Filtered by vendor Apple
Subscribe
Total
10175 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5033 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2022-04-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword. | |||||
| CVE-2010-0128 | 3 Adobe, Apple, Microsoft | 4 Director, Shockwave Player, Macos and 1 more | 2022-04-21 | 9.3 HIGH | N/A |
| Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation. | |||||
| CVE-2017-7668 | 6 Apache, Apple, Debian and 3 more | 13 Http Server, Mac Os X, Debian Linux and 10 more | 2022-04-21 | 5.0 MEDIUM | 7.5 HIGH |
| The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. | |||||
| CVE-2022-24308 | 4 Apple, Automox, Linux and 1 more | 4 Macos, Automox, Linux Kernel and 1 more | 2022-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process. | |||||
| CVE-2022-21155 | 4 Apple, Fernhillsoftware, Linux and 1 more | 4 Macos, Scada Server, Linux Kernel and 1 more | 2022-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A specially crafted packet sent to the Fernhill SCADA Server Version 3.77 and earlier may cause an exception, causing the server process (FHSvrService.exe) to exit. | |||||
| CVE-2018-5546 | 3 Apple, F5, Linux | 4 Macos, Big-ip Access Policy Manager, Big-ip Access Policy Manager Client and 1 more | 2022-04-18 | 7.2 HIGH | 7.8 HIGH |
| The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host. | |||||
| CVE-2018-10470 | 2 Apple, Objective Development | 2 Macos, Little Snitch | 2022-04-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid. | |||||
| CVE-2017-16541 | 5 Apple, Debian, Linux and 2 more | 10 Macos, Debian Linux, Linux Kernel and 7 more | 2022-04-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. | |||||
| CVE-2019-5812 | 3 Apple, Fedoraproject, Google | 3 Iphone Os, Fedora, Chrome | 2022-04-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2019-7845 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Macos, Chrome Os and 7 more | 2022-04-18 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-15637 | 4 Apple, Linux, Microsoft and 1 more | 7 Macos, Linux Kernel, Windows and 4 more | 2022-04-18 | 5.5 MEDIUM | 8.1 HIGH |
| Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop. | |||||
| CVE-2020-27894 | 1 Apple | 1 Macos | 2022-04-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| The issue was addressed with additional user controls. This issue is fixed in macOS Big Sur 11.0.1. Users may be unable to remove metadata indicating where files were downloaded from. | |||||
| CVE-2020-10663 | 7 Apache, Apple, Debian and 4 more | 7 Zookeeper, Macos, Debian Linux and 4 more | 2022-04-18 | 5.0 MEDIUM | 7.5 HIGH |
| The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. | |||||
| CVE-2018-4878 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Macos, Chrome Os and 7 more | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018. | |||||
| CVE-2019-0976 | 3 Apple, Linux, Microsoft | 3 Macos, Linux Kernel, Nuget | 2022-04-18 | 2.1 LOW | 5.5 MEDIUM |
| A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default "obj"), aka 'NuGet Package Manager Tampering Vulnerability'. | |||||
| CVE-2018-0387 | 3 Apple, Cisco, Microsoft | 3 Macos, Webex Teams, Windows | 2022-04-18 | 9.3 HIGH | 8.8 HIGH |
| A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does not properly sanitize input. An attacker could exploit the vulnerability by sending a user a malicious link and persuading the user to follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. Cisco Bug IDs: CSCvh66250. | |||||
| CVE-2019-8075 | 7 Adobe, Apple, Debian and 4 more | 11 Flash Player, Flash Player Desktop Runtime, Macos and 8 more | 2022-04-18 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | |||||
| CVE-2013-5704 | 5 Apache, Apple, Canonical and 2 more | 16 Http Server, Mac Os X, Mac Os X Server and 13 more | 2022-04-14 | 5.0 MEDIUM | N/A |
| The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." | |||||
| CVE-2020-36229 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2022-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. | |||||
| CVE-2020-36228 | 3 Apple, Debian, Openldap | 3 Macos, Debian Linux, Openldap | 2022-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. | |||||