Total
5496 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8285 | 9 Apple, Debian, Fedoraproject and 6 more | 30 Mac Os X, Macos, Debian Linux and 27 more | 2026-04-16 | 5.0 MEDIUM | 7.5 HIGH |
| curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. | |||||
| CVE-2020-8284 | 9 Apple, Debian, Fedoraproject and 6 more | 29 Mac Os X, Macos, Debian Linux and 26 more | 2026-04-16 | 4.3 MEDIUM | 3.7 LOW |
| A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. | |||||
| CVE-2026-34626 | 3 Adobe, Apple, Microsoft | 5 Acrobat, Acrobat Dc, Acrobat Reader Dc and 2 more | 2026-04-16 | N/A | 6.3 MEDIUM |
| Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary file system read in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-34622 | 3 Adobe, Apple, Microsoft | 5 Acrobat, Acrobat Dc, Acrobat Reader Dc and 2 more | 2026-04-16 | N/A | 8.6 HIGH |
| Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2001-0102 | 1 Apple | 1 Macos | 2026-04-16 | 7.2 HIGH | N/A |
| "Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and allows the Normal user to log in as the Owner account without a password. | |||||
| CVE-2000-0041 | 1 Apple | 1 Macos | 2026-04-16 | 5.0 MEDIUM | N/A |
| Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack. | |||||
| CVE-1999-1077 | 1 Apple | 1 Macos | 2026-04-16 | 4.6 MEDIUM | N/A |
| Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock. | |||||
| CVE-1999-0590 | 3 Apple, Linux, Microsoft | 6 Macos, Linux Kernel, Windows 2000 and 3 more | 2026-04-16 | 10.0 HIGH | N/A |
| A system does not present an appropriate legal message or warning to a user who is accessing it. | |||||
| CVE-1999-0524 | 11 Apple, Cisco, Hp and 8 more | 14 Mac Os X, Macos, Ios and 11 more | 2026-04-16 | 2.1 LOW | N/A |
| ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | |||||
| CVE-1999-1543 | 1 Apple | 1 Macos | 2026-04-16 | 4.6 MEDIUM | N/A |
| MacOS uses weak encryption for passwords that are stored in the Users & Groups Data File. | |||||
| CVE-1999-1076 | 1 Apple | 1 Macos | 2026-04-16 | 4.6 MEDIUM | N/A |
| Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session. | |||||
| CVE-2002-0862 | 2 Apple, Microsoft | 10 Macos, Internet Explorer, Office and 7 more | 2026-04-16 | 6.8 MEDIUM | N/A |
| The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS. | |||||
| CVE-1999-1393 | 1 Apple | 1 Macos | 2026-04-16 | 4.6 MEDIUM | N/A |
| Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible. | |||||
| CVE-1999-1412 | 2 Apache, Apple | 2 Http Server, Macos | 2026-04-16 | 5.0 MEDIUM | N/A |
| A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. | |||||
| CVE-2026-27222 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2026-04-15 | N/A | 5.5 MEDIUM |
| Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or render it unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-27310 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2026-04-15 | N/A | 7.8 HIGH |
| Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-27311 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2026-04-15 | N/A | 7.8 HIGH |
| Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-27312 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2026-04-15 | N/A | 7.8 HIGH |
| Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-27313 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2026-04-15 | N/A | 7.8 HIGH |
| Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2026-27289 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2026-04-15 | N/A | 7.8 HIGH |
| Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||