | |||||
| CVE-2020-9989 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2023-01-09 | 2.1 LOW | 5.5 MEDIUM |
| The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages. | |||||
| CVE-2020-27922 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2023-01-09 | 6.8 MEDIUM | 7.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted font file may lead to arbitrary code execution. | |||||
| CVE-2021-31009 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple issues were addressed by removing HDF5. This issue is fixed in iOS 15.2 and iPadOS 15.2, macOS Monterey 12.1. Multiple issues in HDF5. | |||||
| CVE-2021-30900 | 1 Apple | 4 Ipad Os, Ipados, Iphone Os and 1 more | 2023-01-09 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-9996 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2023-01-09 | 6.8 MEDIUM | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to elevate privileges. | |||||
| CVE-2020-9917 | 1 Apple | 2 Ipados, Iphone Os | 2023-01-09 | 5.0 MEDIUM | 7.5 HIGH |
| This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service. | |||||
| CVE-2020-11764 | 6 Apple, Canonical, Debian and 3 more | 12 Icloud, Ipados, Iphone Os and 9 more | 2023-01-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. | |||||
| CVE-2020-11760 | 6 Apple, Canonical, Debian and 3 more | 12 Icloud, Ipados, Iphone Os and 9 more | 2023-01-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. | |||||
| CVE-2021-30741 | 1 Apple | 2 Ipados, Iphone Os | 2023-01-09 | 5.8 MEDIUM | 7.1 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination. | |||||
| CVE-2021-30749 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2023-01-09 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2022-32845 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2023-01-09 | N/A | 10.0 CRITICAL |
| This issue was addressed with improved checks. This issue is fixed in watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to break out of its sandbox. | |||||
| CVE-2022-32817 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-01-09 | N/A | 5.5 MEDIUM |
| An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory. | |||||
| CVE-2021-30870 | 1 Apple | 2 Ipados, Iphone Os | 2023-01-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. Previewing an html file attached to a note may unexpectedly contact remote servers. | |||||
| CVE-2020-9977 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2023-01-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to determine a user's open tabs in Safari. | |||||
| CVE-2022-32946 | 1 Apple | 2 Ipados, Iphone Os | 2023-01-09 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods. | |||||