Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Total 10086 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-3100 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2023-01-27 4.3 MEDIUM 6.5 MEDIUM
Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure.
CVE-2017-11305 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2023-01-27 4.3 MEDIUM 6.5 MEDIUM
A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.
CVE-2017-11292 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2023-01-27 6.0 MEDIUM 8.8 HIGH
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.
CVE-2022-32907 1 Apple 3 Iphone Os, Tvos, Watchos 2023-01-27 N/A 7.8 HIGH
This issue was addressed with improved checks. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.
CVE-2022-30674 4 Adobe, Apple, Fedoraproject and 1 more 4 Indesign, Macos, Fedora and 1 more 2023-01-27 N/A 5.5 MEDIUM
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2017-3080 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2023-01-27 4.3 MEDIUM 6.5 MEDIUM
Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.
CVE-2017-3070 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2023-01-27 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3068 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2023-01-27 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2998 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2023-01-27 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3069 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2023-01-27 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3072 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2023-01-27 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3071 6 Adobe, Apple, Google and 3 more 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more 2023-01-27 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2927 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2023-01-27 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2925 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2023-01-27 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution.
CVE-2022-29187 3 Apple, Fedoraproject, Git-scm 3 Xcode, Fedora, Git 2023-01-27 6.9 MEDIUM 7.8 HIGH
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.
CVE-2022-24765 4 Apple, Fedoraproject, Git-scm and 1 more 4 Xcode, Fedora, Git and 1 more 2023-01-27 6.9 MEDIUM 7.8 HIGH
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.
CVE-2016-0981 5 Adobe, Apple, Google and 2 more 13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more 2023-01-26 9.3 HIGH 8.8 HIGH
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, and CVE-2016-0980.
CVE-2016-0965 5 Adobe, Apple, Google and 2 more 13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more 2023-01-26 9.3 HIGH 8.8 HIGH
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.
CVE-2016-0964 5 Adobe, Apple, Google and 2 more 13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more 2023-01-26 9.3 HIGH 8.8 HIGH
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.
CVE-2016-0983 5 Adobe, Apple, Google and 2 more 13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more 2023-01-26 9.3 HIGH 8.8 HIGH
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0984.