Filtered by vendor Apple
Subscribe
Total
11570 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13520 | 2 Apple, Pixar | 2 Macos, Openusd | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability, victim needs to access an attacker-provided malformed file. | |||||
| CVE-2019-8736 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An input validation issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged network position may be able to leak sensitive user information. | |||||
| CVE-2020-9885 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group. | |||||
| CVE-2020-24721 | 2 Apple, Google | 2 Exposure Notifications, Exposure Notifications | 2024-02-28 | 3.3 LOW | 5.7 MEDIUM |
| An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or disproving an exposure notification, because of the persistent state of a private framework. | |||||
| CVE-2020-13524 | 2 Apple, Pixar | 3 Mac Os X, Macos, Openusd | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | |||||
| CVE-2020-27929 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4.9. A user may send video in Group FaceTime calls without knowing that they have done so. | |||||
| CVE-2019-8668 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. Processing a maliciously crafted image may lead to a denial of service. | |||||
| CVE-2020-9887 | 1 Apple | 1 Mac Os X | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. Viewing a maliciously crafted JPEG file may lead to arbitrary code execution. | |||||
| CVE-2020-9942 | 1 Apple | 2 Mac Os X, Safari | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2021-21038 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-9913 | 1 Apple | 1 Mac Os X | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information. | |||||
| CVE-2021-21028 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-15651 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < 28. | |||||
| CVE-2020-9710 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-24556 | 3 Apple, Microsoft, Trendmicro | 5 Macos, Windows, Apex One and 2 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected. | |||||
| CVE-2020-9721 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9706 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9716 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9700 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9696 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
| Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. | |||||