Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-1411

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-17 Jun, 2010 | 16:00
Updated At-07 Aug, 2024 | 01:21
Rejected At-
Credits

Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:17 Jun, 2010 | 16:00
Updated At:07 Aug, 2024 | 01:21
Rejected At:
â–¼CVE Numbering Authority (CNA)

Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
vendor-advisory
x_refsource_APPLE
http://support.apple.com/kb/HT4220
x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043835.html
vendor-advisory
x_refsource_FEDORA
http://www.remotesensing.org/libtiff/v3.9.3.html
x_refsource_CONFIRM
http://secunia.com/advisories/40181
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/1481
vdb-entry
x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/1731
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/40527
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/40823
vdb-entry
x_refsource_BID
http://marc.info/?l=oss-security&m=127731610612908&w=2
mailing-list
x_refsource_MLIST
http://www.vupen.com/english/advisories/2010/1435
vdb-entry
x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/1638
vdb-entry
x_refsource_VUPEN
http://securitytracker.com/id?1024103
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/40196
third-party-advisory
x_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424
vendor-advisory
x_refsource_SLACKWARE
http://www.ubuntu.com/usn/USN-954-1
vendor-advisory
x_refsource_UBUNTU
http://support.apple.com/kb/HT4188
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/1761
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/40220
third-party-advisory
x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html
vendor-advisory
x_refsource_APPLE
http://security.gentoo.org/glsa/glsa-201209-02.xml
vendor-advisory
x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2010-0520.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/40536
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/1512
vdb-entry
x_refsource_VUPEN
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043769.html
vendor-advisory
x_refsource_FEDORA
http://www.redhat.com/support/errata/RHSA-2010-0519.html
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
vendor-advisory
x_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=592361
x_refsource_CONFIRM
http://secunia.com/advisories/40478
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT4196
x_refsource_CONFIRM
http://secunia.com/advisories/40381
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/50726
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://support.apple.com/kb/HT4220
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043835.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.remotesensing.org/libtiff/v3.9.3.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/40181
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2010/1481
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.vupen.com/english/advisories/2010/1731
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/40527
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/40823
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://marc.info/?l=oss-security&m=127731610612908&w=2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.vupen.com/english/advisories/2010/1435
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.vupen.com/english/advisories/2010/1638
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://securitytracker.com/id?1024103
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/40196
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://www.ubuntu.com/usn/USN-954-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://support.apple.com/kb/HT4188
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2010/1761
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/40220
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://security.gentoo.org/glsa/glsa-201209-02.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0520.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/40536
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2010/1512
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043769.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0519.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=592361
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/40478
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://support.apple.com/kb/HT4196
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/40381
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/50726
Resource:
third-party-advisory
x_refsource_SECUNIA
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://support.apple.com/kb/HT4220
x_refsource_CONFIRM
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043835.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.remotesensing.org/libtiff/v3.9.3.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/40181
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2010/1481
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.vupen.com/english/advisories/2010/1731
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/40527
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/40823
vdb-entry
x_refsource_BID
x_transferred
http://marc.info/?l=oss-security&m=127731610612908&w=2
mailing-list
x_refsource_MLIST
x_transferred
http://www.vupen.com/english/advisories/2010/1435
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.vupen.com/english/advisories/2010/1638
vdb-entry
x_refsource_VUPEN
x_transferred
http://securitytracker.com/id?1024103
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/40196
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://www.ubuntu.com/usn/USN-954-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://support.apple.com/kb/HT4188
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2010/1761
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/40220
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://security.gentoo.org/glsa/glsa-201209-02.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0520.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/40536
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2010/1512
vdb-entry
x_refsource_VUPEN
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043769.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0519.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=592361
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/40478
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://support.apple.com/kb/HT4196
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/40381
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/50726
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://support.apple.com/kb/HT4220
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043835.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.remotesensing.org/libtiff/v3.9.3.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/40181
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/1481
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/1731
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/40527
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/40823
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://marc.info/?l=oss-security&m=127731610612908&w=2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/1435
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/1638
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://securitytracker.com/id?1024103
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/40196
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-954-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://support.apple.com/kb/HT4188
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/1761
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/40220
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-201209-02.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0520.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/40536
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/1512
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043769.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0519.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=592361
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/40478
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://support.apple.com/kb/HT4196
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/40381
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/50726
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:17 Jun, 2010 | 16:30
Updated At:29 Apr, 2026 | 01:13

Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Apple Inc.
apple
>>mac_os_x>>10.5.8
cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.6.0
cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.6.1
cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.6.2
cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.6.3
cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5.8
cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.6.0
cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.6.1
cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.6.2
cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.6.3
cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-189Primarynvd@nist.gov
CWE ID: CWE-189
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlproduct-security@apple.com
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.htmlproduct-security@apple.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043769.htmlproduct-security@apple.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043835.htmlproduct-security@apple.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlproduct-security@apple.com
N/A
http://marc.info/?l=oss-security&m=127731610612908&w=2product-security@apple.com
N/A
http://secunia.com/advisories/40181product-security@apple.com
N/A
http://secunia.com/advisories/40196product-security@apple.com
N/A
http://secunia.com/advisories/40220product-security@apple.com
Vendor Advisory
http://secunia.com/advisories/40381product-security@apple.com
N/A
http://secunia.com/advisories/40478product-security@apple.com
N/A
http://secunia.com/advisories/40527product-security@apple.com
N/A
http://secunia.com/advisories/40536product-security@apple.com
N/A
http://secunia.com/advisories/50726product-security@apple.com
N/A
http://security.gentoo.org/glsa/glsa-201209-02.xmlproduct-security@apple.com
N/A
http://securitytracker.com/id?1024103product-security@apple.com
N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424product-security@apple.com
N/A
http://support.apple.com/kb/HT4188product-security@apple.com
Patch
Vendor Advisory
http://support.apple.com/kb/HT4196product-security@apple.com
N/A
http://support.apple.com/kb/HT4220product-security@apple.com
N/A
http://www.redhat.com/support/errata/RHSA-2010-0519.htmlproduct-security@apple.com
N/A
http://www.redhat.com/support/errata/RHSA-2010-0520.htmlproduct-security@apple.com
N/A
http://www.remotesensing.org/libtiff/v3.9.3.htmlproduct-security@apple.com
N/A
http://www.securityfocus.com/bid/40823product-security@apple.com
N/A
http://www.ubuntu.com/usn/USN-954-1product-security@apple.com
N/A
http://www.vupen.com/english/advisories/2010/1435product-security@apple.com
N/A
http://www.vupen.com/english/advisories/2010/1481product-security@apple.com
Vendor Advisory
http://www.vupen.com/english/advisories/2010/1512product-security@apple.com
N/A
http://www.vupen.com/english/advisories/2010/1638product-security@apple.com
N/A
http://www.vupen.com/english/advisories/2010/1731product-security@apple.com
N/A
http://www.vupen.com/english/advisories/2010/1761product-security@apple.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=592361product-security@apple.com
N/A
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043769.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043835.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=oss-security&m=127731610612908&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/40181af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/40196af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/40220af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/40381af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/40478af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/40527af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/40536af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/50726af854a3a-2127-422b-91ae-364da2661108
N/A
http://security.gentoo.org/glsa/glsa-201209-02.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1024103af854a3a-2127-422b-91ae-364da2661108
N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT4188af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://support.apple.com/kb/HT4196af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT4220af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2010-0519.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2010-0520.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.remotesensing.org/libtiff/v3.9.3.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/40823af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-954-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/1435af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/1481af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2010/1512af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/1638af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/1731af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/1761af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=592361af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043769.html
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043835.html
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://marc.info/?l=oss-security&m=127731610612908&w=2
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/40181
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/40196
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/40220
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/40381
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/40478
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/40527
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/40536
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/50726
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-201209-02.xml
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://securitytracker.com/id?1024103
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4188
Source: product-security@apple.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT4196
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4220
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0519.html
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0520.html
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://www.remotesensing.org/libtiff/v3.9.3.html
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/40823
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-954-1
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/1435
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/1481
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/1512
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/1638
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/1731
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/1761
Source: product-security@apple.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=592361
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043769.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043835.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=oss-security&m=127731610612908&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/40181
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/40196
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/40220
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/40381
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/40478
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/40527
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/40536
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/50726
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-201209-02.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1024103
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.596424
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4188
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT4196
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4220
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0519.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0520.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.remotesensing.org/libtiff/v3.9.3.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/40823
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-954-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/1435
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/1481
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/1512
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/1638
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/1731
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/1761
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=592361
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1882Records found
CVE-2011-3078
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-7.35% / 91.77%
||
7 Day CHG~0.00%
Published-01 May, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-416
Use After Free
CVE-2022-30647
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-22.45% / 95.88%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 20:23
Updated-23 Apr, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator Font Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsmacosillustratorIllustrator
CWE ID-CWE-416
Use After Free
CVE-2021-1754
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.77% / 73.66%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 17:51
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosmac_os_xmacosmacOSiOS and iPadOS
CVE-2011-2792
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-2.01% / 83.84%
||
7 Day CHG~0.00%
Published-03 Aug, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-416
Use After Free
CVE-2022-30648
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-22.45% / 95.88%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 20:23
Updated-23 Apr, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator Font Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsmacosillustratorIllustrator
CWE ID-CWE-416
Use After Free
CVE-2011-2359
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-4.40% / 89.07%
||
7 Day CHG~0.00%
Published-03 Aug, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.Google LLC
Product-itunesdebian_linuxiphone_ossafarichromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-12794
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-27.10% / 96.42%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2011-2788
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-3.15% / 87.01%
||
7 Day CHG~0.00%
Published-03 Aug, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2011-2351
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-2.01% / 83.84%
||
7 Day CHG~0.00%
Published-29 Jun, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-416
Use After Free
CVE-2018-12773
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-9.01% / 92.68%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-416
Use After Free
CVE-2015-5106
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-0.38% / 59.67%
||
7 Day CHG~0.00%
Published-15 Jul, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and perform a transition from Low Integrity to Medium Integrity via unspecified vectors, a different vulnerability than CVE-2015-4446 and CVE-2015-5090.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-3658
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.37% / 58.90%
||
7 Day CHG~0.00%
Published-03 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-safariiphone_osmac_os_xn/a
CVE-2015-3749
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.78% / 73.82%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.
Product-itunesubuntu_linuxiphone_ossafarin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3792
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.24% / 87.21%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimemac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-8129
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-1.46% / 81.01%
||
7 Day CHG~0.00%
Published-12 Mar, 2018 | 02:00
Updated-06 Aug, 2024 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.

Action-Not Available
Vendor-n/aLibTIFFRed Hat, Inc.Debian GNU/LinuxApple Inc.
Product-enterprise_linux_serveriphone_osdebian_linuxenterprise_linux_server_euslibtiffenterprise_linux_server_ausmac_os_xenterprise_linux_server_tusn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-3666
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.24% / 87.21%
||
7 Day CHG~0.00%
Published-03 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3667, and CVE-2015-3668.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimemac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12847
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-6.51% / 91.20%
||
7 Day CHG~0.00%
Published-12 Oct, 2018 | 18:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-12788
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-13.07% / 94.16%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-2797
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-2.01% / 83.84%
||
7 Day CHG~0.00%
Published-03 Aug, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-416
Use After Free
CVE-2015-3688
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.63% / 85.82%
||
7 Day CHG~0.00%
Published-03 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689.

Action-Not Available
Vendor-n/aApple Inc.
Product-itunesiphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3679
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.02% / 83.92%
||
7 Day CHG~0.00%
Published-03 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3680, CVE-2015-3681, and CVE-2015-3682.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-28849
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-22.45% / 95.88%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 19:29
Updated-23 Apr, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge Font Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsbridgemacosBridge
CWE ID-CWE-416
Use After Free
CVE-2021-1775
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.38% / 59.36%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 17:56
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-macosmac_os_xmacOS
CVE-2015-3743
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.78% / 73.82%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.
Product-itunesubuntu_linuxiphone_ossafarin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-2432
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.91% / 75.88%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 01:36
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xwatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3715
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.36% / 58.16%
||
7 Day CHG~0.00%
Published-03 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrictions via a crafted library.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2015-3689
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.90% / 83.38%
||
7 Day CHG~0.00%
Published-03 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3688.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12770
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-9.01% / 92.68%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-416
Use After Free
CVE-2018-12776
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-9.01% / 92.68%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-416
Use After Free
CVE-2011-1344
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.32% / 90.12%
||
7 Day CHG~0.00%
Published-10 Mar, 2011 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011.

Action-Not Available
Vendor-n/aApple Inc.
Product-ipadiphoneiphone_ossafariipod_touchn/a
CVE-2018-12783
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-9.01% / 92.68%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-416
Use After Free
CVE-2022-28846
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-5.42% / 90.22%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 19:31
Updated-23 Apr, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsbridgemacosBridge
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-3713
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.40% / 80.54%
||
7 Day CHG~0.00%
Published-03 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimemac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1440
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.48% / 85.39%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.Google LLC
Product-chromedebian_linuxitunessafarin/a
CWE ID-CWE-416
Use After Free
CVE-2022-28848
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-5.42% / 90.22%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 19:28
Updated-23 Apr, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge PCX Out-of-bounds Write Remote Code Execution Vulnerability

Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsbridgemacosBridge
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-12799
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.07% / 86.85%
||
7 Day CHG~0.00%
Published-29 Aug, 2018 | 13:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-3901
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.95% / 76.52%
||
7 Day CHG~0.00%
Published-01 Apr, 2020 | 17:50
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_osipad_oswatchostvossafariicloudiTunes for WindowswatchOSiCloud for WindowsSafariiOSiCloud for Windows (Legacy)tvOS
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2011-1305
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.32% / 54.60%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to linked lists and a database.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, Inc
Product-chromelinux_kernelmacosn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-28847
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-5.42% / 90.22%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 19:27
Updated-23 Apr, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsbridgemacosBridge
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-26718
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.83%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 18:51
Updated-03 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-0605
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-4.12% / 88.69%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.
Product-acrobatacrobat_readermac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-26981
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.65%
||
7 Day CHG~0.00%
Published-13 Mar, 2022 | 00:00
Updated-03 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).

Action-Not Available
Vendor-liblouisn/aFedora ProjectApple Inc.
Product-iphone_osliblouiswatchosipadostvosfedoramacosn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-26748
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.69% / 71.98%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 19:10
Updated-03 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-macosmac_os_xSecurity Update - CatalinamacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-1449
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.34% / 84.99%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-416
Use After Free
CVE-2014-4449
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.36% / 58.19%
||
7 Day CHG~0.00%
Published-22 Oct, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CVE-2011-1417
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-6.13% / 90.89%
||
7 Day CHG~0.00%
Published-11 Mar, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xmac_os_x_servern/a
CVE-2022-26704
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.80%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 18:43
Updated-03 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmac_os_xmacOS
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-26751
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.63% / 70.34%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 19:12
Updated-03 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_osipadosmac_os_xmacosSecurity Update - CatalinamacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-0194
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.10% / 78.15%
||
7 Day CHG~0.00%
Published-23 Mar, 2011 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.

Action-Not Available
Vendor-n/aApple Inc.
Product-imageiomac_os_xmac_os_x_servern/a
CVE-2011-0181
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-12.36% / 93.95%
||
7 Day CHG~0.00%
Published-23 Mar, 2011 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image.

Action-Not Available
Vendor-n/aApple Inc.
Product-imageiomac_os_xmac_os_x_servern/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 37
  • 38
  • Next
Details not found