Filtered by vendor Apple
Subscribe
Total
797 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-40531 | 2 Apple, Sketch | 2 Macos, Sketch | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Sketch before 75 allows library feeds to be used to bypass file quarantine. Files are automatically downloaded and opened, without the com.apple.quarantine extended attribute. This results in remote code execution, as demonstrated by CommandString in a terminal profile to Terminal.app. | |||||
CVE-2020-36328 | 5 Apple, Debian, Netapp and 2 more | 6 Ipados, Iphone Os, Debian Linux and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2021-1818 | 1 Apple | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
CVE-2020-36331 | 5 Apple, Debian, Netapp and 2 more | 6 Ipados, Iphone Os, Debian Linux and 3 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. | |||||
CVE-2021-30793 | 1 Apple | 2 Mac Os X, Macos | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2021-1795 | 1 Apple | 2 Ipad Os, Iphone Os | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. | |||||
CVE-2009-0948 | 1 Apple | 1 Files | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02. | |||||
CVE-2020-36329 | 5 Apple, Debian, Netapp and 2 more | 6 Ipados, Iphone Os, Debian Linux and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2020-36330 | 5 Apple, Debian, Netapp and 2 more | 6 Ipados, Iphone Os, Debian Linux and 3 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. | |||||
CVE-2020-9895 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
CVE-2021-21142 | 3 Apple, Fedoraproject, Google | 3 Macos, Fedora, Chrome | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2019-8572 | 1 Apple | 1 Airport Base Station Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution. | |||||
CVE-2019-8749 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2. | |||||
CVE-2020-9906 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2023-12-10 | 9.4 HIGH | 9.1 CRITICAL |
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | |||||
CVE-2019-8578 | 1 Apple | 1 Airport Base Station Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution. | |||||
CVE-2019-8716 | 1 Apple | 1 Mac Os X | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges. | |||||
CVE-2019-8531 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be trusted. | |||||
CVE-2019-8746 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
CVE-2019-8712 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges. | |||||
CVE-2018-4296 | 1 Apple | 1 Mac Os X | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
This issue is fixed in macOS Mojave 10.14. A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. |