Filtered by vendor Apple
Subscriptions
Total
12485 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11681 | 2 Apple, Macports | 2 Macos, Macports | 2025-07-29 | 6.8 Medium |
| A malicious or compromised MacPorts mirror can execute arbitrary commands as root on the machine of a client running port selfupdate against the mirror. | ||||
| CVE-2024-11395 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-07-29 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-31267 | 1 Apple | 1 App Store Connect | 2025-07-29 | 4.6 Medium |
| An authentication issue was addressed with improved state management. This issue is fixed in App Store Connect 3.0. An attacker with physical access to an unlocked device may be able to view sensitive user information. | ||||
| CVE-2019-8900 | 1 Apple | 13 A10 Fusion, A10x Fusion, A11 Bionic and 10 more | 2025-07-29 | 6.8 Medium |
| A vulnerability in the SecureROM of some Apple devices can be exploited by an unauthenticated local attacker to execute arbitrary code upon booting those devices. This vulnerability allows arbitrary code to be executed on the device. Exploiting the vulnerability requires physical access to the device: the device must be plugged in to a computer upon booting, and it must be put into Device Firmware Update (DFU) mode. The exploit is not persistent; rebooting the device overrides any changes to the device's software that were made during an exploited session on the device. Additionally, unless an attacker has access to the device's unlock PIN or fingerprint, an attacker cannot gain access to information protected by Apple's Secure Enclave or Touch ID features. | ||||
| CVE-2018-4301 | 1 Apple | 1 Smart Card Services | 2025-07-29 | 9.8 Critical |
| This issue is fixed in SCSSU-201801. A potential stack based buffer overflow existed in GemaltoKeyHandle.cpp. | ||||
| CVE-2025-8010 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-07-29 | 8.8 High |
| Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-1079 | 3 Apple, Google, Linux | 3 Macos, Web Designer, Linux Kernel | 2025-07-29 | 7.8 High |
| Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature | ||||
| CVE-2020-3950 | 2 Apple, Vmware | 4 Macos, Fusion, Horizon Client and 1 more | 2025-07-28 | 7.8 High |
| VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed. | ||||
| CVE-2020-9859 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2025-07-28 | 7.8 High |
| A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2021-30869 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2025-07-28 | 7.8 High |
| A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild. | ||||
| CVE-2021-30761 | 2 Apple, Redhat | 3 Iphone Os, Enterprise Linux, Rhel Els | 2025-07-28 | 8.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2021-30663 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2025-07-28 | 7.8 High |
| An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2021-30665 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2025-07-28 | 8.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2021-30657 | 1 Apple | 2 Mac Os X, Macos | 2025-07-28 | 5.5 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2021-30713 | 1 Apple | 2 Mac Os X, Macos | 2025-07-28 | 7.8 High |
| A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2021-30666 | 2 Apple, Redhat | 3 Iphone Os, Enterprise Linux, Rhel Els | 2025-07-28 | 8.8 High |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2021-30661 | 2 Apple, Redhat | 8 Ipados, Iphone Os, Macos and 5 more | 2025-07-28 | 8.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2021-1879 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2025-07-28 | 6.1 Medium |
| This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2021-1871 | 4 Apple, Debian, Fedoraproject and 1 more | 8 Ipados, Iphone Os, Mac Os X and 5 more | 2025-07-28 | 9.8 Critical |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2021-1870 | 4 Apple, Fedoraproject, Redhat and 1 more | 8 Ipados, Iphone Os, Mac Os X and 5 more | 2025-07-28 | 9.8 Critical |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||