Filtered by vendor Apple
Subscriptions
Total
11597 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-20712 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-08-01 | 5.5 Medium |
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-20710 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-08-01 | 5.5 Medium |
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-6222 | 4 Apple, Docker, Linux and 1 more | 4 Macos, Desktop, Linux Kernel and 1 more | 2024-08-01 | 7.0 High |
In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend. As exploitation requires "Allow only extensions distributed through the Docker Marketplace" to be disabled, Docker Desktop v4.31.0 https://docs.docker.com/desktop/release-notes/#4310 additionally changes the default configuration to enable this setting by default. | ||||
CVE-2024-1149 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-08-01 | 7.8 High |
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2. | ||||
CVE-2024-0230 | 1 Apple | 2 Magic Keyboard, Magic Keyboard Firmware | 2024-08-01 | 2.4 Low |
A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic. | ||||
CVE-1999-1543 | 1 Apple | 1 Macos | 2024-08-01 | N/A |
MacOS uses weak encryption for passwords that are stored in the Users & Groups Data File. | ||||
CVE-1999-1412 | 2 Apache, Apple | 2 Http Server, Macos | 2024-08-01 | N/A |
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. | ||||
CVE-1999-1393 | 1 Apple | 1 Macos | 2024-08-01 | N/A |
Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible. | ||||
CVE-1999-1077 | 1 Apple | 1 Macos | 2024-08-01 | N/A |
Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock. | ||||
CVE-1999-1102 | 4 Apple, Bsd, Sgi and 1 more | 4 A Ux, Bsd, Irix and 1 more | 2024-08-01 | N/A |
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times. | ||||
CVE-1999-1076 | 1 Apple | 1 Macos | 2024-08-01 | N/A |
Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session. | ||||
CVE-1999-1015 | 1 Apple | 1 Appleshare Mail Server | 2024-08-01 | N/A |
Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and earlier allows a remote attacker to cause a denial of service (crash) via a long HELO command. | ||||
CVE-1999-0897 | 1 Apple | 1 Ichat Server | 2024-08-01 | N/A |
iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. | ||||
CVE-1999-0590 | 3 Apple, Linux, Microsoft | 6 Macos, Linux Kernel, Windows 2000 and 3 more | 2024-08-01 | N/A |
A system does not present an appropriate legal message or warning to a user who is accessing it. | ||||
CVE-1999-0524 | 11 Apple, Cisco, Hp and 8 more | 14 Mac Os X, Macos, Ios and 11 more | 2024-08-01 | N/A |
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | ||||
CVE-1999-0138 | 7 Apple, Digital, Freebsd and 4 more | 9 A Ux, Osf 1, Freebsd and 6 more | 2024-08-01 | N/A |
The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. | ||||
CVE-1999-0098 | 3 Apple, Pmail, Seattlelab | 3 Appleshare, Mercury Mail Server, Slmail | 2024-08-01 | N/A |
Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities. |