Export limit exceeded: 366908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6338 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42866 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-21 | 5.5 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to read sensitive location information. | ||||
| CVE-2022-42865 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-21 | 5.5 Medium |
| This issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to bypass Privacy preferences. | ||||
| CVE-2022-42859 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-04-21 | 5.5 Medium |
| Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2. An app may be able to bypass Privacy preferences. | ||||
| CVE-2022-42854 | 1 Apple | 1 Macos | 2025-04-21 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1. An app may be able to disclose kernel memory. | ||||
| CVE-2022-42853 | 1 Apple | 1 Macos | 2025-04-21 | 5.5 Medium |
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.1. An app may be able to modify protected parts of the file system. | ||||
| CVE-2022-42852 | 2 Apple, Redhat | 8 Ipados, Iphone Os, Macos and 5 more | 2025-04-21 | 6.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory. | ||||
| CVE-2022-42847 | 1 Apple | 1 Macos | 2025-04-21 | 7.8 High |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-42845 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-21 | 7.2 High |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app with root privileges may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-46700 | 2 Apple, Redhat | 8 Ipados, Iphone Os, Macos and 5 more | 2025-04-21 | 8.8 High |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-46699 | 2 Apple, Redhat | 8 Ipados, Iphone Os, Macos and 5 more | 2025-04-21 | 8.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-46698 | 2 Apple, Redhat | 9 Icloud, Ipados, Iphone Os and 6 more | 2025-04-21 | 6.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information. | ||||
| CVE-2022-46697 | 1 Apple | 1 Macos | 2025-04-21 | 7.8 High |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-46696 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-04-21 | 8.8 High |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-46690 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-21 | 7.8 High |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-3421 | 2 Apple, Google | 2 Macos, Drive | 2025-04-21 | 5.6 Medium |
| An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0 | ||||
| CVE-2017-8665 | 2 Apple, Microsoft | 2 Macos, Xamarin.ios | 2025-04-20 | N/A |
| The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege Vulnerability." | ||||
| CVE-2017-9977 | 2 Apple, Avg | 2 Macos, Anti-virus | 2025-04-20 | N/A |
| AVG AntiVirus for MacOS with scan engine before 4668 might allow remote attackers to bypass malware detection by leveraging failure to scan inside disk image (aka DMG) files. | ||||
| CVE-2017-7440 | 3 Apple, Gfi, Microsoft | 4 Macos, Kerio Connect, Kerio Connect Client and 1 more | 2025-04-20 | 6.5 Medium |
| Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message. | ||||
| CVE-2017-5121 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Chrome and 6 more | 2025-04-20 | 8.8 High |
| Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. | ||||
| CVE-2017-5120 | 6 Apple, Debian, Google and 3 more | 10 Macos, Debian Linux, Android and 7 more | 2025-04-20 | 6.5 Medium |
| Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring). | ||||