Filtered by vendor Apple
Subscriptions
Filtered by product Macos
Subscriptions
Total
3615 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-44308 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2024-11-21 | 8.8 High |
The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. | ||||
CVE-2024-44309 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2024-11-21 | 6.3 Medium |
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. | ||||
CVE-2024-43498 | 4 Apple, Linux, Microsoft and 1 more | 7 Macos, Linux Kernel, .net and 4 more | 2024-11-21 | 9.8 Critical |
.NET and Visual Studio Remote Code Execution Vulnerability | ||||
CVE-2024-43499 | 4 Apple, Linux, Microsoft and 1 more | 7 Macos, Linux Kernel, .net and 4 more | 2024-11-21 | 7.5 High |
.NET and Visual Studio Denial of Service Vulnerability | ||||
CVE-2023-42909 | 1 Apple | 1 Macos | 2024-11-20 | 7.8 High |
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | ||||
CVE-2023-40422 | 1 Apple | 1 Macos | 2024-11-20 | 5.5 Medium |
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to cause a denial-of-service. | ||||
CVE-2023-40442 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-11-20 | 3.3 Low |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information. | ||||
CVE-2024-44307 | 1 Apple | 1 Macos | 2024-11-20 | 7.8 High |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6. An app may be able to execute arbitrary code with kernel privileges. | ||||
CVE-2024-44306 | 1 Apple | 1 Macos | 2024-11-20 | 7.8 High |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6. An app may be able to execute arbitrary code with kernel privileges. | ||||
CVE-2022-29048 | 2 Apple, Jenkins | 2 Macos, Subversion | 2024-11-20 | 4.3 Medium |
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. | ||||
CVE-2024-49536 | 3 Adobe, Apple, Microsoft | 3 Audition, Macos, Windows | 2024-11-19 | 5.5 Medium |
Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2022-35260 | 4 Apple, Haxx, Netapp and 1 more | 12 Macos, Curl, Clustered Data Ontap and 9 more | 2024-11-19 | 6.5 Medium |
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service. | ||||
CVE-2024-44206 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-19 | 5.4 Medium |
An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be able to bypass some web content restrictions. | ||||
CVE-2024-49526 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-11-18 | 7.8 High |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-49527 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-11-18 | 5.5 Medium |
Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-49528 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-11-18 | 7.8 High |
Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-49514 | 3 Adobe, Apple, Microsoft | 5 Photoshop, Photoshop 2023, Photoshop 2024 and 2 more | 2024-11-18 | 7.8 High |
Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-39388 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-11-16 | 7.8 High |
Substance3D - Stager versions 3.0.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-47443 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-16 | 7.8 High |
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-47442 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-16 | 7.8 High |
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |