Filtered by vendor Apple
Subscriptions
Total
13020 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15969 | 6 Apple, Debian, Fedoraproject and 3 more | 14 Ipados, Iphone Os, Macos and 11 more | 2024-11-21 | 8.8 High |
| Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2020-15651 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2024-11-21 | 4.3 Medium |
| A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < 28. | ||||
| CVE-2020-15358 | 6 Apple, Canonical, Oracle and 3 more | 17 Icloud, Ipados, Iphone Os and 14 more | 2024-11-21 | 5.5 Medium |
| In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. | ||||
| CVE-2020-15138 | 3 Apple, Microsoft, Prismjs | 3 Safari, Internet Explorer, Previewers | 2024-11-21 | 7.1 High |
| Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround. | ||||
| CVE-2020-14711 | 3 Apple, Opensuse, Oracle | 3 Macos, Leap, Vm Virtualbox | 2024-11-21 | 6.5 Medium |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: The CVE-2020-14711 is applicable to macOS host only. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). | ||||
| CVE-2020-14451 | 2 Apple, Mattermost | 2 Iphone Os, Mattermost Mobile | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMSA-2020-0013. | ||||
| CVE-2020-14155 | 7 Apple, Gitlab, Netapp and 4 more | 22 Macos, Gitlab, Active Iq Unified Manager and 19 more | 2024-11-21 | 5.3 Medium |
| libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | ||||
| CVE-2020-13631 | 9 Apple, Brocade, Canonical and 6 more | 20 Icloud, Ipados, Iphone Os and 17 more | 2024-11-21 | 5.5 Medium |
| SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. | ||||
| CVE-2020-13630 | 10 Apple, Brocade, Canonical and 7 more | 21 Icloud, Ipados, Iphone Os and 18 more | 2024-11-21 | 7.0 High |
| ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. | ||||
| CVE-2020-13524 | 2 Apple, Pixar | 3 Mac Os X, Macos, Openusd | 2024-11-21 | 5.5 Medium |
| An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | ||||
| CVE-2020-13520 | 2 Apple, Pixar | 2 Macos, Openusd | 2024-11-21 | 7.8 High |
| An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability, victim needs to access an attacker-provided malformed file. | ||||
| CVE-2020-13498 | 2 Apple, Pixar | 2 Macos, Openusd | 2024-11-21 | 5.5 Medium |
| An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | ||||
| CVE-2020-13497 | 2 Apple, Pixar | 2 Macos, Openusd | 2024-11-21 | 5.5 Medium |
| An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in String Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | ||||
| CVE-2020-13496 | 2 Apple, Pixar | 2 Macos, Openusd | 2024-11-21 | 6.5 Medium |
| An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in TfToken Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | ||||
| CVE-2020-13494 | 2 Apple, Pixar | 2 Macos, Openusd | 2024-11-21 | 5.5 Medium |
| A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file. | ||||
| CVE-2020-13493 | 2 Apple, Pixar | 2 Macos, Openusd | 2024-11-21 | 7.8 High |
| A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file. | ||||
| CVE-2020-13434 | 8 Apple, Canonical, Debian and 5 more | 16 Icloud, Ipados, Iphone Os and 13 more | 2024-11-21 | 5.5 Medium |
| SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. | ||||
| CVE-2020-13417 | 4 Apple, Aviatrix, Linux and 1 more | 6 Macos, Controller, Gateway and 3 more | 2024-11-21 | 9.8 Critical |
| An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters. | ||||
| CVE-2020-12651 | 4 Apple, Linux, Microsoft and 1 more | 5 Iphone Os, Macos, Linux Kernel and 2 more | 2024-11-21 | 9.8 Critical |
| SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. | ||||
| CVE-2020-12427 | 3 Apple, Microsoft, Westerndigital | 3 Macos, Windows, Wd Discovery | 2024-11-21 | 8.8 High |
| The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space. | ||||