Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Macos
Total 3791 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-55503 2 Apple, Termius 2 Macos, Termius 2025-01-17 N/A 3.3 LOW
An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLD_INSERT_LIBRARIES component.
CVE-2025-21128 3 Adobe, Apple, Microsoft 3 Substance 3d Stager, Macos, Windows 2025-01-17 N/A 7.8 HIGH
Substance3D - Stager versions 3.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-21129 3 Adobe, Apple, Microsoft 3 Substance 3d Stager, Macos, Windows 2025-01-17 N/A 7.8 HIGH
Substance3D - Stager versions 3.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-21130 3 Adobe, Apple, Microsoft 3 Substance 3d Stager, Macos, Windows 2025-01-17 N/A 7.8 HIGH
Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-21131 3 Adobe, Apple, Microsoft 3 Substance 3d Stager, Macos, Windows 2025-01-17 N/A 7.8 HIGH
Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-21132 3 Adobe, Apple, Microsoft 3 Substance 3d Stager, Macos, Windows 2025-01-17 N/A 7.8 HIGH
Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-8539 4 Apple, Ivanti, Linux and 1 more 4 Macos, Secure Access Client, Linux Kernel and 1 more 2025-01-17 N/A 7.1 HIGH
Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.
CVE-2024-9843 2 Apple, Ivanti 2 Macos, Secure Access Client 2025-01-17 N/A 5.0 MEDIUM
A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.
CVE-2024-49531 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2025-01-16 N/A 5.5 MEDIUM
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-27529 2 Apple, Wacom 2 Macos, Tablet Driver Installer 2025-01-16 N/A 7.8 HIGH
Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution before file access vulnerability. When a user is tricked to execute a small malicious script before executing the affected version of the installer, arbitrary code may be executed with the root privilege.
CVE-2024-49535 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2025-01-15 N/A 6.3 MEDIUM
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that allows an attacker to provide malicious XML input containing a reference to an external entity, leading to unauthorized read access to the file system. Exploitation of this issue requires user interaction in that a victim must process a malicious XML document.
CVE-2024-3661 9 Apple, Cisco, Citrix and 6 more 12 Iphone Os, Macos, Anyconnect Vpn Client and 9 more 2025-01-15 N/A 7.6 HIGH
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
CVE-2023-28321 4 Apple, Fedoraproject, Haxx and 1 more 13 Macos, Fedora, Curl and 10 more 2025-01-15 N/A 5.9 MEDIUM
An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.
CVE-2023-28320 3 Apple, Haxx, Netapp 12 Macos, Curl, Clustered Data Ontap and 9 more 2025-01-15 N/A 5.9 MEDIUM
A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.
CVE-2023-28319 3 Apple, Haxx, Netapp 12 Macos, Curl, Clustered Data Ontap and 9 more 2025-01-15 N/A 7.5 HIGH
A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.
CVE-2023-2953 4 Apple, Netapp, Openldap and 1 more 16 Macos, Active Iq Unified Manager, Clustered Data Ontap and 13 more 2025-01-10 N/A 7.5 HIGH
A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.
CVE-2022-44517 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2025-01-10 N/A 5.5 MEDIUM
Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-44516 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2025-01-10 N/A 5.5 MEDIUM
Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-44515 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2025-01-10 N/A 5.5 MEDIUM
Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-3079 7 Apple, Couchbase, Debian and 4 more 7 Macos, Couchbase Server, Debian Linux and 4 more 2025-01-08 N/A 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)