Filtered by vendor Apple
Subscribe
Total
12581 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20044 | 5 Apple, Debian, Fedoraproject and 2 more | 10 Ipados, Iphone Os, Mac Os X and 7 more | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). | |||||
| CVE-2019-19906 | 8 Apache, Apple, Canonical and 5 more | 20 Bookkeeper, Ipados, Iphone Os and 17 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. | |||||
| CVE-2019-15166 | 8 Apple, Canonical, Debian and 5 more | 10 Mac Os X, Ubuntu Linux, Debian Linux and 7 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. | |||||
| CVE-2019-15165 | 7 Apple, Canonical, Debian and 4 more | 11 Ipados, Iphone Os, Mac Os X and 8 more | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. | |||||
| CVE-2019-13749 | 5 Apple, Debian, Fedoraproject and 2 more | 8 Iphone Os, Debian Linux, Fedora and 5 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-13742 | 5 Apple, Debian, Fedoraproject and 2 more | 8 Iphone Os, Debian Linux, Fedora and 5 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |||||
| CVE-2019-14379 | 7 Apple, Debian, Fasterxml and 4 more | 25 Xcode, Debian Linux, Jackson-databind and 22 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. | |||||
| CVE-2019-13118 | 7 Apple, Canonical, Fedoraproject and 4 more | 25 Icloud, Iphone Os, Itunes and 22 more | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. | |||||
| CVE-2019-13672 | 2 Apple, Google | 2 Iphone Os, Chrome | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page on iOS. | |||||
| CVE-2019-13667 | 2 Apple, Google | 2 Iphone Os, Chrome | 2023-11-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-13013 | 2 Apple, Obdev | 2 Macos, Little Snitch | 2023-11-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root. | |||||
| CVE-2019-13565 | 7 Apple, Canonical, Debian and 4 more | 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user. | |||||
| CVE-2018-6662 | 2 Apple, Mcafee | 2 Mac Os X, Management Of Native Encryption | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input. | |||||
| CVE-2018-6151 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Chrome and 6 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. | |||||
| CVE-2018-6113 | 4 Apple, Debian, Google and 1 more | 6 Macos, Debian Linux, Chrome and 3 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2018-6128 | 2 Apple, Google | 2 Iphone Os, Chrome | 2023-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2018-6084 | 4 Apple, Debian, Google and 1 more | 6 Macos, Debian Linux, Chrome and 3 more | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file. | |||||
| CVE-2018-6162 | 4 Apple, Debian, Google and 1 more | 6 Macos, Debian Linux, Chrome and 3 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-6097 | 4 Apple, Debian, Google and 1 more | 6 Macos, Debian Linux, Chrome and 3 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page. | |||||
| CVE-2018-6147 | 4 Apple, Debian, Google and 1 more | 6 Mac Os X, Debian Linux, Chrome and 3 more | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process. | |||||