Filtered by vendor Apple
Subscriptions
Filtered by product Macos
Subscriptions
Total
3492 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8514 | 2 Apple, Maxum | 2 Macos, Rumpus | 2024-08-04 | 6.1 Medium |
| An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the rename folder functionality. | ||||
| CVE-2020-8286 | 9 Apple, Debian, Fedoraproject and 6 more | 22 Mac Os X, Macos, Debian Linux and 19 more | 2024-08-04 | 7.5 High |
| curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. | ||||
| CVE-2020-8284 | 10 Apple, Debian, Fedoraproject and 7 more | 31 Mac Os X, Macos, Debian Linux and 28 more | 2024-08-04 | 3.7 Low |
| A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. | ||||
| CVE-2020-8285 | 10 Apple, Debian, Fedoraproject and 7 more | 32 Mac Os X, Macos, Debian Linux and 29 more | 2024-08-04 | 7.5 High |
| curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. | ||||
| CVE-2020-8140 | 2 Apple, Nextcloud | 2 Macos, Desktop | 2024-08-04 | 6.7 Medium |
| A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. | ||||
| CVE-2020-7463 | 2 Apple, Freebsd | 9 Icloud, Ipados, Iphone Os and 6 more | 2024-08-04 | 5.5 Medium |
| In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. | ||||
| CVE-2020-6797 | 2 Apple, Mozilla | 4 Macos, Firefox, Firefox Esr and 1 more | 2024-08-04 | 4.3 Medium |
| By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5. | ||||
| CVE-2020-6496 | 5 Apple, Debian, Google and 2 more | 6 Macos, Debian Linux, Chrome and 3 more | 2024-08-04 | 8.8 High |
| Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | ||||
| CVE-2020-6402 | 7 Apple, Debian, Fedoraproject and 4 more | 11 Macos, Debian Linux, Fedora and 8 more | 2024-08-04 | 8.8 High |
| Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. | ||||
| CVE-2020-5976 | 4 Apple, Google, Microsoft and 1 more | 6 Macos, Android, Android Tv and 3 more | 2024-08-04 | 7.5 High |
| NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and versions prior to 5.31 (Android, Shield TV), contains a vulnerability in the application software where the network test component transmits sensitive information insecurely, which may lead to information disclosure. | ||||
| CVE-2020-5975 | 3 Apple, Microsoft, Nvidia | 3 Macos, Windows, Geforce Now | 2024-08-04 | 7.5 High |
| NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to information disclosure. | ||||
| CVE-2020-5180 | 3 Apple, Microsoft, Sparklabs | 3 Macos, Windows, Viscosity | 2024-08-04 | 7.8 High |
| Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a TLS/SSL client profile, the privileges are dropped, and the library will be loaded, resulting in arbitrary code execution as a user with limited privileges. This greatly reduces the impact of the vulnerability.) | ||||
| CVE-2020-4008 | 2 Apple, Vmware | 2 Macos, Carbon Black Cloud | 2024-08-04 | 3.6 Low |
| The installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited number of files with output from the sensor installation. | ||||
| CVE-2020-3974 | 2 Apple, Vmware | 4 Macos, Fusion, Horizon Client and 1 more | 2024-08-04 | 7.8 High |
| VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed. | ||||
| CVE-2020-3950 | 2 Apple, Vmware | 4 Macos, Fusion, Horizon Client and 1 more | 2024-08-04 | 7.8 High |
| VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed. | ||||
| CVE-2020-3957 | 2 Apple, Vmware | 4 Macos, Fusion, Horizon Client and 1 more | 2024-08-04 | 7.0 High |
| VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed. | ||||
| CVE-2020-3972 | 2 Apple, Vmware | 2 Macos, Tools | 2024-08-04 | 3.3 Low |
| VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs. | ||||
| CVE-2020-3803 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-08-04 | 7.8 High |
| Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2020-3788 | 3 Adobe, Apple, Microsoft | 4 Photoshop 2020, Photoshop Cc, Macos and 1 more | 2024-08-04 | 9.8 Critical |
| Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2020-3800 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-08-04 | 7.5 High |
| Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory address leak vulnerability. Successful exploitation could lead to information disclosure . | ||||