Lucene search

K

2420 matches found

CVE
CVE
added 2021/08/24 7:15 p.m.112 views

CVE-2021-30855

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. An application may be able to access restri...

5.5CVSS5.3AI score0.00214EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.111 views

CVE-2016-1838

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.1065EPSS
CVE
CVE
added 2018/06/08 6:29 p.m.111 views

CVE-2018-4240

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted messag...

6.5CVSS5.6AI score0.23346EPSS
Web
CVE
CVE
added 2019/04/03 6:29 p.m.111 views

CVE-2018-4280

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.

7.8CVSS5.9AI score0.19414EPSS
Web
CVE
CVE
added 2020/06/09 5:15 p.m.111 views

CVE-2020-9844

A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

7.8CVSS6.7AI score0.00528EPSS
CVE
CVE
added 2006/09/06 12:4 a.m.110 views

CVE-2006-4095

BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.

7.5CVSS7.4AI score0.09412EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.110 views

CVE-2016-1835

Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.

8.8CVSS7.2AI score0.02737EPSS
CVE
CVE
added 2018/06/08 6:29 p.m.110 views

CVE-2018-4206

An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows attackers to execute arbitrary co...

7.8CVSS7.5AI score0.11202EPSS
Web
CVE
CVE
added 2018/06/08 6:29 p.m.110 views

CVE-2018-4237

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "libxpc" component. It allows attackers to gain privileges via a crafted app that leverages a logi...

7.8CVSS5.8AI score0.70337EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.110 views

CVE-2019-8663

This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6. A remote attacker may be able to leak memory.

5.3CVSS5.6AI score0.06309EPSS
CVE
CVE
added 2021/04/02 7:15 p.m.110 views

CVE-2021-1753

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

7.8CVSS7.6AI score0.00362EPSS
CVE
CVE
added 2022/05/26 8:15 p.m.110 views

CVE-2022-26755

This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox.

6.3CVSS6.3AI score0.00283EPSS
CVE
CVE
added 2021/04/02 7:15 p.m.109 views

CVE-2021-1818

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected application termination or a...

9.8CVSS8.2AI score0.01746EPSS
CVE
CVE
added 2022/03/18 6:15 p.m.109 views

CVE-2022-22613

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privilege...

9.3CVSS7.9AI score0.00219EPSS
CVE
CVE
added 2022/05/26 8:15 p.m.109 views

CVE-2022-26775

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution.

9.8CVSS8.9AI score0.01534EPSS
CVE
CVE
added 2013/03/05 9:38 p.m.108 views

CVE-2013-1775

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

6.9CVSS8.1AI score0.02226EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.108 views

CVE-2016-1836

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

5.5CVSS6.5AI score0.00653EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.108 views

CVE-2016-7612

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory c...

9.3CVSS6.8AI score0.01352EPSS
CVE
CVE
added 2018/06/08 6:29 p.m.108 views

CVE-2018-4227

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration.

7.5CVSS6AI score0.00613EPSS
CVE
CVE
added 2018/06/08 6:29 p.m.108 views

CVE-2018-4241

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in mptcp_usr_connectx allows attackers to execute arbitrary ...

9.3CVSS7AI score0.32986EPSS
Web
CVE
CVE
added 2019/12/18 6:15 p.m.108 views

CVE-2019-8591

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to cause unexpected system termination or write kernel memory.

8.8CVSS6.1AI score0.07151EPSS
CVE
CVE
added 2020/02/27 9:15 p.m.108 views

CVE-2020-3870

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution.

7.8CVSS7.6AI score0.00613EPSS
CVE
CVE
added 2020/06/09 5:15 p.m.108 views

CVE-2020-9794

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service...

8.1CVSS7AI score0.00959EPSS
CVE
CVE
added 2021/08/24 7:15 p.m.108 views

CVE-2021-30919

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted PDF may lead t...

7.8CVSS7.5AI score0.00601EPSS
CVE
CVE
added 2022/05/26 8:15 p.m.108 views

CVE-2022-26757

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.9AI score0.04042EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.107 views

CVE-2017-2370

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or c...

9.3CVSS6.8AI score0.72581EPSS
CVE
CVE
added 2021/04/02 7:15 p.m.107 views

CVE-2021-1761

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.

7.5CVSS6.5AI score0.01093EPSS
CVE
CVE
added 2021/09/08 2:15 p.m.107 views

CVE-2021-30724

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local attacker may be able to elevate their privileges.

7.8CVSS7AI score0.0026EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.106 views

CVE-2019-8802

A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15.1. A malicious application may be able to gain root privileges.

9.3CVSS6.8AI score0.00288EPSS
CVE
CVE
added 2022/05/26 8:15 p.m.106 views

CVE-2022-26756

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS8.1AI score0.00292EPSS
CVE
CVE
added 2012/07/03 7:55 p.m.105 views

CVE-2012-1148

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.

5CVSS7.9AI score0.01289EPSS
CVE
CVE
added 2019/03/05 4:29 p.m.105 views

CVE-2019-6213

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.3AI score0.06188EPSS
Web
CVE
CVE
added 2021/04/02 7:15 p.m.105 views

CVE-2021-1793

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

7.8CVSS8AI score0.00548EPSS
CVE
CVE
added 2022/03/18 6:15 p.m.105 views

CVE-2022-22625

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memo...

7.1CVSS6.2AI score0.00368EPSS
CVE
CVE
added 2022/03/18 6:15 p.m.105 views

CVE-2022-22656

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen.

3.3CVSS4.6AI score0.00148EPSS
CVE
CVE
added 2014/11/18 3:59 p.m.104 views

CVE-2014-3620

cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.

5CVSS7.1AI score0.012EPSS
CVE
CVE
added 2015/05/25 10:59 p.m.104 views

CVE-2014-8147

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service...

7.5CVSS9.4AI score0.4041EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.104 views

CVE-2016-7659

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and appl...

8.8CVSS7.8AI score0.00885EPSS
CVE
CVE
added 2018/06/08 6:29 p.m.104 views

CVE-2018-4243

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows attackers to execute arbitrary code...

9.3CVSS7AI score0.28347EPSS
Web
CVE
CVE
added 2021/04/02 6:15 p.m.104 views

CVE-2020-29618

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may le...

7.8CVSS7.7AI score0.00849EPSS
CVE
CVE
added 2020/06/09 5:15 p.m.104 views

CVE-2020-9839

A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.

7CVSS6.6AI score0.42287EPSS
CVE
CVE
added 2021/09/08 3:15 p.m.104 views

CVE-2021-1811

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously ...

6.5CVSS6.3AI score0.00605EPSS
CVE
CVE
added 2021/10/19 2:15 p.m.104 views

CVE-2021-30835

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution.

7.8CVSS7.9AI score0.00402EPSS
CVE
CVE
added 2021/08/24 7:15 p.m.104 views

CVE-2021-30949

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to execute arbitrary code with kernel pr...

9.3CVSS7.8AI score0.00564EPSS
CVE
CVE
added 2022/03/18 6:15 p.m.104 views

CVE-2022-22647

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window.

4.6CVSS4.9AI score0.00102EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.103 views

CVE-2016-7633

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Directory Services" component. It allows local users to gain privileges or cause a denial of service (use-after-free) via unspecified vectors.

7.8CVSS6.2AI score0.00171EPSS
CVE
CVE
added 2020/12/08 10:15 p.m.103 views

CVE-2020-9991

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.

7.5CVSS6.1AI score0.02136EPSS
CVE
CVE
added 2021/04/02 7:15 p.m.103 views

CVE-2021-1805

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.4AI score0.00334EPSS
CVE
CVE
added 2022/03/18 6:15 p.m.103 views

CVE-2022-22661

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.6AI score0.00278EPSS
CVE
CVE
added 2022/05/26 8:15 p.m.103 views

CVE-2022-26748

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.8AI score0.00693EPSS
Total number of security vulnerabilities2420