Total
5565 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1870 | 3 Apple, Fedoraproject, Webkitgtk | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2024-07-26 | 7.5 HIGH | 9.8 CRITICAL |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2021-1871 | 3 Apple, Debian, Fedoraproject | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2024-07-26 | 7.5 HIGH | 9.8 CRITICAL |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2014-7169 | 17 Apple, Arista, Canonical and 14 more | 85 Mac Os X, Eos, Ubuntu Linux and 82 more | 2024-07-24 | 10.0 HIGH | 9.8 CRITICAL |
| GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. | |||||
| CVE-2014-6271 | 17 Apple, Arista, Canonical and 14 more | 85 Mac Os X, Eos, Ubuntu Linux and 82 more | 2024-07-24 | 10.0 HIGH | 9.8 CRITICAL |
| GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. | |||||
| CVE-2014-4404 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-07-24 | 9.3 HIGH | 7.8 HIGH |
| Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties. | |||||
| CVE-2015-0973 | 3 Apple, Libpng, Oracle | 3 Mac Os X, Libpng, Solaris | 2024-07-19 | 7.5 HIGH | N/A |
| Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. | |||||
| CVE-2012-1823 | 8 Apple, Debian, Fedoraproject and 5 more | 17 Mac Os X, Debian Linux, Fedora and 14 more | 2024-07-16 | 7.5 HIGH | 9.8 CRITICAL |
| sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. | |||||
| CVE-2013-0629 | 4 Adobe, Apple, Microsoft and 1 more | 4 Coldfusion, Mac Os X, Windows and 1 more | 2024-07-16 | 4.3 MEDIUM | 7.5 HIGH |
| Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013. | |||||
| CVE-2013-0625 | 4 Adobe, Apple, Microsoft and 1 more | 4 Coldfusion, Mac Os X, Windows and 1 more | 2024-07-16 | 6.8 MEDIUM | 9.8 CRITICAL |
| Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013. | |||||
| CVE-2013-0631 | 4 Adobe, Apple, Microsoft and 1 more | 4 Coldfusion, Mac Os X, Windows and 1 more | 2024-07-16 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013. | |||||
| CVE-2012-1535 | 7 Adobe, Apple, Linux and 4 more | 9 Flash Player, Mac Os X, Linux Kernel and 6 more | 2024-07-16 | 9.3 HIGH | 7.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document. | |||||
| CVE-2013-0640 | 7 Adobe, Apple, Linux and 4 more | 12 Acrobat, Acrobat Reader, Mac Os X and 9 more | 2024-07-16 | 9.3 HIGH | 7.8 HIGH |
| Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013. | |||||
| CVE-2013-0641 | 7 Adobe, Apple, Linux and 4 more | 12 Acrobat, Acrobat Reader, Mac Os X and 9 more | 2024-07-16 | 9.3 HIGH | 7.8 HIGH |
| Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013. | |||||
| CVE-2015-3043 | 7 Adobe, Apple, Linux and 4 more | 14 Flash Player, Mac Os X, Linux Kernel and 11 more | 2024-07-16 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042. | |||||
| CVE-2015-7645 | 7 Adobe, Apple, Linux and 4 more | 13 Flash Player, Mac Os X, Linux Kernel and 10 more | 2024-07-16 | 9.3 HIGH | 7.8 HIGH |
| Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015. | |||||
| CVE-2015-5119 | 7 Adobe, Apple, Linux and 4 more | 14 Flash Player, Mac Os X, Linux Kernel and 11 more | 2024-07-16 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. | |||||
| CVE-2019-8761 | 1 Apple | 1 Mac Os X | 2024-07-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information. | |||||
| CVE-2018-4404 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-07-03 | 9.3 HIGH | 8.8 HIGH |
| In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling. | |||||
| CVE-2011-0611 | 8 Adobe, Apple, Google and 5 more | 13 Acrobat, Acrobat Reader, Adobe Air and 10 more | 2024-07-03 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011. | |||||
| CVE-2015-3113 | 8 Adobe, Apple, Hp and 5 more | 18 Flash Player, Mac Os X, Insight Orchestration and 15 more | 2024-07-02 | 10.0 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015. | |||||