Total
2350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28847 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-06-24 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28848 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-06-24 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28849 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-06-24 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28850 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-06-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-42735 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2022-06-24 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Photoshop version 22.5.1 (and earlier versions ) is affected by an Access of Memory Location After End of Buffer vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-43755 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2022-06-24 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-43756 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2022-06-24 | 9.3 HIGH | 7.8 HIGH |
| Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-39820 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-06-24 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-42732 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-06-23 | 6.8 MEDIUM | 7.8 HIGH |
| Access of Memory Location After End of Buffer (CWE-788) | |||||
| CVE-2021-40727 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-06-23 | 9.3 HIGH | 7.8 HIGH |
| Access of Memory Location After End of Buffer (CWE-788 | |||||
| CVE-2022-26775 | 1 Apple | 2 Mac Os X, Macos | 2022-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2022-26776 | 1 Apple | 1 Macos | 2022-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2022-26708 | 1 Apple | 1 Macos | 2022-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2022-33140 | 3 Apache, Apple, Linux | 4 Nifi, Nifi Registry, Macos and 1 more | 2022-06-23 | 6.0 MEDIUM | 8.8 HIGH |
| The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments. | |||||
| CVE-2020-4008 | 2 Apple, Vmware | 2 Macos, Carbon Black Cloud | 2022-06-13 | 3.3 LOW | 3.6 LOW |
| The installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited number of files with output from the sensor installation. | |||||
| CVE-2021-44719 | 2 Apple, Docker | 3 Mac Os X, Macos, Docker Desktop | 2022-06-09 | 6.6 MEDIUM | 8.4 HIGH |
| Docker Desktop 4.3.0 has Incorrect Access Control. | |||||
| CVE-2022-26770 | 1 Apple | 2 Mac Os X, Macos | 2022-06-08 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-26769 | 1 Apple | 2 Mac Os X, Macos | 2022-06-08 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-26701 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2022-06-08 | 7.6 HIGH | 7.5 HIGH |
| A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-26698 | 1 Apple | 2 Mac Os X, Macos | 2022-06-08 | 5.8 MEDIUM | 7.1 HIGH |
| An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. | |||||