Filtered by vendor Apple Subscriptions
Total 11597 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-20712 3 Adobe, Apple, Microsoft 3 Substance 3d Stager, Macos, Windows 2024-08-01 5.5 Medium
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20710 3 Adobe, Apple, Microsoft 3 Substance 3d Stager, Macos, Windows 2024-08-01 5.5 Medium
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-6222 4 Apple, Docker, Linux and 1 more 4 Macos, Desktop, Linux Kernel and 1 more 2024-08-01 7.0 High
In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend. As exploitation requires "Allow only extensions distributed through the Docker Marketplace" to be disabled, Docker Desktop  v4.31.0 https://docs.docker.com/desktop/release-notes/#4310  additionally changes the default configuration to enable this setting by default.
CVE-2024-1149 4 Apple, Linux, Microsoft and 1 more 4 Macos, Linux Kernel, Windows and 1 more 2024-08-01 7.8 High
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.
CVE-2024-0230 1 Apple 2 Magic Keyboard, Magic Keyboard Firmware 2024-08-01 2.4 Low
A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.
CVE-1999-1543 1 Apple 1 Macos 2024-08-01 N/A
MacOS uses weak encryption for passwords that are stored in the Users & Groups Data File.
CVE-1999-1412 2 Apache, Apple 2 Http Server, Macos 2024-08-01 N/A
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
CVE-1999-1393 1 Apple 1 Macos 2024-08-01 N/A
Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible.
CVE-1999-1077 1 Apple 1 Macos 2024-08-01 N/A
Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock.
CVE-1999-1102 4 Apple, Bsd, Sgi and 1 more 4 A Ux, Bsd, Irix and 1 more 2024-08-01 N/A
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.
CVE-1999-1076 1 Apple 1 Macos 2024-08-01 N/A
Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session.
CVE-1999-1015 1 Apple 1 Appleshare Mail Server 2024-08-01 N/A
Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and earlier allows a remote attacker to cause a denial of service (crash) via a long HELO command.
CVE-1999-0897 1 Apple 1 Ichat Server 2024-08-01 N/A
iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-1999-0590 3 Apple, Linux, Microsoft 6 Macos, Linux Kernel, Windows 2000 and 3 more 2024-08-01 N/A
A system does not present an appropriate legal message or warning to a user who is accessing it.
CVE-1999-0524 11 Apple, Cisco, Hp and 8 more 14 Mac Os X, Macos, Ios and 11 more 2024-08-01 N/A
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
CVE-1999-0138 7 Apple, Digital, Freebsd and 4 more 9 A Ux, Osf 1, Freebsd and 6 more 2024-08-01 N/A
The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.
CVE-1999-0098 3 Apple, Pmail, Seattlelab 3 Appleshare, Mercury Mail Server, Slmail 2024-08-01 N/A
Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities.