Lucene search
K

1262 matches found

CVE
CVE
added 2022/03/14 10:15 a.m.8154 views

CVE-2022-22720

CVE-2022-22720 – Apache httpd HTTP Request Smuggling (details from connected docs) Affected software: Apache HTTP Server (httpd) versions 2.4.52 and earlier. Root cause / description: Inbound connections are not closed when errors occur while discarding the request body, which can expose the serv...

9.8CVSS9.4AI score0.28189EPSS
CVE
CVE
added 2021/12/20 12:0 a.m.7263 views

CVE-2021-44790

CVE-2021-44790 affects Apache HTTP Server up to version 2.4.51. It describes a buffer overflow in the mod_lua multipart parser (triggered via r:parsebody() from Lua scripts). Connected documents corroborate this in various advisories and patch notes, indicating releases with fixes (e.g., patched ...

9.8CVSS9.9AI score0.97108EPSS
Web
CVE
CVE
added 2024/02/21 6:41 a.m.6997 views

CVE-2023-42853

CVE-2023-42853 involves a logic issue in macOS components that could allow an app to access user-sensitive data. The issue is addressed by improved checks and is fixed in macOS updates: Sonoma 14.1, Monterey 12.7.1, and Ventura 13.6.1. The available connected documents confirm the root cause as a...

5.5CVSS6.6AI score0.00212EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6880 views

CVE-2023-42835

The CVE-2023-42835 entry corresponds to a logic issue in macOS Sonoma that could let an attacker access user data. The connected documentation (Apple security content) confirms the flaw is addressed by the macOS Sonoma 14.1 security update, which removes the vulnerable code or strengthens checks....

7.5CVSS7.2AI score0.0037EPSS
CVE
CVE
added 2024/04/04 7:19 p.m.4942 views

CVE-2023-38709

CVE-2023-38709 describes HTTP response splitting in the core of Apache HTTP Server caused by faulty input validation. It affects Apache HTTP Server up to version 2.4.58; multiple advisories (e.g., Astra Linux, AlmaLinux, Alpine Linux) note that upgrading to 2.4.64 fixes the issue. Some sources in...

7.3CVSS7.1AI score0.03914EPSS
CVE
CVE
added 2024/04/04 7:20 p.m.3873 views

CVE-2024-24795

CVE-2024-24795 (httpd) describes HTTP response splitting in multiple Apache HTTP Server modules when malicious response headers can be injected into backend applications, enabling HTTP desynchronization. The vulnerability is mitigated by upgrading to Apache HTTP Server 2.4.59, as indicated across...

6.3CVSS7AI score0.02874EPSS
CVE
CVE
added 2021/12/20 11:20 a.m.2718 views

CVE-2021-44224

CVE-2021-44224 concerns Apache HTTP Server (httpd) with the mod_proxy forward proxy configuration. A crafted URI to a forward proxy (ProxyRequests on) can trigger a NULL pointer dereference, causing a crash. In configurations that mix forward and reverse proxy declarations, it can enable requests...

8.2CVSS8.7AI score0.82295EPSS
CVE
CVE
added 2020/12/08 9:11 p.m.2159 views

CVE-2020-27918

CVE-2020-27918 is a use-after-free vulnerability in WebKitGTK/WebKit where processing maliciously crafted web content may lead to arbitrary code execution. The issue is documented across multiple advisories and is fixed upstream in WebKitGTK/WebKit version 2.30.6 (and corresponding package update...

7.8CVSS8.6AI score0.01361EPSS
CVE
CVE
added 2022/03/14 10:15 a.m.2141 views

CVE-2022-22719

Summary (CVE-2022-22719) Affects Apache HTTP Server (httpd) 2.4.52 and earlier. The issue arises in the httpd mod_lua component where an uninitialized value in r:parsebody can cause a read to a random memory area, potentially leading to a crash and availability impact. Connected advisories confir...

7.5CVSS8.7AI score0.69803EPSS
CVE
CVE
added 2023/06/23 12:0 a.m.1862 views

CVE-2023-32373

CVE-2023-32373 is a use-after-free in WebKitGTK/WebKit related to processing malicious web content. Connected advisories confirm this vulnerability affects WebKitGTK/WebKit components and note exploitation activity. The issue is fixed in WebKitGTK/WebKit updates (e.g., webkitgtk4 packages) across...

8.8CVSS8.6AI score0.12172EPSS
In wild
CVE
CVE
added 2022/07/28 12:0 a.m.1665 views

CVE-2022-2294

CVE-2022-2294 is a heap-buffer-overflow in WebRTC code within Google Chrome (Chromium-based) prior to 103.0.5060.114. Reported as enabling remote heap corruption via a crafted HTML page, potentially leading to code execution. Affected component: WebRTC in Chrome/Chromium. Remediation: upgrade to ...

8.8CVSS8.3AI score0.70461EPSS
In wild
CVE
CVE
added 2021/08/24 6:49 p.m.1309 views

CVE-2021-30860

CVE-2021-30860 affects Apple CoreGraphics in macOS/iOS/watchOS/tvOS stack. A vulnerability in integer overflow during processing of maliciously crafted PDFs could lead to arbitrary code execution. Fixed in Security Update 2021-005 for Catalina, iOS 14.8 / iPadOS 14.8, macOS Big Sur 11.6, and watc...

7.8CVSS6.5AI score0.75994EPSS
In wild
CVE
CVE
added 2021/08/24 6:49 p.m.1298 views

CVE-2021-30858

CVE-2021-30858 is a use-after-free in WebKit/WebKitGTK that could lead to arbitrary code execution when processing malicious web content. Apple patched this in iOS 14.8, iPadOS 14.8, and macOS Big Sur 11.6; Chromium/WebKit GTK ecosystems referenced the same vulnerability (WebKit/Gtk port). Some a...

8.8CVSS8.9AI score0.13486EPSS
In wild
CVE
CVE
added 2020/11/03 2:21 a.m.1292 views

CVE-2020-15969

CVE-2020-15969 is a use-after-free in WebRTC that was exploitable via a crafted HTML page, potentially causing heap corruption and arbitrary code execution. Connected Apple advisories (Safari 14.0.2, watchOS 7.2, tvOS 14.3) indicate this was addressed by Apple in respective security updates; appl...

8.8CVSS8.8AI score0.01705EPSS
CVE
CVE
added 2021/09/08 2:25 p.m.1276 views

CVE-2021-30665

CVE-2021-30665 is a memory corruption vulnerability in WebKitGTK/WebKit (before 2.32.3) that can lead to arbitrary code execution when processing malicious web content. It is listed in multiple advisories across WebKitGTK/WebKit and Apple platforms (watchOS/iOS/iPadOS/macOS/tvOS) with exploitatio...

8.8CVSS8.9AI score0.03692EPSS
In wild
CVE
CVE
added 2023/01/18 12:0 a.m.1256 views

CVE-2023-22809

CVE-2023-22809 affects sudo prior to 1.9.12p2, where the sudoedit (-e) feature mishandles extra arguments passed via environment variables SUDO_EDITOR, VISUAL, and EDITOR. This allows a local attacker to append arbitrary entries to the list of files to process, enabling privilege escalation. The ...

7.8CVSS7.7AI score0.55367EPSS
CVE
CVE
added 2022/03/18 5:59 p.m.1157 views

CVE-2022-22587

CVE-2022-22587 is an Apple IOMobileFrameBuffer memory corruption vulnerability that could allow code execution with kernel privileges. The issue is cited as fixed in iOS 15.3, iPadOS 15.3, macOS Big Sur 11.6.3, and macOS Monterey 12.2. Apple’s advisory notes a report that it may have been activel...

10CVSS8.3AI score0.11638EPSS
In wild
CVE
CVE
added 2021/09/08 2:29 p.m.1148 views

CVE-2021-30713

CVE-2021-30713 affects macOS Big Sur 11.4 and concerns the TCC (Transparency, Consent, and Control) subsystem. The vulnerability is described as a permissions issue that could allow a malicious application to bypass Privacy preferences, with the fix implemented in Big Sur 11.4. Related sources co...

7.8CVSS6.8AI score0.0658EPSS
In wild
CVE
CVE
added 2020/12/08 8:17 p.m.1142 views

CVE-2020-27950

CVE-2020-27950 is a memory initialization issue in Apple’s XNU kernel that could allow a malicious app to disclose kernel memory. The CVE is fixed in multiple Apple updates: macOS Big Sur 11.0.1, iOS 14.2/iPadOS 14.2, watchOS 7.1, watchOS 6.2.9, and Security Updates for macOS Catalina 10.15.7 (Su...

7.1CVSS5.3AI score0.1652EPSS
In wild
CVE
CVE
added 2021/10/19 1:12 p.m.1101 views

CVE-2021-30807

CVE-2021-30807 is a memory-corruption flaw in Apple’s IOMobileFrameBuffer kernel extension that can allow an app to execute arbitrary code with kernel privileges. The issue affects iOS, iPadOS, macOS (and watchOS via related advisories) and is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS ...

9.3CVSS8AI score0.28839EPSS
In wild
CVE
CVE
added 2022/05/26 5:47 p.m.1055 views

CVE-2022-26691

CVE-2022-26691 is a privilege-escalation issue in the CUPS printing system caused by a logic error in local authorization. Connected documentation shows affected packages across multiple distributions and versions, with patches released: e.g., cups

7.2CVSS6.1AI score0.00579EPSS
CVE
CVE
added 2022/12/05 12:0 a.m.1041 views

CVE-2022-32221

CVE-2022-32221 concerns curl/libcurl where the read callback (CURLOPT_READFUNCTION) may be used for POST data even after a PUT if the same handle was used for a PUT with that callback. This can cause sending the wrong data or memory errors on a subsequent POST. Connected advisories note this affe...

9.8CVSS8.6AI score0.04325EPSS
CVE
CVE
added 2022/12/15 12:0 a.m.977 views

CVE-2022-42856

CVE-2022-42856 is a type-confusion vulnerability in WebKit/WebKitGTK that could allow arbitrary code execution when processing malicious web content. The connected documents confirm impact across WebKit-based products, including Apple WebKit (Safari) and WebKitGTK, with fixes in Safari 16.2, macO...

8.8CVSS8.7AI score0.08523EPSS
In wild
CVE
CVE
added 2025/07/15 1:44 p.m.859 views

CVE-2025-6965

CVE-2025-6965 affects SQLite prior to 3.50.2, where the number of aggregate terms could exceed available columns, causing a memory corruption issue. The description in the Initial document notes upgrading to 3.50.2 or newer as the recommended fix. Connected documents corroborate the vulnerability...

7.7CVSS6.6AI score0.73495EPSS
CVE
CVE
added 2023/04/10 12:0 a.m.835 views

CVE-2023-28205

CVE-2023-28205 is a use-after-free vulnerability in WebKitGTK/WebKitGTK4 that can be triggered by processing malicious web content, leading to arbitrary code execution. The initial CVE entry notes a memory-management fix in Safari, iOS, iPadOS and macOS, with active exploitation reports. Connecte...

8.8CVSS8.8AI score0.27076EPSS
In wild
CVE
CVE
added 2023/04/10 12:0 a.m.831 views

CVE-2023-28206

CVE-2023-28206 is an IOSurfaceAccelerator out-of-bounds write vulnerability in Apple’s iOS/macOS stack. The connected analysis documents an in-the-wild exploit chain targeting Safari IPC to escalate to GPU-process code execution, including a sequence of heap grooming and IPC misuse that yields ar...

8.6CVSS8.2AI score0.24513EPSS
In wild
CVE
CVE
added 2025/01/27 9:46 p.m.792 views

CVE-2025-24146

CVE-2025-24146 affects macOS Messages where deleting a conversation may expose user contact information in system logs. The issue is tied to insufficient redaction of sensitive data and is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, and macOS Sonoma 14.7.3. CVSSv3.1 metrics in the initial ...

9.8CVSS5.8AI score0.00803EPSS
CVE
CVE
added 2023/09/21 6:23 p.m.775 views

CVE-2023-41993

CVE-2023-41993 is a WebKit code‑execution vulnerability affecting Apple platforms where processing web content could trigger arbitrary code execution. The public record notes the issue was fixed in macOS Sonoma 14 and is associated with Safari/WebKit processing paths. Apple documents indicate the...

8.8CVSS8.8AI score0.29179EPSS
In wild
CVE
CVE
added 2024/01/10 10:3 p.m.742 views

CVE-2023-41060

CVE-2023-41060 describes a kernel-type confusion vulnerability that is fixed in macOS Sonoma 14, iOS 17, and iPadOS 17. The root cause is a type confusions issue in the kernel that can allow a remote attacker to execute code with kernel privileges. Affected platforms, per public records, include ...

8.8CVSS7.5AI score0.01061EPSS
In wild
CVE
CVE
added 2021/10/28 6:17 p.m.683 views

CVE-2021-30836

CVE-2021-30836 is an out-of-bounds read vulnerability in WebKitGTK/WebKitGTK-based WebKit, manifested while processing a malicious audio file. The root cause is an input-validation/bounds-check issue leading to memory disclosure. Affected products include WebKitGTK/WebKitGTK2, with multiple advis...

5.5CVSS5.8AI score0.01035EPSS
CVE
CVE
added 2014/01/21 6:0 p.m.678 views

CVE-2013-0340

CVE-2013-0340 concerns the expat XML parser. The issue arises from improper handling of XML entity expansion (XXE) unless an application enables XML_SetEntityDeclHandler. This can allow a remote attacker to cause denial of service (resource consumption), trigger requests to intranet endpoints, or...

6.8CVSS7.4AI score0.19433EPSS
CVE
CVE
added 2025/12/12 7:20 p.m.657 views

CVE-2025-14174

CVE-2025-14174 = Out-of-bounds memory access in ANGLE within Google Chrome on macOS prior to 143.0.7499.110. A remote attacker could trigger memory access errors via a crafted HTML page. Affected software: Google Chrome on macOS; vulnerable component: ANGLE. Impact: high enough to potentially ena...

8.8CVSS6.2AI score0.22721EPSS
In wild
CVE
CVE
added 2022/10/29 12:0 a.m.642 views

CVE-2022-42916

CVE-2022-42916 affects curl’s HSTS check: when hostnames contain IDN characters that map to ASCII (e.g., IDEOGRAPHIC FULL STOP U+3002), curl can bypass HSTS and end up using HTTP instead of HTTPS. This could lead to cleartext transmission if an HTTP URL is provided. The issue is tied to curl vers...

7.5CVSS8.3AI score0.01644EPSS
CVE
CVE
added 2021/08/24 6:50 p.m.613 views

CVE-2021-30900

CVE-2021-30900 affects Apple’s GPU Drivers in iOS/iPadOS (Smartphone OS); root cause is an out-of-bounds write leading to memory corruption. Impact: potential arbitrary code execution with kernel privileges, exploitable locally. Apple fixes were released in iOS 14.8.1 / iPadOS 14.8.1 and iOS 15.1...

9.3CVSS7.4AI score0.05204EPSS
In wild
CVE
CVE
added 2020/06/27 11:39 a.m.591 views

CVE-2020-15358

CVE-2020-15358 (SQLite) affects the SQLite library, specifically the query engine path in select.c where the query-flattener optimization mishandles constant propagation for multiSelectOrderBy. The root cause is a mishandling of transitive properties during constant propagation, leading to a heap...

5.5CVSS6.8AI score0.01027EPSS
CVE
CVE
added 2025/01/27 9:46 p.m.511 views

CVE-2025-24092

CVE-2025-24092 affects macOS—Specifically macOS Sonoma 14.7.3 and macOS Sequoia 15.3—where an app could read sensitive location information due to a data-protection weakness. Apple and NVD entries confirm fixed versions: Sonoma 14.7.3 and Sequoia 15.3 implement the patch. The incident is describe...

5.5CVSS5.7AI score0.00249EPSS
CVE
CVE
added 2025/01/27 9:45 p.m.502 views

CVE-2025-24158

CVE-2025-24158 is a memory-handling issue in WebKitGTK/WebKit2GTK that may allow processing web content to cause a denial-of-service. Remediations are versioned updates: for WebKitGTK/WebKit2GTK we see fixes in Debian (webkit2gtk 2.46.6-1~deb12u1 / 2.46.6-1~deb11u1) and in AL2/AL8 advisories (web...

6.5CVSS6.9AI score0.01316EPSS
CVE
CVE
added 2021/09/29 12:0 a.m.495 views

CVE-2021-22947

CVE-2021-22947 affects curl when connecting to IMAP/POP3 servers using STARTTLS: multiple responses are cached before TLS, and after upgrading to TLS curl may trust pre‑TLS data, enabling a MITM injection of data. Affected releases range from curl 7.20.0 up to 7.78.0; exploitation details are not...

5.9CVSS7AI score0.02799EPSS
CVE
CVE
added 2026/01/28 5:26 p.m.482 views

CVE-2025-46316

CVE-2025-46316 describes an out-of-bounds read vulnerability that occurs when processing a malicious Pages document. The root cause is insufficient bounds checking, addressed by improved input validation. Affected software includes Pages 15.1 on macOS Tahoe 26.1, as well as iOS 26.1 and iPadOS 26...

4.3CVSS6.6AI score0.00278EPSS
CVE
CVE
added 2024/03/27 7:58 a.m.481 views

CVE-2024-2466

CVE-2024-2466 affects libcurl when built with mbedTLS: if a host is given as an IP address, the set hostname function is bypassed, causing TLS certificate validation to be skipped for TLS-based protocols (HTTPS, FTPS, IMAPS, SMTPS, etc.). AIX curl advisories and SANnav security notices mention th...

6.5CVSS6.4AI score0.01299EPSS
CVE
CVE
added 2023/09/04 1:47 p.m.463 views

CVE-2023-4733

CVE-2023-4733 is a local-use-after-free in vim/vim prior to 9.0.1840. Public details indicate a memory management bug that could enable arbitrary behavior when processing input, with CVSS-like metrics indicating HIGH impact in local context and user interaction required. Affected product: Vim (Gi...

7.8CVSS7.4AI score0.00537EPSS
CVE
CVE
added 2025/01/27 9:45 p.m.459 views

CVE-2025-24159

Summary: CVE-2025-24159 is a kernel-level validation issue that may allow an app to execute arbitrary code with kernel privileges. Affected platforms (per provided docs): iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Impac...

7.8CVSS7.5AI score0.00326EPSS
CVE
CVE
added 2024/03/27 7:55 a.m.450 views

CVE-2024-2398

CVE-2024-2398 affects curl/libcurl: when an application enables HTTP/2 server push and the received push headers exceed a limit (1000), libcurl aborts the server push and leaks previously allocated headers, causing memory leaks and a silent condition that can be hard to detect. The CVSS in the en...

8.6CVSS8.3AI score0.36081EPSS
CVE
CVE
added 2023/09/02 5:42 p.m.440 views

CVE-2023-4734

The CVE-2023-4734 issue affects Vim/vim prior to 9.0.1846, caused by an Integer Overflow or Wraparound in the code path handling inputs. This vulnerability could lead to a crash or memory corruption (as described by the CVE and multiple advisories), with reported impact classified as HIGH. Affect...

7.8CVSS7.7AI score0.00573EPSS
CVE
CVE
added 2023/02/27 12:0 a.m.425 views

CVE-2023-23518

WebKitGTK (WebKit2GTK) has a confirmed memory corruption flaw tracked as CVE-2023-23518 that could lead to arbitrary code execution when processing malicious web content. The issue is fixed in Safari 16.3 and in WebKitGTK updates around version 2.38.x (e.g., WebKitGTK 2.38.5 per ALAS2-2023-2088; ...

8.8CVSS8.4AI score0.00902EPSS
CVE
CVE
added 2025/11/04 1:15 a.m.424 views

CVE-2025-43413

CVE-2025-43413 describes an access issue whereby a sandboxed app could observe system-wide network connections. Apple fixed this by applying additional sandbox restrictions in multiple platforms and versions: tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7....

7.5CVSS6.5AI score0.00567EPSS
CVE
CVE
added 2021/09/29 12:0 a.m.415 views

CVE-2021-22946

CVE-2021-22946 affects curl before 7.82.0 (and within 7.20.0–7.78.0 per description) where the --ssl-reqd option or CURLUSESSL controls could be bypassed if a server crafts a legitimate response, allowing curl to continue without TLS. Connected sources confirm this flaw exists across multiple eco...

7.5CVSS7.6AI score0.04224EPSS
CVE
CVE
added 2025/01/27 9:45 p.m.415 views

CVE-2025-24154

CVE-2025-24154 is an out-of-bounds write that Apple fixed by improving input validation. Affected OS versions include macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3, iPadOS 18.3, and macOS Sequoia 15.3. The issue could allow an attacker to cause an unexpected system termination...

9.1CVSS7.1AI score0.01134EPSS
CVE
CVE
added 2025/01/27 9:45 p.m.408 views

CVE-2025-24174

CVE-2025-24174 affects macOS components and is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, and macOS Sonoma 14.7.3. The issue is described as an access control/privacy bypass that could allow an app to bypass Privacy preferences, with the underlying root cause described as improved checks ...

7.7CVSS5.8AI score0.00261EPSS
CVE
CVE
added 2025/01/27 9:45 p.m.406 views

CVE-2025-24149

CVE-2025-24149 is an out-of-bounds read resolved by Apple through improved bounds checking. Affected products/versions include iPadOS 17.7.4, iOS 18.3; macOS Ventura 13.7.3, macOS Sonoma 14.7.3, macOS Sequoia 15.3; visionOS 2.3; watchOS 11.3; and tvOS 18.3. The issue could lead to disclosure of u...

5.5CVSS6.6AI score0.00327EPSS
Total number of security vulnerabilities1262