Lucene search

K

57 matches found

CVE
CVE
added 2021/12/10 10:15 a.m.5965 views

CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message ...

10CVSS10AI score0.94358EPSS
In wildWeb
CVE
CVE
added 2018/11/07 2:29 p.m.5198 views

CVE-2018-16843

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configura...

7.8CVSS7.3AI score0.52934EPSS
CVE
CVE
added 2018/11/07 2:29 p.m.5083 views

CVE-2018-16844

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file...

7.8CVSS7.3AI score0.09263EPSS
CVE
CVE
added 2018/11/07 2:29 p.m.4471 views

CVE-2018-16845

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affe...

8.2CVSS6.4AI score0.04382EPSS
CVE
CVE
added 2020/01/09 9:15 p.m.3993 views

CVE-2019-20372

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

5.3CVSS5.2AI score0.70235EPSS
CVE
CVE
added 2017/07/13 1:29 p.m.1867 views

CVE-2017-7529

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

7.5CVSS7.3AI score0.91742EPSS
CVE
CVE
added 2016/02/15 7:59 p.m.1323 views

CVE-2016-0746

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.

9.8CVSS9.5AI score0.11485EPSS
CVE
CVE
added 2021/03/09 8:15 p.m.968 views

CVE-2021-21300

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive fil...

8CVSS7.7AI score0.69722EPSS
CVE
CVE
added 2022/10/19 11:15 a.m.617 views

CVE-2022-39253

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone a...

5.5CVSS6.5AI score0.03085EPSS
CVE
CVE
added 2019/03/21 9:29 p.m.568 views

CVE-2019-3855

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

9.3CVSS8.7AI score0.11667EPSS
CVE
CVE
added 2022/10/19 12:15 p.m.563 views

CVE-2022-39260

Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the comm...

8.8CVSS9.2AI score0.01001EPSS
CVE
CVE
added 2022/04/12 6:15 p.m.443 views

CVE-2022-24765

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder C:\.git, which would be picked up by Git operations...

7.8CVSS7AI score0.00235EPSS
CVE
CVE
added 2019/07/29 12:15 p.m.276 views

CVE-2019-14379

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

9.8CVSS9.7AI score0.01455EPSS
CVE
CVE
added 2016/02/15 7:59 p.m.268 views

CVE-2016-0742

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

7.5CVSS7.8AI score0.77828EPSS
CVE
CVE
added 2016/02/15 7:59 p.m.244 views

CVE-2016-0747

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.

5.3CVSS6.8AI score0.28318EPSS
CVE
CVE
added 2024/03/15 11:15 p.m.232 views

CVE-2024-23298

A logic issue was addressed with improved state management.

5.5CVSS6.3AI score0.03685EPSS
CVE
CVE
added 2022/07/12 9:15 p.m.216 views

CVE-2022-29187

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navi...

7.8CVSS7.2AI score0.00235EPSS
CVE
CVE
added 2022/03/18 6:15 p.m.118 views

CVE-2022-22602

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

7.8CVSS8.2AI score0.00418EPSS
CVE
CVE
added 2020/10/16 5:15 p.m.101 views

CVE-2020-9992

This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device dur...

9.3CVSS7.5AI score0.07726EPSS
CVE
CVE
added 2022/03/18 6:15 p.m.99 views

CVE-2022-22605

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

7.8CVSS8.2AI score0.00418EPSS
CVE
CVE
added 2022/03/18 6:15 p.m.99 views

CVE-2022-22608

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

7.8CVSS8.2AI score0.00418EPSS
CVE
CVE
added 2023/02/27 8:15 p.m.99 views

CVE-2022-42797

An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges.

7.8CVSS7AI score0.00071EPSS
CVE
CVE
added 2022/05/26 8:15 p.m.98 views

CVE-2022-26747

This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges.

7.8CVSS6.9AI score0.00217EPSS
CVE
CVE
added 2021/04/02 7:15 p.m.97 views

CVE-2021-1800

A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode.

5.5CVSS4.6AI score0.00204EPSS
CVE
CVE
added 2022/03/18 6:15 p.m.92 views

CVE-2022-22603

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

7.8CVSS8.2AI score0.00418EPSS
CVE
CVE
added 2022/03/18 6:15 p.m.90 views

CVE-2022-22604

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

7.8CVSS8.2AI score0.00418EPSS
CVE
CVE
added 2022/03/18 6:15 p.m.90 views

CVE-2022-22606

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

7.8CVSS8.2AI score0.00418EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.90 views

CVE-2023-40391

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory.

5.5CVSS4.9AI score0.00022EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.90 views

CVE-2024-44191

This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. An app may gain unauthorized access to Bluetooth.

5.5CVSS6.3AI score0.00043EPSS
CVE
CVE
added 2023/05/08 8:15 p.m.88 views

CVE-2023-27967

The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

8.6CVSS8.2AI score0.00088EPSS
CVE
CVE
added 2020/10/27 8:15 p.m.87 views

CVE-2019-8840

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 11.3. Compiling with untrusted sources may lead to arbitrary code execution with user privileges.

8.8CVSS8.3AI score0.00976EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.85 views

CVE-2018-4164

An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the "LLVM" component.

10CVSS8.1AI score0.0305EPSS
CVE
CVE
added 2022/03/18 6:15 p.m.84 views

CVE-2022-22607

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

7.8CVSS8.2AI score0.00418EPSS
CVE
CVE
added 2022/03/18 6:15 p.m.79 views

CVE-2022-22601

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

7.8CVSS8.2AI score0.0044EPSS
CVE
CVE
added 2023/05/08 8:15 p.m.79 views

CVE-2023-27945

This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A sandboxed app may be able to collect system logs.

6.3CVSS6.4AI score0.00054EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.71 views

CVE-2018-4357

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10.

9.3CVSS7.2AI score0.00171EPSS
CVE
CVE
added 2023/09/27 3:18 p.m.69 views

CVE-2023-32396

This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges.

7.8CVSS7AI score0.00021EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.62 views

CVE-2025-30441

This issue was addressed through improved state management. This issue is fixed in Xcode 16.3. An app may be able to overwrite arbitrary files.

5.5CVSS6.5AI score0.00013EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.59 views

CVE-2019-8806

A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution.

7.8CVSS7.6AI score0.00343EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.56 views

CVE-2019-8800

A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution.

7.8CVSS7.6AI score0.00343EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.53 views

CVE-2024-44162

This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to a user's Keychain items.

7.8CVSS6.8AI score0.00037EPSS
CVE
CVE
added 2025/03/31 11:15 p.m.51 views

CVE-2025-24226

The issue was addressed with improved checks. This issue is fixed in Xcode 16.3. A malicious app may be able to access private information.

5.5CVSS6AI score0.00013EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.48 views

CVE-2019-8721

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.

9.3CVSS8.8AI score0.00601EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.45 views

CVE-2019-8724

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.

9.3CVSS8.8AI score0.00464EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.45 views

CVE-2023-40435

This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials.

5.5CVSS5AI score0.00116EPSS
CVE
CVE
added 2023/09/06 2:15 a.m.44 views

CVE-2022-32920

The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information.

5.5CVSS4.7AI score0.00108EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.44 views

CVE-2024-40862

A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An attacker may be able to determine the Apple ID of the owner of the computer.

7.5CVSS6.1AI score0.00169EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.43 views

CVE-2024-44228

This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data.

7.5CVSS5.7AI score0.0013EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.42 views

CVE-2017-7167

An issue was discovered in certain Apple products. Xcode before 9.2 is affected. The issue involves the "ld64" component. A buffer overflow allows remote attackers to execute arbitrary code via crafted source code.

7.8CVSS7.5AI score0.01112EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.40 views

CVE-2019-8722

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.

9.3CVSS8.8AI score0.00601EPSS
Total number of security vulnerabilities57