542 matches found
CVE-2023-42938
The CVE-2023-42938 entry concerns Apple iTunes for Windows prior to version 12.13.1, where a logic issue could allow a local user to elevate privileges. The vulnerability is described across multiple Connected documents as a local privilege escalation affecting iTunes on Windows, caused by insuff...
CVE-2020-27918
CVE-2020-27918 is a use-after-free vulnerability in WebKitGTK/WebKit where processing maliciously crafted web content may lead to arbitrary code execution. The issue is documented across multiple advisories and is fixed upstream in WebKitGTK/WebKit version 2.30.6 (and corresponding package update...
CVE-2020-7463
CVE-2020-7463 is a FreeBSD kernel use-after-free vulnerability caused by improper handling of large user messages from multiple threads on the same SCTP socket. Affected: FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEA...
CVE-2019-8506
CVE-2019-8506 is a type-confusion memory issue that affects WebKit components and was fixed in multiple Apple platforms (iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes/Windows, iCloud for Windows 7.11) and WebKitGTK/WebKitGTK+ up to 2.28.x. The vulnerability can allow arbitrary code execut...
CVE-2024-27793
Summary (CVE-2024-27793) : Apple iTunes for Windows is affected by a vulnerability where parsing a file could cause an unexpected app termination or arbitrary code execution. The issue is addressed by Apple in iTunes 12.13.2 for Windows (HT214099; Apple security content). The root cause is relate...
CVE-2020-27932
CVE-2020-27932 is a kernel-type-confusion issue in Apple’s XNU (mach turnstiles) that could allow a malicious app to execute code with kernel privileges. Connected sources confirm the root cause as a type confusion in kernel IPC machinery and note exploitation in-the-wild only in a macOS/iOS/macO...
CVE-2022-48611
CVE-2022-48611 is tied to Apple iTunes on Windows, where a logic issue could allow a local attacker to elevate privileges. The issue is addressed in iTunes 12.12.4 for Windows, per multiple sources (NVD, Red Hat, CVE lists, and Apple security content). The Red Hat and NVD descriptions concur that...
CVE-2023-32353
CVE-2023-32353 affects Apple iTunes for Windows prior to version 12.12.9. The issue is described as a logic fault addressed by improved checks, with the fix implemented in iTunes 12.12.9 for Windows. The resulting impact is the potential for elevation of privileges. Affected software: Apple iTune...
CVE-2020-9802
CVE-2020-9802 is a memory-related/logic issue in WebKit-based components where processing maliciously crafted web content may lead to arbitrary code execution. The initial Apple advisory links the vulnerability to multiple products and states that the issue is fixed in Apple iOS 13.5 and iPadOS 1...
CVE-2020-13434
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c (CVE-2020-13434). Affected versions are up to 3.32.0; remediation is to update to SQLite 3.32.3. This fix is reflected in multiple advisories (e.g., Apple iOS/macOS security content HT211850/HT211935 noting SQLite u...
CVE-2023-32351
Apple iTunes for Windows prior to 12.12.9 is affected by a logic issue that may allow privilege escalation. The issue is addressed by iTunes 12.12.9 for Windows, under HT213763, with the fix described as improved checks. CVE-2023-32351 is the associated vulnerability entry, and related advisories...
CVE-2022-26717
CVE-2022-26717 is a WebKitGTK/WebKit use-after-free issue that can lead to arbitrary code execution when processing malicious web content. The Initial Description states the flaw is addressed with memory-management improvements and lists affected Apple platforms (tvOS 15.5, watchOS 8.6, iOS 15.5,...
CVE-2022-22629
CVE-2022-22629 is a buffer overflow in WebKit-derived components (WebKitGTK/WebKit) that could allow arbitrary code execution when processing malicious web content. Public sources in the Apple Safari 15.4 security content and multiple Linux advisories confirm the issue and provide fixed versions....
CVE-2020-13630
CVE-2020-13630 affects SQLite prior to 3.32.0, with a use-after-free in ext/fts3/fts3.c (fts3EvalNextRow) related to the snippet feature. Multiple connected advisories (Astra Linux, BSA, AlmaLinux) confirm the issue in SQLite and reference the same function/file. The provided sources do not quant...
CVE-2020-13631
CVE-2020-13631 affects SQLite up to version 3.32.0, where a vulnerability allows renaming a virtual table to the name of one of its shadow tables (related to alter.c and build.c). Connected advisories confirm the issue in SQLite prior to 3.32.0 and note the remediation is to upgrade SQLite to 3.3...
CVE-2020-3868
CVE-2020-3868 involves multiple memory corruption issues that are fixed by improved memory handling. The public advisories indicate the vulnerability could allow arbitrary code execution when processing malicious web content. The documented fixes show updates across Apple platforms: iOS 13.3.1 an...
CVE-2021-1825
CVE-2021-1825 is a WebKit/WebKit-related input validation issue that could enable cross-site scripting when processing malicious web content. Apple’s security content for Safari 14.1 and related WebKit components lists this CVE under WebKit’s input validation and notes it is fixed in Safari 14.1 ...
CVE-2020-9805
CVE-2020-9805 is a WebKit/Web content handling issue reported by an anonymous researcher, fixed in Apple platforms. The connected Apple security entries show a logic issue in WebKit that could lead to universal cross-site scripting when processing maliciously crafted web content. Apple patch refe...
CVE-2019-8820
CVE-2019-8820 is a WebKit vulnerability described as multiple memory corruption issues that could allow arbitrary code execution when processing malicious web content. The connected notes confirm the issue is present in WebKit components and was fixed in a range of Apple platforms/releases: iOS 1...
CVE-2020-3899
CVE-2020-3899 affects WebKitGTK/WebKit2GTK (webkitgtk4) up to upstream 2.28.2. A memory consumption issue may allow a remote attacker to execute arbitrary code via crafted web content. Public advisories confirm upgrade requirements: Arch Linux ASA-202004-23 (webkit2gtk before 2.28.2-1), Debian DS...
CVE-2010-1205
CVE-2010-1205 is a buffer overflow in libpng (pngpread.c) that could allow remote code execution via a crafted PNG image. Affected libpng versions are prior to 1.2.44 and prior to 1.4.3. The overflow is tied to the internal copy in pngpread.c and is described across advisories mentioning memory c...
CVE-2019-13118
CVE-2019-13118 affects libxslt 1.1.33, where a too-narrow type holding grouping characters in xsl:number can pass an invalid character/length to xsltNumberFormatDecimal, causing a read of uninitialized stack data (stack overflow vulnerability). Connected Apple advisories (HT210351, HT210346, HT21...
CVE-2020-9806
CVE-2020-9806 is a WebKit memory-corruption defect reported in multiple Apple security advisories. The issue affects WebKit components underlying Safari and system web content handling, with impact described as arbitrary code execution when processing maliciously crafted web content. Remediation ...
CVE-2020-9803
CVE-2020-9803 is a memory corruption flaw disclosed as affecting processing of malicious web content, leading to arbitrary code execution. The Connected documents confirm it is addressed by an upstream WebKit fix and by Apple platform updates. Specifically: Apple pages (iOS 13.5/iPadOS 13.5, tvOS...
CVE-2020-9951
CVE-2020-9951 is a WebKit use-after-free vulnerability in Safari (WebKit GTK also mirrors related WebKit issues). Exploitation requires a victim to visit a specially crafted web site, potentially enabling arbitrary code execution on affected Apple platforms. The issue is addressed in Safari/WebKi...
CVE-2020-9850
CVE-2020-9850 is a WebKit logic issue that allowed arbitrary code execution in affected Apple products (iOS 13.5, iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes/iCloud Windows) and upstream WebKit/WebKitGTK. The issue was fixed in WebKit/WebKitGTK versions released around 2020 (Ap...
CVE-2021-30849
CVE-2021-30849 is a WebKit/WebKitGTK family issue reporting multiple memory corruption defects that could allow arbitrary code execution when processing malicious web content. Publicly documented fixes cover WebKitGTK/WebKit in Apple platforms (iOS 14.8/iPadOS 14.8, watchOS 8, Safari 15, tvOS 15,...
CVE-2019-8846
CVE-2019-8846 is a use-after-free vulnerability in WebKit-related components that can lead to arbitrary code execution when handling malicious web content. The issue was addressed with improved memory management and is fixed in several Apple platforms: tvOS 13.3, iOS/iPadOS 13.3, Safari 13.0.4, a...
CVE-2020-9925
CVE-2020-9925 concerns a logic issue in WebKit that affects Safari/WebKit components across Apple platforms. The vulnerability could allow universal cross-site scripting when processing malicious web content. Apple patched this by updating to iOS 13.6/iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safa...
CVE-2020-3867
CVE-2020-3867 is a WebKitGTK/WebKit vulnerability categorized as a logic issue in state management that could enable universal cross-site scripting when processing malicious web content. According to the documents, the issue affects WebKitGTK/WebKit components (notably webkitgtk4) and was fixed i...
CVE-2019-8690
CVE-2019-8690 is a WebKit/WebKitGTK4 logic issue where document load handling could lead to universal cross-site scripting. The vulnerability is addressed by a state-management fix and is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, and corresponding WebKitGTK/WebKit compone...
CVE-2020-9843
CVE-2020-9843 is a WebKit/WebKitGTK issue described as an input validation weakness that may lead to cross-site scripting when processing malicious web content. The vulnerability is documented across multiple platforms: Apple: WebKit-related entries in iOS 13.5/iPadOS 13.5/watchOS 6.2.5/Safari 13...
CVE-2020-9895
CVE-2020-9895 is a use-after-free in memory management that Apple fixed across multiple platforms. Fixed in iOS 13.6, iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, and iCloud for Windows 11.3/7.20. The issue could allow remote code execution or cause arbitrar...
CVE-2020-9915
CVE-2020-9915 is an access issue in WebKit related to Content Security Policy enforcement. The description notes that processing malicious web content may prevent CSP from being enforced. Public details in connected Apple advisories show the vulnerability affecting WebKit components and being mit...
CVE-2020-9894
CVE-2020-9894 affects WebKit in Windows 10+ (via Microsoft Store) with an out-of-bounds read addressed by improved input validation. Impact: remote termination or arbitrary code execution. Remediation: apply the relevant Apple/Safari security updates (Safari 13.1.2; iOS 13.6/iPadOS 13.6; Safari m...
CVE-2020-9862
The CVE-2020-9862 entry concerns a command injection vulnerability in Web Inspector (WebKit Web Inspector). The root cause is inadequate escaping when copying a URL from Web Inspector, enabling a potential command injection path. Affected components: Web Inspector/WebKit implementations used in A...
CVE-2019-8812
CVE-2019-8812 involves multiple memory corruption issues that Apple fixed by addressing memory handling in WebKit-related components. The advisory states that these issues could allow arbitrary code execution when processing maliciously crafted web content. Affected software includes iOS 13.2 and...
CVE-2019-8815
CVE-2019-8815 is a WebKit memory-corruption issue affecting Apple’s WebKit-derived components. It could enable arbitrary code execution after processing malicious web content. Apple tied fixes to iOS 13.2/iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0 (...
CVE-2019-8816
CVE-2019-8816 refers to multiple memory corruption issues in WebKit-related components that could lead to arbitrary code execution when processing malicious web content. Public details indicate fixes across Apple platforms: iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, and rele...
CVE-2019-8819
CVE-2019-8819 is a WebKit/WebKit-related memory corruption issue that could be triggered by processing malicious web content, potentially enabling arbitrary code execution. The initial entry notes a fix in iOS 13.2/iPadOS 13.2, tvOS 13.2, Safari 13.0.3, and related Apple components. Connected sou...
CVE-2018-20505
CVE-2018-20505 affects SQLite 3.25.2 and is caused by queries on a table with a malformed PRIMARY KEY, allowing remote attackers to cause an application crash (DoS) by running arbitrary SQL statements (e.g., in WebSQL use cases). Public-connected documents confirm the issue and note related mitig...
CVE-2019-8844
CVE-2019-8844 is a memory corruption issue reported across Apple/WebKit components. The connected advisory confirms the vulnerability was addressed in tvOS 13.3, iOS/iPadOS 13.3, watchOS 6.1.1, Safari 13.0.4, and related macOS/iCloud/iTunes releases, indicating improved memory handling fixed the ...
CVE-2020-3865
CVE-2020-3865 is a WebKit-related memory-corruption issue that affects WebKit and WebKitGTK/WebKitGTK4 components. The initial entry notes memory corruption issues addressed by improved memory handling and fixes in iOS 13.3.1/iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, and related Windows/macOS co...
CVE-2019-8783
CVE-2019-8783 is a memory corruption issue in WebKit/WebKitGTK3 contexts that Apple docs attribute to multiple memory corruption vulnerabilities resolved in iOS 13.2 / iPadOS 13.2 / macOS Catalina 10.15.x / tvOS 13.2 and Safari 13.0.3. The connected materials also show WebKitGTK/WebKit entries li...
CVE-2020-11763
OpenEXR has a CVE-2020-11763 vulnerability affecting versions before 2.4.1 due to an std::vector out-of-bounds read and write, demonstrated in ImfTileOffsets.cpp. Amazon Linux 2 and Red Hat advisories confirm the issue and list related OpenEXR problems (11761, 11763, 11764). The fixed version is ...
CVE-2019-8835
CVE-2019-8835 involves multiple memory corruption issues in WebKit components. The public description states exploitation could occur by processing malicious web content, with fixed versions including tvOS 13.3, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windo...
CVE-2019-8811
CVE-2019-8811 is a memory corruption vulnerability in WebKit that affected WebKit components used by Apple and related Windows apps (e.g., iCloud for Windows) and could be triggered by processing malicious web content to achieve arbitrary code execution. The vulnerability is addressed in the Appl...
CVE-2020-9807
CVE-2020-9807 is a memory corruption issue in WebKit components that can occur when processing maliciously crafted web content, potentially enabling arbitrary code execution. The vulnerability affects WebKitGTK and related WebKit builds prior to the fixed version, with upstream fix in WebKit 2.28...
CVE-2019-8782
CVE-2019-8782 is a WebKit-related memory corruption issue addressed by Apple in iOS 13.2, iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, and iCloud for Windows 11.0. The advisory notes multiple memory corruption vulnerabilities fixed across WebKit with improved memory handling...
CVE-2020-11764
OpenEXR before 2.4.1 contains an out-of-bounds write in copyIntoFrameBuffer (ImfMisc.cpp), CVE-2020-11764. Amazon Linux 2 ALAS2-2020-1499 confirms the OpenEXR fix and provides updated packages; Red Hat/CentOS advisories (RHSA-2020:4039) also address CVE-2020-11764 among related OpenEXR issues. Re...