Filtered by vendor Apple
Subscriptions
Filtered by product Macos
Subscriptions
Total
4255 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38448 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2025-04-23 | 7.8 High |
| Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-38436 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-04-23 | 7.8 High |
| Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-38435 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-04-23 | 7.8 High |
| Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-44498 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-04-23 | 5.5 Medium |
| Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-44499 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-04-23 | 5.5 Medium |
| Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-44500 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-04-23 | 5.5 Medium |
| Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-44502 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-04-23 | 5.5 Medium |
| Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-46824 | 2 Apple, Jetbrains | 2 Macos, Intellij Idea | 2025-04-23 | 5.6 Medium |
| In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible. | ||||
| CVE-2022-46828 | 2 Apple, Jetbrains | 2 Macos, Intellij Idea | 2025-04-22 | 5.2 Medium |
| In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. | ||||
| CVE-2022-21658 | 4 Apple, Fedoraproject, Redhat and 1 more | 8 Ipados, Iphone Os, Macos and 5 more | 2025-04-22 | 7.3 High |
| Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability with 1.58.1 containing a patch. Note that the following build targets don't have usable APIs to properly mitigate the attack, and are thus still vulnerable even with a patched toolchain: macOS before version 10.10 (Yosemite) and REDOX. We recommend everyone to update to Rust 1.58.1 as soon as possible, especially people developing programs expected to run in privileged contexts (including system daemons and setuid binaries), as those have the highest risk of being affected by this. Note that adding checks in your codebase before calling remove_dir_all will not mitigate the vulnerability, as they would also be vulnerable to race conditions like remove_dir_all itself. The existing mitigation is working as intended outside of race conditions. | ||||
| CVE-2022-29181 | 3 Apple, Nokogiri, Redhat | 4 Macos, Nokogiri, Satellite and 1 more | 2025-04-22 | 8.2 High |
| Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent. | ||||
| CVE-2022-42796 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-22 | 7.8 High |
| This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.7 and iPadOS 15.7, macOS Ventura 13. An app may be able to gain elevated privileges. | ||||
| CVE-2022-42795 | 1 Apple | 4 Iphone Os, Macos, Tvos and 1 more | 2025-04-22 | 8.8 High |
| A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 16, iOS 16, macOS Ventura 13, watchOS 9. Processing a maliciously crafted image may lead to arbitrary code execution. | ||||
| CVE-2022-42793 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-22 | 5.5 Medium |
| An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. An app may be able to bypass code signing checks. | ||||
| CVE-2022-41950 | 3 Apple, Linux, Super Xray Project | 3 Macos, Linux Kernel, Super Xray | 2025-04-22 | 6.4 Medium |
| super-xray is the GUI alternative for vulnerability scanning tool xray. In 0.2-beta, a privilege escalation vulnerability was discovered. This caused inaccurate default xray permissions. Note: this vulnerability only affects Linux and Mac OS systems. Users should upgrade to super-xray 0.3-beta. | ||||
| CVE-2022-42811 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-22 | 5.5 Medium |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to access user-sensitive data. | ||||
| CVE-2022-42810 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-04-22 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing a maliciously crafted USD file may disclose memory contents. | ||||
| CVE-2022-42809 | 1 Apple | 1 Macos | 2025-04-22 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution. | ||||
| CVE-2022-42808 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-22 | 9.8 Critical |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. A remote user may be able to cause kernel code execution. | ||||
| CVE-2022-42806 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-22 | 7 High |
| A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | ||||