2755 matches found
CVE-2022-22720
CVE-2022-22720 – Apache httpd HTTP Request Smuggling (details from connected docs) Affected software: Apache HTTP Server (httpd) versions 2.4.52 and earlier. Root cause / description: Inbound connections are not closed when errors occur while discarding the request body, which can expose the serv...
CVE-2024-6387
CVE-2024-6387 is a remote code-execution vulnerability in OpenSSH’s server (sshd) caused by a race condition in a signal handler that may run after a client fails to authenticate within LoginGraceTime. The issue is exploitable by an unauthenticated, remote attacker on glibc-based Linux systems, p...
CVE-2021-44790
CVE-2021-44790 affects Apache HTTP Server up to version 2.4.51. It describes a buffer overflow in the mod_lua multipart parser (triggered via r:parsebody() from Lua scripts). Connected documents corroborate this in various advisories and patch notes, indicating releases with fixes (e.g., patched ...
CVE-2023-42853
CVE-2023-42853 involves a logic issue in macOS components that could allow an app to access user-sensitive data. The issue is addressed by improved checks and is fixed in macOS updates: Sonoma 14.1, Monterey 12.7.1, and Ventura 13.6.1. The available connected documents confirm the root cause as a...
CVE-2023-42836
CVE-2023-42836 is a logic-issue vulnerability in Apple OSes (iOS/iPadOS/macOS) where an attacker could access connected network volumes mounted in the user’s home directory. The issue is addressed with improved checks and is fixed in iOS 17.1/iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, ...
CVE-2023-42952
CVE-2023-42952 affects Apple platforms (iOS, iPadOS, macOS) where an app with root privileges may access private information. The issue is addressed with improved checks and is fixed in iOS/iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, and macOS Monterey 12.7.1. Connected sources also ref...
CVE-2023-42835
The CVE-2023-42835 entry corresponds to a logic issue in macOS Sonoma that could let an attacker access user data. The connected documentation (Apple security content) confirms the flaw is addressed by the macOS Sonoma 14.1 security update, which removes the vulnerable code or strengthens checks....
CVE-2023-42889
CVE-2023-42889 : macOS privacy-bypass issue where an app may bypass certain Privacy preferences due to insufficient checks. Affected platforms/versions (per provided documents): macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Root cause described as “improved checks.” Remediation:...
CVE-2023-42839
CVE-2023-42839 pertains to an Apple-wide issue fixed by improved state management. Affected products/environments include tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1, and iPadOS 17.1. The vulnerability potentially allowed an app to access sensitive user data. Remediation is OS updates to...
CVE-2023-42878
CVE-2023-42878 is a privacy issue affecting Apple platforms (watchOS, macOS, iOS, iPadOS). The root problem is insufficient private data redaction in log entries, enabling an app to access sensitive user data. It is fixed in watchOS 10.1, macOS Sonoma 14.1, and iOS 17.1 / iPadOS 17.1. No exploita...
CVE-2023-42843
CVE-2023-42843 is described as an inconsistent UI issue leading to address bar spoofing. Connected advisories confirm affected WebKitGTK/WebKitGTK4 components across Debian (webkit2gtk), AlmaLinux (webkitgtk4), Fedora (webkit2gtk4.0), and Amazon Linux 2 (webkitgtk4) with fixes in package update...
CVE-2023-42953
CVE-2023-42953 is an Apple ecosystem vulnerability describing a permissions issue that could allow an app to access sensitive user data. The connected sources specify remediation in updated versions across multiple Apple platforms: tvOS 17.1, watchOS 10.1, iOS 17.1, iPadOS 17.1, and macOS Sonoma ...
CVE-2023-42946
CVE-2023-42946: Apple platform information-disclosure issue where an app may leak sensitive user data. Affected products include tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1, and iPadOS 17.1. Root cause described as improved redaction of sensitive information; public details consistently ...
CVE-2023-42834
CVE-2023-42834 affects Apple platforms (iOS 17.1, iPadOS 17.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, macOS Sonoma 14.1, watchOS 10.1). The issue is a privacy flaw caused by improved handling of files, which may allow an app to access sensitive user data. Fixed in the indicated OS versions:...
CVE-2023-42823
CVE-2023-42823 affects Apple platforms (iOS/iPadOS/watchOS/macOS/tvOS). The issue arises from logging sanitization that allows an app to access user-sensitive data via log entries. Affected versions include iOS 16.7.2 and 17.1, iPadOS 16.7.2 and 17.1, watchOS 10.1, tvOS 17.1, macOS Sonoma 14.1, m...
CVE-2023-38709
CVE-2023-38709 describes HTTP response splitting in the core of Apache HTTP Server caused by faulty input validation. It affects Apache HTTP Server up to version 2.4.58; multiple advisories (e.g., Astra Linux, AlmaLinux, Alpine Linux) note that upgrading to 2.4.64 fixes the issue. Some sources in...
CVE-2023-48795
CVE-2023-48795 is referenced across several connected advisories, detailing affected packages and required upgrades. Astra Linux/CBL-Mariner entries note: podman (<5.6.1-2) needs upgrade, erlang (<25.2-1), libssh2 (<1.11.1-1), libssh (<0.10.6-1), terraform (<1.3.2-25), kubevirt (&l...
CVE-2023-42873
CVE-2023-42873 affects Apple platforms and is resolved via updated bounds checks that prevent arbitrary code execution with kernel privileges. The fixed versions include macOS Sonoma 14.1; tvOS 17.1; macOS Monterey 12.7.1; macOS Ventura 13.6.1; iOS 16.7.2 and 17.1; and iPadOS 16.7.2 and 17.1. The...
CVE-2023-42860
CVE-2023-42860 is a local-permissions issue in macOS: a flaw may allow an app to modify protected parts of the file system. The advisory confirms fixes in macOS Sonoma 14.1, macOS Monterey 12.7.1, and macOS Ventura 13.6.1. The Red Hat entry reiterates the same remediation window. The commonly cit...
CVE-2023-42942
CVE-2023-42942 concerns Apple platforms where a vulnerability arose from improper handling of symlinks. The issue could let a malicious app gain root privileges. Public advisories show fixes across multiple Apple OS versions: watchOS 10.1; macOS Sonoma 14.1; tvOS 17.1; iOS 16.7.2 and iPadOS 16.7....
CVE-2023-42848
CVE-2023-42848 affects Apple media/image processing components across multiple platforms. The issue causes heap corruption when processing a maliciously crafted image, addressed by updated bounds checks and fixes in: watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and 17.1, and iPadOS 16.7...
CVE-2023-42945
CVE-2023-42945 describes a permissions issue in macOS Sonoma that may allow an app to gain unauthorized access to Bluetooth. Connected sources consistently attribute this to a permissions-related vulnerability and confirm that it is fixed in macOS Sonoma 14.1. The Apple advisory HT213984/HT201222...
CVE-2023-42838
CVE-2023-42838 is an Apple macOS sandbox-related access issue fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, and macOS Monterey 12.7.2. The description indicates an app may be able to execute arbitrary code outside its sandbox or with certain elevated privileges, driven by a sandbox-related vu...
CVE-2023-42877
CVE-2023-42877 affects macOS components and was fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, and macOS Ventura 13.6.1. The issue allowed an app to modify protected parts of the file system due to insufficient checks; remediation is to upgrade to the listed OS versions where Adobe-style chec...
CVE-2024-24795
CVE-2024-24795 (httpd) describes HTTP response splitting in multiple Apache HTTP Server modules when malicious response headers can be injected into backend applications, enabling HTTP desynchronization. The vulnerability is mitigated by upgrading to Apache HTTP Server 2.4.59, as indicated across...
CVE-2024-27818
Apple fixed CVE-2024-27818 by addressing a memory-handling issue that could allow a local attacker to cause an app to terminate unexpectedly or execute arbitrary code. The vulnerability affects iOS 17.5, iPadOS 17.5, and macOS Sonoma 14.5; exploitation requires local access and user interaction. ...
CVE-2018-25032
CVE-2018-25032 affects zlib prior to 1.2.12 and causes memory corruption during deflate when the input contains many distant matches. The linked Astra Linux advisory reiterates the zlib memory corruption in zlib before 1.2.12, and multiple Mariner/CBL advisories show affected packages (e.g., teck...
CVE-2023-42840
CVE-2023-42840 affects macOS components and is addressed by Apple in macOS Sonoma 14.1, macOS Monterey 12.7.1, and macOS Ventura 13.6.1. The public description states that an app may be able to access user-sensitive data and that the issue was fixed via improved checks. The connected Red Hat entr...
CVE-2024-27789
CVE-2024-27789 is a logic issue in Apple systems where improved checks address a vulnerability that could allow an app to access user-sensitive data. The fix is deployed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Ventura 13.6.7, and macOS Sonoma 14.4. The connected documents co...
CVE-2023-42858
CVE-2023-42858 affects Apple macOS: an app may access user-sensitive data due to a prior access-control issue. It is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, and macOS Ventura 13.6.1. The issue is described as addressed with improved checks; no exploit details are provided in the connec...
CVE-2021-44224
CVE-2021-44224 concerns Apache HTTP Server (httpd) with the mod_proxy forward proxy configuration. A crafted URI to a forward proxy (ProxyRequests on) can trigger a NULL pointer dereference, causing a crash. In configurations that mix forward and reverse proxy declarations, it can enable requests...
CVE-2022-22721
CVE-2022-22721 concerns the Apache HTTP Server. On 32-bit systems, if LimitXMLRequestBody is set to allow request bodies larger than 350 MB (default 1 MB), an integer overflow can occur, leading to out-of-bounds writes. Affected product: Apache HTTP Server 2.4.52 and earlier. Impact per sources: ...
CVE-2024-27816
The CVE-2024-27816 entry affects tvOS 17.5 (Apple TV) via the AppleMobileFileIntegrity component. A logic issue was addressed with improved checks, with the impact that an attacker may be able to access user data. Apple’s security content indicates this fix is part of tvOS 17.5, and related Apple...
CVE-2020-27918
CVE-2020-27918 is a use-after-free vulnerability in WebKitGTK/WebKit where processing maliciously crafted web content may lead to arbitrary code execution. The issue is documented across multiple advisories and is fixed upstream in WebKitGTK/WebKit version 2.30.6 (and corresponding package update...
CVE-2022-22719
Summary (CVE-2022-22719) Affects Apache HTTP Server (httpd) 2.4.52 and earlier. The issue arises in the httpd mod_lua component where an uninitialized value in r:parsebody can cause a read to a random memory area, potentially leading to a crash and availability impact. Connected advisories confir...
CVE-2021-23841
CVE-2021-23841 is described in connected advisories as a NULL pointer dereference in OpenSSL’s X509_issuer_and_serial_hash() when parsing the issuer field. This can crash a process if certificates from untrusted sources are processed and the issuer parsing fails, enabling a potential denial of se...
CVE-2023-32373
CVE-2023-32373 is a use-after-free in WebKitGTK/WebKit related to processing malicious web content. Connected advisories confirm this vulnerability affects WebKitGTK/WebKit components and note exploitation activity. The issue is fixed in WebKitGTK/WebKit updates (e.g., webkitgtk4 packages) across...
CVE-2023-28204
CVE-2023-28204 is an out-of-bounds read in WebKit caused by improper input handling while processing web content. It affects WebKit-based components and was fixed in multiple vendor advisories: Apple updates (watchOS/macOS/iOS/iPadOS/Safari) and WebKitGTK/WPE WebKit packages (e.g., webkitgtk4 2.3...
CVE-2023-32409
CVE-2023-32409 is a WebKit sandbox-escape vulnerability in WebKit’s handling of web content. The issue allowed a remote attacker to break out of the Web Content sandbox and was addressed by improved bounds checks. Fixes are included in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iP...
CVE-2022-2294
CVE-2022-2294 is a heap-buffer-overflow in WebRTC code within Google Chrome (Chromium-based) prior to 103.0.5060.114. Reported as enabling remote heap corruption via a crafted HTML page, potentially leading to code execution. Affected component: WebRTC in Chrome/Chromium. Remediation: upgrade to ...
CVE-2021-30661
CVE-2021-30661 is a use-after-free vulnerability in WebKit Storage that could lead to arbitrary code execution when processing malicious web content. Affected: WebKit/WebKitGTK/WebKit Storage components on Apple platforms (Safari/WebKit on macOS/iOS/iPadOS, and WebKitGTK implementations) as descr...
CVE-2021-1789
The CVE-2021-1789 entry refers to a type-confusion vulnerability in WebKitGTK and WebKit prior to 2.30.6 that could allow remote attackers to execute arbitrary code by processing malicious web content. Connected advisories (Arch Linux ASA-202103-24/ASA-202103-25 and ALAS/ALPINE entries) confirm t...
CVE-2022-22675
CVE-2022-22675 is an Apple kernel-related out-of-bounds write vulnerability (AppleAVD) that could allow code execution with kernel privileges. Affected macOS Big Sur 11.x, Monterey, tvOS, watchOS, iOS, and iPadOS components were fixed in specific updates: tvOS 15.5, watchOS 8.6, macOS Big Sur 11....
CVE-2020-7463
CVE-2020-7463 is a FreeBSD kernel use-after-free vulnerability caused by improper handling of large user messages from multiple threads on the same SCTP socket. Affected: FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEA...
CVE-2021-1871
CVE-2021-1871 is a WebKit/WebKitGTK logic issue that could allow remote code execution. Public sources confirm the flaw affects multiple WebKit components and was fixed in macOS Big Sur 11.2, macOS Security Update 2021-001 for Catalina and Mojave, and iOS/iPadOS 14.4. Debian’s security advisory (...
CVE-2021-1870
CVE-2021-1870 affects WebKitGTK/WebKitGTK-based packages (e.g., Arch Linux webkitgtk4) prior to version 2.30.6. A remote attacker could craft web content to cause arbitrary code execution. Upstream fix is in 2.30.6; Arch advisories (ASA-202103-24/25) and CVE listings confirm the vulnerability and...
CVE-2021-30860
CVE-2021-30860 affects Apple CoreGraphics in macOS/iOS/watchOS/tvOS stack. A vulnerability in integer overflow during processing of maliciously crafted PDFs could lead to arbitrary code execution. Fixed in Security Update 2021-005 for Catalina, iOS 14.8 / iPadOS 14.8, macOS Big Sur 11.6, and watc...
CVE-2021-30858
CVE-2021-30858 is a use-after-free in WebKit/WebKitGTK that could lead to arbitrary code execution when processing malicious web content. Apple patched this in iOS 14.8, iPadOS 14.8, and macOS Big Sur 11.6; Chromium/WebKit GTK ecosystems referenced the same vulnerability (WebKit/Gtk port). Some a...
CVE-2020-15969
CVE-2020-15969 is a use-after-free in WebRTC that was exploitable via a crafted HTML page, potentially causing heap corruption and arbitrary code execution. Connected Apple advisories (Safari 14.0.2, watchOS 7.2, tvOS 14.3) indicate this was addressed by Apple in respective security updates; appl...
CVE-2022-22674
CVE-2022-22674 involves an out-of-bounds read in the Intel Graphics Driver on macOS, allowing a local attacker to read kernel memory. Apple fixed it with patches in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, and macOS Big Sur 11.6.6 by improving input validation/bounds checks. Ther...