Filtered by vendor Apple
Subscriptions
Filtered by product Macos
Subscriptions
Total
3435 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-11253 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-08-05 | 9.8 Critical |
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
CVE-2017-11282 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Macos, Chrome Os and 8 more | 2024-08-05 | N/A |
Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier. | ||||
CVE-2017-11281 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Macos, Chrome Os and 8 more | 2024-08-05 | N/A |
Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier. | ||||
CVE-2017-11250 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-08-05 | 9.8 Critical |
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
CVE-2017-11225 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Macos, Chrome Os and 8 more | 2024-08-05 | N/A |
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. | ||||
CVE-2017-11215 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Macos, Chrome Os and 8 more | 2024-08-05 | N/A |
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. | ||||
CVE-2017-11240 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-08-05 | 9.8 Critical |
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
CVE-2017-11213 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Macos, Chrome Os and 8 more | 2024-08-05 | N/A |
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | ||||
CVE-2017-10888 | 3 Apple, Bookwalker, Microsoft | 3 Macos, Book Walker, Windows | 2024-08-05 | N/A |
BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver.1.2.5 and earlier allow an attacker to access local files via unspecified vectors. | ||||
CVE-2017-9977 | 2 Apple, Avg | 2 Macos, Anti-virus | 2024-08-05 | N/A |
AVG AntiVirus for MacOS with scan engine before 4668 might allow remote attackers to bypass malware detection by leveraging failure to scan inside disk image (aka DMG) files. | ||||
CVE-2017-7440 | 3 Apple, Gfi, Microsoft | 4 Macos, Kerio Connect, Kerio Connect Client and 1 more | 2024-08-05 | 6.5 Medium |
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message. | ||||
CVE-2017-5079 | 5 Apple, Google, Linux and 2 more | 9 Macos, Android, Chrome and 6 more | 2024-08-05 | 4.3 Medium |
Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. | ||||
CVE-2017-5094 | 6 Apple, Debian, Google and 3 more | 10 Macos, Debian Linux, Android and 7 more | 2024-08-05 | 6.5 Medium |
Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page. | ||||
CVE-2017-5044 | 6 Apple, Debian, Google and 3 more | 10 Macos, Debian Linux, Android and 7 more | 2024-08-05 | 6.3 Medium |
Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
CVE-2017-5110 | 6 Apple, Debian, Google and 3 more | 10 Macos, Debian Linux, Android and 7 more | 2024-08-05 | 6.5 Medium |
Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. | ||||
CVE-2017-5065 | 4 Apple, Google, Microsoft and 1 more | 7 Macos, Chrome, Windows and 4 more | 2024-08-05 | 4.7 Medium |
Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page. | ||||
CVE-2017-5118 | 6 Apple, Debian, Google and 3 more | 10 Macos, Debian Linux, Android and 7 more | 2024-08-05 | 4.3 Medium |
Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||
CVE-2017-5076 | 5 Apple, Google, Linux and 2 more | 9 Macos, Android, Chrome and 6 more | 2024-08-05 | 6.5 Medium |
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | ||||
CVE-2017-5111 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Chrome and 6 more | 2024-08-05 | 8.8 High |
A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. | ||||
CVE-2017-5098 | 6 Apple, Debian, Google and 3 more | 10 Macos, Debian Linux, Android and 7 more | 2024-08-05 | 8.8 High |
A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |