A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that ...
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. Processing a maliciously crafted font may result in the disclosure of process memory.
5.5CVSS
5.4AI Score
0.0005EPSS
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed...
7.5CVSS
7.6AI Score
0.004EPSS
libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
6.5CVSS
6.8AI Score
0.005EPSS
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
8.8CVSS
8.5AI Score
0.008EPSS
7.8CVSS
7.5AI Score
0.001EPSS
7.1CVSS
7.9AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.001EPSS
7.8CVSS
8.2AI Score
0.002EPSS
5.5CVSS
6.9AI Score
0.001EPSS
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forger...
8.2CVSS
8.9AI Score
0.312EPSS
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earl...
9.8CVSS
9.7AI Score
0.109EPSS