Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Total 11571 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-30663 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2021-30662 1 Apple 2 Ipados, Iphone Os 2024-11-21 6.8 MEDIUM 7.3 HIGH
This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution.
CVE-2021-30661 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
CVE-2021-30660 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-11-21 7.8 HIGH 7.5 HIGH
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to disclose kernel memory.
CVE-2021-30659 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A validation issue was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. A malicious application may be able to leak sensitive user information.
CVE-2021-30658 1 Apple 1 Macos 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Big Sur 11.3. A malicious application may bypass Gatekeeper checks.
CVE-2021-30657 1 Apple 2 Mac Os X, Macos 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited..
CVE-2021-30656 1 Apple 2 Ipados, Iphone Os 2024-11-21 7.1 HIGH 5.5 MEDIUM
An access issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to determine kernel memory layout.
CVE-2021-30655 1 Apple 2 Mac Os X, Macos 2024-11-21 10.0 HIGH 9.8 CRITICAL
An application may be able to execute arbitrary code with system privileges. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. The issue was addressed with improved permissions logic.
CVE-2021-30654 1 Apple 1 Garageband 2024-11-21 2.1 LOW 5.5 MEDIUM
This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information.
CVE-2021-30653 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution.
CVE-2021-30652 1 Apple 6 Ipados, Iphone Os, Mac Os X and 3 more 2024-11-21 7.6 HIGH 7.0 HIGH
A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges.
CVE-2021-30583 3 Apple, Fedoraproject, Google 3 Iphone Os, Fedora, Chrome 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-30480 3 Apple, Microsoft, Zoom 3 Macos, Windows, Chat 2024-11-21 9.0 HIGH 8.5 HIGH
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software.
CVE-2021-29913 3 Apple, Ibm, Microsoft 3 Macos, Security Verify Privilege On-premises, Windows 2024-11-21 N/A 6.5 MEDIUM
IBM Security Verify Privilege On-Premise 11.5 could allow an authenticated user to obtain sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 207898.
CVE-2021-29488 4 Apple, Linux, Microsoft and 1 more 4 Macos, Linux Kernel, Windows and 1 more 2024-11-21 5.0 MEDIUM 4.3 MEDIUM
SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the `filesystem.renamer()` function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround, limit downloads to NZBs without PAR2 files, deny write permissions to the SABnzbd process outside areas it must access to perform its job, or update to a fixed version.
CVE-2021-28644 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-11-21 N/A 7.8 HIGH
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-28632 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-28631 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-28613 2 Adobe, Apple 2 Creative Cloud Desktop Application, Macos 2024-11-21 3.3 LOW 7.4 HIGH
Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is affected by a file handling vulnerability that could allow an attacker to arbitrarily overwrite a file. Exploitation of this issue requires local access, administrator privileges and user interaction.