Lucene search
K
AppleMacos

2755 matches found

CVE
CVE
added 2022/03/14 10:15 a.m.8144 views

CVE-2022-22720

CVE-2022-22720 – Apache httpd HTTP Request Smuggling (details from connected docs) Affected software: Apache HTTP Server (httpd) versions 2.4.52 and earlier. Root cause / description: Inbound connections are not closed when errors occur while discarding the request body, which can expose the serv...

9.8CVSS9.4AI score0.28189EPSS
CVE
CVE
added 2024/07/01 12:37 p.m.7625 views

CVE-2024-6387

CVE-2024-6387 is a remote code-execution vulnerability in OpenSSH’s server (sshd) caused by a race condition in a signal handler that may run after a client fails to authenticate within LoginGraceTime. The issue is exploitable by an unauthenticated, remote attacker on glibc-based Linux systems, p...

8.1CVSS8.5AI score0.99506EPSS
In wild
CVE
CVE
added 2021/12/20 12:0 a.m.7192 views

CVE-2021-44790

CVE-2021-44790 affects Apache HTTP Server up to version 2.4.51. It describes a buffer overflow in the mod_lua multipart parser (triggered via r:parsebody() from Lua scripts). Connected documents corroborate this in various advisories and patch notes, indicating releases with fixes (e.g., patched ...

9.8CVSS9.9AI score0.97108EPSS
Web
CVE
CVE
added 2024/02/21 6:41 a.m.6995 views

CVE-2023-42853

CVE-2023-42853 involves a logic issue in macOS components that could allow an app to access user-sensitive data. The issue is addressed by improved checks and is fixed in macOS updates: Sonoma 14.1, Monterey 12.7.1, and Ventura 13.6.1. The available connected documents confirm the root cause as a...

5.5CVSS6.6AI score0.00212EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6961 views

CVE-2023-42836

CVE-2023-42836 is a logic-issue vulnerability in Apple OSes (iOS/iPadOS/macOS) where an attacker could access connected network volumes mounted in the user’s home directory. The issue is addressed with improved checks and is fixed in iOS 17.1/iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, ...

5.3CVSS5.2AI score0.00534EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6905 views

CVE-2023-42952

CVE-2023-42952 affects Apple platforms (iOS, iPadOS, macOS) where an app with root privileges may access private information. The issue is addressed with improved checks and is fixed in iOS/iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, and macOS Monterey 12.7.1. Connected sources also ref...

4.4CVSS6.7AI score0.00183EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6879 views

CVE-2023-42835

The CVE-2023-42835 entry corresponds to a logic issue in macOS Sonoma that could let an attacker access user data. The connected documentation (Apple security content) confirms the flaw is addressed by the macOS Sonoma 14.1 security update, which removes the vulnerable code or strengthens checks....

7.5CVSS7.2AI score0.0037EPSS
CVE
CVE
added 2024/02/21 6:40 a.m.6720 views

CVE-2023-42889

CVE-2023-42889 : macOS privacy-bypass issue where an app may bypass certain Privacy preferences due to insufficient checks. Affected platforms/versions (per provided documents): macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Root cause described as “improved checks.” Remediation:...

5.5CVSS6.7AI score0.00343EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6620 views

CVE-2023-42839

CVE-2023-42839 pertains to an Apple-wide issue fixed by improved state management. Affected products/environments include tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1, and iPadOS 17.1. The vulnerability potentially allowed an app to access sensitive user data. Remediation is OS updates to...

6.2CVSS7AI score0.00197EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6610 views

CVE-2023-42878

CVE-2023-42878 is a privacy issue affecting Apple platforms (watchOS, macOS, iOS, iPadOS). The root problem is insufficient private data redaction in log entries, enabling an app to access sensitive user data. It is fixed in watchOS 10.1, macOS Sonoma 14.1, and iOS 17.1 / iPadOS 17.1. No exploita...

5.5CVSS7AI score0.00187EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6256 views

CVE-2023-42843

CVE-2023-42843 is described as an inconsistent UI issue leading to address bar spoofing. Connected advisories confirm affected WebKitGTK/WebKitGTK4 components across Debian (webkit2gtk), AlmaLinux (webk­­itgtk4), Fedora (webkit2gtk4.0), and Amazon Linux 2 (webkitgtk4) with fixes in package update...

7.5CVSS5.2AI score0.0086EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6227 views

CVE-2023-42953

CVE-2023-42953 is an Apple ecosystem vulnerability describing a permissions issue that could allow an app to access sensitive user data. The connected sources specify remediation in updated versions across multiple Apple platforms: tvOS 17.1, watchOS 10.1, iOS 17.1, iPadOS 17.1, and macOS Sonoma ...

5.5CVSS7.2AI score0.00168EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6220 views

CVE-2023-42946

CVE-2023-42946: Apple platform information-disclosure issue where an app may leak sensitive user data. Affected products include tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1, and iPadOS 17.1. Root cause described as improved redaction of sensitive information; public details consistently ...

7.5CVSS7.1AI score0.00439EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6190 views

CVE-2023-42834

CVE-2023-42834 affects Apple platforms (iOS 17.1, iPadOS 17.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, macOS Sonoma 14.1, watchOS 10.1). The issue is a privacy flaw caused by improved handling of files, which may allow an app to access sensitive user data. Fixed in the indicated OS versions:...

6.2CVSS7AI score0.00213EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6164 views

CVE-2023-42823

CVE-2023-42823 affects Apple platforms (iOS/iPadOS/watchOS/macOS/tvOS). The issue arises from logging sanitization that allows an app to access user-sensitive data via log entries. Affected versions include iOS 16.7.2 and 17.1, iPadOS 16.7.2 and 17.1, watchOS 10.1, tvOS 17.1, macOS Sonoma 14.1, m...

5.5CVSS7.1AI score0.00425EPSS
CVE
CVE
added 2024/04/04 7:19 p.m.4935 views

CVE-2023-38709

CVE-2023-38709 describes HTTP response splitting in the core of Apache HTTP Server caused by faulty input validation. It affects Apache HTTP Server up to version 2.4.58; multiple advisories (e.g., Astra Linux, AlmaLinux, Alpine Linux) note that upgrading to 2.4.64 fixes the issue. Some sources in...

7.3CVSS7.1AI score0.03914EPSS
CVE
CVE
added 2023/12/18 12:0 a.m.4873 views

CVE-2023-48795

CVE-2023-48795 is referenced across several connected advisories, detailing affected packages and required upgrades. Astra Linux/CBL-Mariner entries note: podman (<5.6.1-2) needs upgrade, erlang (<25.2-1), libssh2 (<1.11.1-1), libssh (<0.10.6-1), terraform (<1.3.2-25), kubevirt (&l...

5.9CVSS6.7AI score0.9378EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.4543 views

CVE-2023-42873

CVE-2023-42873 affects Apple platforms and is resolved via updated bounds checks that prevent arbitrary code execution with kernel privileges. The fixed versions include macOS Sonoma 14.1; tvOS 17.1; macOS Monterey 12.7.1; macOS Ventura 13.6.1; iOS 16.7.2 and 17.1; and iPadOS 16.7.2 and 17.1. The...

7.8CVSS7.5AI score0.00225EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.4533 views

CVE-2023-42860

CVE-2023-42860 is a local-permissions issue in macOS: a flaw may allow an app to modify protected parts of the file system. The advisory confirms fixes in macOS Sonoma 14.1, macOS Monterey 12.7.1, and macOS Ventura 13.6.1. The Red Hat entry reiterates the same remediation window. The commonly cit...

7.7CVSS6.7AI score0.00488EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.4505 views

CVE-2023-42942

CVE-2023-42942 concerns Apple platforms where a vulnerability arose from improper handling of symlinks. The issue could let a malicious app gain root privileges. Public advisories show fixes across multiple Apple OS versions: watchOS 10.1; macOS Sonoma 14.1; tvOS 17.1; iOS 16.7.2 and iPadOS 16.7....

7.8CVSS7AI score0.00387EPSS
CVE
CVE
added 2024/02/21 6:42 a.m.4484 views

CVE-2023-42848

CVE-2023-42848 affects Apple media/image processing components across multiple platforms. The issue causes heap corruption when processing a maliciously crafted image, addressed by updated bounds checks and fixes in: watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and 17.1, and iPadOS 16.7...

7.8CVSS6.9AI score0.00209EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.4367 views

CVE-2023-42945

CVE-2023-42945 describes a permissions issue in macOS Sonoma that may allow an app to gain unauthorized access to Bluetooth. Connected sources consistently attribute this to a permissions-related vulnerability and confirm that it is fixed in macOS Sonoma 14.1. The Apple advisory HT213984/HT201222...

9.1CVSS7.5AI score0.00299EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.4095 views

CVE-2023-42838

CVE-2023-42838 is an Apple macOS sandbox-related access issue fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, and macOS Monterey 12.7.2. The description indicates an app may be able to execute arbitrary code outside its sandbox or with certain elevated privileges, driven by a sandbox-related vu...

8.6CVSS8.2AI score0.00195EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.3864 views

CVE-2023-42877

CVE-2023-42877 affects macOS components and was fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, and macOS Ventura 13.6.1. The issue allowed an app to modify protected parts of the file system due to insufficient checks; remediation is to upgrade to the listed OS versions where Adobe-style chec...

7.7CVSS6.6AI score0.00197EPSS
CVE
CVE
added 2024/04/04 7:20 p.m.3864 views

CVE-2024-24795

CVE-2024-24795 (httpd) describes HTTP response splitting in multiple Apache HTTP Server modules when malicious response headers can be injected into backend applications, enabling HTTP desynchronization. The vulnerability is mitigated by upgrading to Apache HTTP Server 2.4.59, as indicated across...

6.3CVSS7AI score0.02874EPSS
CVE
CVE
added 2024/05/13 11:0 p.m.3610 views

CVE-2024-27818

Apple fixed CVE-2024-27818 by addressing a memory-handling issue that could allow a local attacker to cause an app to terminate unexpectedly or execute arbitrary code. The vulnerability affects iOS 17.5, iPadOS 17.5, and macOS Sonoma 14.5; exploitation requires local access and user interaction. ...

7.8CVSS7.5AI score0.00727EPSS
CVE
CVE
added 2022/03/25 12:0 a.m.3243 views

CVE-2018-25032

CVE-2018-25032 affects zlib prior to 1.2.12 and causes memory corruption during deflate when the input contains many distant matches. The linked Astra Linux advisory reiterates the zlib memory corruption in zlib before 1.2.12, and multiple Mariner/CBL advisories show affected packages (e.g., teck...

7.5CVSS8.1AI score0.51733EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.3094 views

CVE-2023-42840

CVE-2023-42840 affects macOS components and is addressed by Apple in macOS Sonoma 14.1, macOS Monterey 12.7.1, and macOS Ventura 13.6.1. The public description states that an app may be able to access user-sensitive data and that the issue was fixed via improved checks. The connected Red Hat entr...

5.5CVSS6.6AI score0.00245EPSS
CVE
CVE
added 2024/05/13 11:0 p.m.2887 views

CVE-2024-27789

CVE-2024-27789 is a logic issue in Apple systems where improved checks address a vulnerability that could allow an app to access user-sensitive data. The fix is deployed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Ventura 13.6.7, and macOS Sonoma 14.4. The connected documents co...

5.5CVSS7.1AI score0.00622EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.2867 views

CVE-2023-42858

CVE-2023-42858 affects Apple macOS: an app may access user-sensitive data due to a prior access-control issue. It is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, and macOS Ventura 13.6.1. The issue is described as addressed with improved checks; no exploit details are provided in the connec...

5.5CVSS6.6AI score0.00187EPSS
CVE
CVE
added 2021/12/20 11:20 a.m.2696 views

CVE-2021-44224

CVE-2021-44224 concerns Apache HTTP Server (httpd) with the mod_proxy forward proxy configuration. A crafted URI to a forward proxy (ProxyRequests on) can trigger a NULL pointer dereference, causing a crash. In configurations that mix forward and reverse proxy declarations, it can enable requests...

8.2CVSS8.7AI score0.82295EPSS
CVE
CVE
added 2022/03/14 10:15 a.m.2520 views

CVE-2022-22721

CVE-2022-22721 concerns the Apache HTTP Server. On 32-bit systems, if LimitXMLRequestBody is set to allow request bodies larger than 350 MB (default 1 MB), an integer overflow can occur, leading to out-of-bounds writes. Affected product: Apache HTTP Server 2.4.52 and earlier. Impact per sources: ...

9.1CVSS9.4AI score0.41861EPSS
CVE
CVE
added 2024/05/13 11:0 p.m.2459 views

CVE-2024-27816

The CVE-2024-27816 entry affects tvOS 17.5 (Apple TV) via the AppleMobileFileIntegrity component. A logic issue was addressed with improved checks, with the impact that an attacker may be able to access user data. Apple’s security content indicates this fix is part of tvOS 17.5, and related Apple...

5.5CVSS7.1AI score0.00985EPSS
CVE
CVE
added 2020/12/08 9:11 p.m.2154 views

CVE-2020-27918

CVE-2020-27918 is a use-after-free vulnerability in WebKitGTK/WebKit where processing maliciously crafted web content may lead to arbitrary code execution. The issue is documented across multiple advisories and is fixed upstream in WebKitGTK/WebKit version 2.30.6 (and corresponding package update...

7.8CVSS8.6AI score0.01361EPSS
CVE
CVE
added 2022/03/14 10:15 a.m.2139 views

CVE-2022-22719

Summary (CVE-2022-22719) Affects Apache HTTP Server (httpd) 2.4.52 and earlier. The issue arises in the httpd mod_lua component where an uninitialized value in r:parsebody can cause a read to a random memory area, potentially leading to a crash and availability impact. Connected advisories confir...

7.5CVSS8.7AI score0.69803EPSS
CVE
CVE
added 2021/02/16 4:55 p.m.2008 views

CVE-2021-23841

CVE-2021-23841 is described in connected advisories as a NULL pointer dereference in OpenSSL’s X509_issuer_and_serial_hash() when parsing the issuer field. This can crash a process if certificates from untrusted sources are processed and the issuer parsing fails, enabling a potential denial of se...

5.9CVSS7AI score0.07471EPSS
CVE
CVE
added 2023/06/23 12:0 a.m.1857 views

CVE-2023-32373

CVE-2023-32373 is a use-after-free in WebKitGTK/WebKit related to processing malicious web content. Connected advisories confirm this vulnerability affects WebKitGTK/WebKit components and note exploitation activity. The issue is fixed in WebKitGTK/WebKit updates (e.g., webkitgtk4 packages) across...

8.8CVSS8.6AI score0.1227EPSS
In wild
CVE
CVE
added 2023/06/23 12:0 a.m.1823 views

CVE-2023-28204

CVE-2023-28204 is an out-of-bounds read in WebKit caused by improper input handling while processing web content. It affects WebKit-based components and was fixed in multiple vendor advisories: Apple updates (watchOS/macOS/iOS/iPadOS/Safari) and WebKitGTK/WPE WebKit packages (e.g., webkitgtk4 2.3...

6.5CVSS6.6AI score0.14406EPSS
In wild
CVE
CVE
added 2023/06/23 12:0 a.m.1687 views

CVE-2023-32409

CVE-2023-32409 is a WebKit sandbox-escape vulnerability in WebKit’s handling of web content. The issue allowed a remote attacker to break out of the Web Content sandbox and was addressed by improved bounds checks. Fixes are included in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iP...

8.6CVSS7.7AI score0.1653EPSS
In wild
CVE
CVE
added 2022/07/28 12:0 a.m.1658 views

CVE-2022-2294

CVE-2022-2294 is a heap-buffer-overflow in WebRTC code within Google Chrome (Chromium-based) prior to 103.0.5060.114. Reported as enabling remote heap corruption via a crafted HTML page, potentially leading to code execution. Affected component: WebRTC in Chrome/Chromium. Remediation: upgrade to ...

8.8CVSS8.3AI score0.70461EPSS
In wild
CVE
CVE
added 2021/09/08 2:48 p.m.1500 views

CVE-2021-30661

CVE-2021-30661 is a use-after-free vulnerability in WebKit Storage that could lead to arbitrary code execution when processing malicious web content. Affected: WebKit/WebKitGTK/WebKit Storage components on Apple platforms (Safari/WebKit on macOS/iOS/iPadOS, and WebKitGTK implementations) as descr...

8.8CVSS9.1AI score0.04528EPSS
In wild
CVE
CVE
added 2021/04/02 6:1 p.m.1416 views

CVE-2021-1789

The CVE-2021-1789 entry refers to a type-confusion vulnerability in WebKitGTK and WebKit prior to 2.30.6 that could allow remote attackers to execute arbitrary code by processing malicious web content. Connected advisories (Arch Linux ASA-202103-24/ASA-202103-25 and ALAS/ALPINE entries) confirm t...

8.8CVSS8.6AI score0.14542EPSS
In wild
CVE
CVE
added 2022/05/26 5:44 p.m.1342 views

CVE-2022-22675

CVE-2022-22675 is an Apple kernel-related out-of-bounds write vulnerability (AppleAVD) that could allow code execution with kernel privileges. Affected macOS Big Sur 11.x, Monterey, tvOS, watchOS, iOS, and iPadOS components were fixed in specific updates: tvOS 15.5, watchOS 8.6, macOS Big Sur 11....

9.3CVSS8.2AI score0.12642EPSS
In wild
CVE
CVE
added 2021/03/26 8:48 p.m.1340 views

CVE-2020-7463

CVE-2020-7463 is a FreeBSD kernel use-after-free vulnerability caused by improper handling of large user messages from multiple threads on the same SCTP socket. Affected: FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEA...

5.5CVSS5.8AI score0.00399EPSS
CVE
CVE
added 2021/04/02 6:6 p.m.1320 views

CVE-2021-1871

CVE-2021-1871 is a WebKit/WebKitGTK logic issue that could allow remote code execution. Public sources confirm the flaw affects multiple WebKit components and was fixed in macOS Big Sur 11.2, macOS Security Update 2021-001 for Catalina and Mojave, and iOS/iPadOS 14.4. Debian’s security advisory (...

9.8CVSS8.6AI score0.0712EPSS
In wild
CVE
CVE
added 2021/04/02 6:6 p.m.1318 views

CVE-2021-1870

CVE-2021-1870 affects WebKitGTK/WebKitGTK-based packages (e.g., Arch Linux webkitgtk4) prior to version 2.30.6. A remote attacker could craft web content to cause arbitrary code execution. Upstream fix is in 2.30.6; Arch advisories (ASA-202103-24/25) and CVE listings confirm the vulnerability and...

9.8CVSS8.6AI score0.07921EPSS
In wild
CVE
CVE
added 2021/08/24 6:49 p.m.1301 views

CVE-2021-30860

CVE-2021-30860 affects Apple CoreGraphics in macOS/iOS/watchOS/tvOS stack. A vulnerability in integer overflow during processing of maliciously crafted PDFs could lead to arbitrary code execution. Fixed in Security Update 2021-005 for Catalina, iOS 14.8 / iPadOS 14.8, macOS Big Sur 11.6, and watc...

7.8CVSS6.5AI score0.75994EPSS
In wild
CVE
CVE
added 2021/08/24 6:49 p.m.1292 views

CVE-2021-30858

CVE-2021-30858 is a use-after-free in WebKit/WebKitGTK that could lead to arbitrary code execution when processing malicious web content. Apple patched this in iOS 14.8, iPadOS 14.8, and macOS Big Sur 11.6; Chromium/WebKit GTK ecosystems referenced the same vulnerability (WebKit/Gtk port). Some a...

8.8CVSS8.9AI score0.13486EPSS
In wild
CVE
CVE
added 2020/11/03 2:21 a.m.1290 views

CVE-2020-15969

CVE-2020-15969 is a use-after-free in WebRTC that was exploitable via a crafted HTML page, potentially causing heap corruption and arbitrary code execution. Connected Apple advisories (Safari 14.0.2, watchOS 7.2, tvOS 14.3) indicate this was addressed by Apple in respective security updates; appl...

8.8CVSS8.8AI score0.01705EPSS
CVE
CVE
added 2022/05/26 5:43 p.m.1278 views

CVE-2022-22674

CVE-2022-22674 involves an out-of-bounds read in the Intel Graphics Driver on macOS, allowing a local attacker to read kernel memory. Apple fixed it with patches in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, and macOS Big Sur 11.6.6 by improving input validation/bounds checks. Ther...

5.5CVSS5.9AI score0.01132EPSS
In wild
Total number of security vulnerabilities2755