Macos Security Vulnerabilities - October
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forger...
8.2CVSS
8.9AI Score
0.312EPSS
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earl...
9.8CVSS
9.7AI Score
0.109EPSS
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
7.8CVSS
7.8AI Score
0.001EPSS
7.8CVSS
7.4AI Score
0.001EPSS
5.5CVSS
5.5AI Score
0.001EPSS
3.3CVSS
3.6AI Score
0.001EPSS
7.8CVSS
8.6AI Score
0.001EPSS
9.8CVSS
9.2AI Score
0.011EPSS
5.5CVSS
6.1AI Score
0.001EPSS
Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.002EPSS
7.8CVSS
8.1AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.002EPSS
7.8CVSS
7.6AI Score
0.002EPSS
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
5.5CVSS
5.3AI Score
0.002EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
8AI Score
0.001EPSS
7.8CVSS
8AI Score
0.001EPSS
7.8CVSS
8.1AI Score
0.001EPSS
5.5CVSS
6.2AI Score
0.001EPSS
5.5CVSS
6.8AI Score
0.001EPSS
8.8CVSS
8.6AI Score
0.003EPSS
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
7.8CVSS
7.7AI Score
0.001EPSS
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
7.8CVSS
7.9AI Score
0.004EPSS
5.5CVSS
6.3AI Score
0.001EPSS
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
7.8CVSS
8.1AI Score
0.004EPSS
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution
7.8CVSS
8AI Score
0.01EPSS
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.
7.5CVSS
7.2AI Score
0.004EPSS
Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
7.8CVSS
8.1AI Score
0.004EPSS
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
5.5CVSS
5.6AI Score
0.002EPSS
Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution
7.8CVSS
8AI Score
0.003EPSS
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.
5.5CVSS
5.9AI Score
0.001EPSS
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
7.8CVSS
7.7AI Score
0.006EPSS
5.5CVSS
6.2AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.002EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.002EPSS
7.8CVSS
7.7AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.002EPSS
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::remove_dir_all standard library function is vulnerable a race condition enabling symlink following (CWE-363)....
7.3CVSS
6.5AI Score
0.001EPSS
A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. A malicious application may be able to gain root privileges.
7.8CVSS
7.4AI Score
0.001EPSS