Filtered by vendor Apple
Subscribe
Total
11189 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45978 | 2 Apple, Foxit | 3 Macos, Pdf Editor, Pdf Reader | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via xfa.host.gotoURL in the XFA API. | |||||
| CVE-2021-30803 | 1 Apple | 1 Macos | 2022-07-12 | 4.3 MEDIUM | 3.3 LOW |
| A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to access a user’s recent Contacts. | |||||
| CVE-2021-34424 | 5 Apple, Google, Linux and 2 more | 30 Iphone Os, Macos, Android and 27 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom on-premise Meeting Connector before version 4.8.12.20211115, Zoom on-premise Meeting Connector MMR before version 4.8.12.20211115, Zoom on-premise Recording Connector before version 5.1.0.65.20211116, Zoom on-premise Virtual Room Connector before version 4.4.7266.20211117, Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64 which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product's memory. | |||||
| CVE-2021-30657 | 1 Apple | 2 Mac Os X, Macos | 2022-07-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2021-3162 | 2 Apple, Docker | 2 Macos, Docker | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. | |||||
| CVE-2021-30721 | 1 Apple | 2 Mac Os X, Macos | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information. | |||||
| CVE-2021-30816 | 1 Apple | 2 Ipados, Iphone Os | 2022-07-12 | 2.1 LOW | 2.4 LOW |
| The issue was addressed with improved permissions logic. This issue is fixed in iOS 15 and iPadOS 15. An attacker with physical access to a device may be able to see private contact information. | |||||
| CVE-2021-38510 | 2 Apple, Mozilla | 4 Macos, Firefox, Firefox Esr and 1 more | 2022-07-12 | 6.8 MEDIUM | 8.8 HIGH |
| The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
| CVE-2020-3890 | 1 Apple | 2 Ipad Os, Iphone Os | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion. | |||||
| CVE-2021-30828 | 1 Apple | 2 Mac Os X, Macos | 2022-07-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to read arbitrary files as root. | |||||
| CVE-2021-1861 | 1 Apple | 1 Macos | 2022-07-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue existed in determining cache occupancy. The issue was addressed through improved logic. This issue is fixed in macOS Big Sur 11.3. A malicious website may be able to track users by setting state in a cache. | |||||
| CVE-2021-30798 | 1 Apple | 3 Iphone Os, Macos, Watchos | 2022-07-12 | 7.8 HIGH | 7.5 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6. A malicious application may be able to bypass certain Privacy preferences. | |||||
| CVE-2021-45979 | 2 Apple, Foxit | 3 Macos, Pdf Editor, Pdf Reader | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API. | |||||
| CVE-2021-1822 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system. | |||||
| CVE-2021-30850 | 1 Apple | 3 Mac Os X, Macos, Tvos | 2022-07-12 | 7.1 HIGH | 5.5 MEDIUM |
| An access issue was addressed with improved access restrictions. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6, tvOS 15. A user may gain access to protected parts of the file system. | |||||
| CVE-2021-1807 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2022-07-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4. A local user may be able to write arbitrary files. | |||||
| CVE-2021-1820 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory. | |||||
| CVE-2021-30688 | 1 Apple | 2 Mac Os X, Macos | 2022-07-12 | 4.6 MEDIUM | 8.8 HIGH |
| A malicious application may be able to break out of its sandbox. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A path handling issue was addressed with improved validation. | |||||
| CVE-2021-1873 | 1 Apple | 2 Mac Os X, Macos | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| An API issue in Accessibility TCC permissions was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to unexpectedly leak a user's credentials from secure text fields. | |||||
| CVE-2020-3950 | 2 Apple, Vmware | 4 Macos, Fusion, Horizon Client and 1 more | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed. | |||||