Filtered by vendor Apple
Subscriptions
Total
11391 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28848 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-09-16 | N/A |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-45056 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2024-09-16 | 7.8 High |
| Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-35665 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-09-16 | 7.8 High |
| Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-38432 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-09-16 | 7.8 High |
| Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2013-0973 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-09-16 | N/A |
| Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream. | ||||
| CVE-2022-27797 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-09-16 | N/A |
| Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-23187 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-09-16 | 7.8 High |
| Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator. | ||||
| CVE-2020-24433 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-09-16 | 7.8 High |
| Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment. | ||||
| CVE-2022-23200 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-09-16 | N/A |
| Adobe After Effects versions 22.1.1 (and earlier) and 18.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2005-2507 | 1 Apple | 1 Mac Os X Server | 2024-09-16 | N/A |
| Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication. | ||||
| CVE-2021-40731 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-09-16 | N/A |
| Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by an out-of-bounds write vulnerability when parsing a crafted JPEG2000 file, which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-34246 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-09-16 | 7.8 High |
| Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-28838 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-09-16 | 7.8 High |
| Acrobat Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-21045 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-09-16 | 8.2 High |
| Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the context of the current user. | ||||
| CVE-2005-1473 | 1 Apple | 1 Mac Os X | 2024-09-16 | N/A |
| SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical access to bypass the locked screensaver and launch background applications by opening a URL from a text input field. | ||||
| CVE-2012-4142 | 4 Apple, Linux, Microsoft and 1 more | 4 Mac Os X, Linux Kernel, Windows and 1 more | 2024-09-16 | N/A |
| Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. | ||||
| CVE-2022-38425 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-09-16 | 5.5 Medium |
| Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-28240 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-09-16 | 7.8 High |
| Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2017-11223 | 3 Adobe, Apple, Microsoft | 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more | 2024-09-16 | N/A |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA engine. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2018-10470 | 2 Apple, Objective Development | 2 Macos, Little Snitch | 2024-09-16 | 5.3 Medium |
| Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid. | ||||