Total
5568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15126 | 2 Apple, Broadcom | 15 Ipados, Iphone Os, Mac Os X and 12 more | 2020-08-11 | 2.9 LOW | 3.1 LOW |
| An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. | |||||
| CVE-2010-1770 | 6 Apple, Canonical, Google and 3 more | 12 Mac Os X, Mac Os X Server, Safari and 9 more | 2020-08-07 | 9.3 HIGH | N/A |
| WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." | |||||
| CVE-2010-0205 | 7 Apple, Canonical, Debian and 4 more | 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more | 2020-08-07 | 4.3 MEDIUM | N/A |
| The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. | |||||
| CVE-2010-4494 | 10 Apache, Apple, Debian and 7 more | 17 Openoffice, Iphone Os, Itunes and 14 more | 2020-07-31 | 7.5 HIGH | N/A |
| Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | |||||
| CVE-2014-8826 | 1 Apple | 1 Mac Os X | 2020-07-17 | 5.0 MEDIUM | N/A |
| LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. | |||||
| CVE-2020-9795 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2020-06-11 | 9.3 HIGH | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-9804 | 1 Apple | 1 Mac Os X | 2020-06-11 | 4.9 MEDIUM | 4.6 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. Inserting a USB device that sends invalid messages may cause a kernel panic. | |||||
| CVE-2020-9788 | 1 Apple | 1 Mac Os X | 2020-06-11 | 9.3 HIGH | 7.8 HIGH |
| A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.5. A file may be incorrectly rendered to execute JavaScript. | |||||
| CVE-2020-9822 | 1 Apple | 1 Mac Os X | 2020-06-11 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-9825 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2020-06-11 | 6.8 MEDIUM | 7.8 HIGH |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A malicious application may be able to bypass Privacy preferences. | |||||
| CVE-2020-9855 | 1 Apple | 1 Mac Os X | 2020-06-11 | 4.6 MEDIUM | 7.8 HIGH |
| A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.5. A local attacker may be able to elevate their privileges. | |||||
| CVE-2020-9824 | 1 Apple | 1 Mac Os X | 2020-06-11 | 5.0 MEDIUM | 7.5 HIGH |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A non-privileged user may be able to modify restricted network settings. | |||||
| CVE-2020-9832 | 1 Apple | 1 Mac Os X | 2020-06-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout. | |||||
| CVE-2020-9831 | 1 Apple | 1 Mac Os X | 2020-06-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout. | |||||
| CVE-2020-9841 | 1 Apple | 1 Mac Os X | 2020-06-09 | 9.3 HIGH | 7.8 HIGH |
| An integer overflow was addressed through improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-9847 | 1 Apple | 1 Mac Os X | 2020-06-09 | 6.8 MEDIUM | 8.6 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox. | |||||
| CVE-2010-4008 | 9 Apache, Apple, Canonical and 6 more | 15 Openoffice, Iphone Os, Itunes and 12 more | 2020-06-04 | 4.3 MEDIUM | N/A |
| libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. | |||||
| CVE-2011-2192 | 5 Apple, Canonical, Debian and 2 more | 5 Mac Os X, Ubuntu Linux, Debian Linux and 2 more | 2020-05-27 | 4.3 MEDIUM | N/A |
| The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. | |||||
| CVE-2009-2474 | 4 Apple, Canonical, Fedoraproject and 1 more | 4 Mac Os X, Ubuntu Linux, Fedora and 1 more | 2020-05-22 | 5.8 MEDIUM | N/A |
| neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2016-1156 | 3 Apple, Linecorp, Microsoft | 3 Mac Os X, Line, Windows | 2020-05-11 | 3.5 LOW | 5.7 MEDIUM |
| LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline. | |||||