An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Processing maliciously crafted web content may lead to arbitrary code execution.
Source: Apple Inc.
Max CVSS
8.8
EPSS Score
0.35%
Published
2022-09-23
Updated
2023-01-09
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution.
Source: Apple Inc.
Max CVSS
8.8
EPSS Score
0.30%
Published
2022-05-26
Updated
2022-06-07

CVE-2022-2294

Known exploited
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: Chrome
Max CVSS
8.8
EPSS Score
1.15%
Published
2022-07-28
Updated
2023-11-25
CISA KEV Added
2022-08-25
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
Source: Apache Software Foundation
Max CVSS
8.2
EPSS Score
30.75%
Published
2021-12-20
Updated
2022-11-02
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.84%
Published
2021-09-20
Updated
2023-12-03
This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions.
Source: MITRE
Max CVSS
8.6
EPSS Score
0.14%
Published
2021-08-24
Updated
2021-12-30
A logic issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.09%
Published
2021-08-24
Updated
2022-10-11
A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted certificate may lead to arbitrary code execution.
Source: Apple Inc.
Max CVSS
8.8
EPSS Score
0.38%
Published
2021-09-08
Updated
2023-01-09
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to execute arbitrary code.
Source: Apple Inc.
Max CVSS
8.1
EPSS Score
0.36%
Published
2021-09-08
Updated
2021-09-16
A malicious application may be able to break out of its sandbox. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A path handling issue was addressed with improved validation.
Source: Apple Inc.
Max CVSS
8.8
EPSS Score
0.04%
Published
2021-09-08
Updated
2022-07-12
This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to break out of its sandbox.
Source: Apple Inc.
Max CVSS
8.8
EPSS Score
0.05%
Published
2021-09-08
Updated
2021-11-03
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.
Source: Apple Inc.
Max CVSS
8.8
EPSS Score
0.37%
Published
2021-09-08
Updated
2021-09-20
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. An application may be able to cause unexpected system termination or write kernel memory.
Source: Apple Inc.
Max CVSS
8.8
EPSS Score
0.08%
Published
2021-09-08
Updated
2021-09-16
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.
Source: Apple Inc.
Max CVSS
8.8
EPSS Score
1.68%
Published
2021-04-02
Updated
2021-04-09

CVE-2021-1789

Known exploited
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Source: Apple Inc.
Max CVSS
8.8
EPSS Score
0.82%
Published
2021-04-02
Updated
2021-06-02
CISA KEV Added
2022-05-04
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Source: Apple Inc.
Max CVSS
8.8
EPSS Score
0.72%
Published
2021-04-02
Updated
2022-04-26
An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An attacker in a privileged network position may be able to bypass authentication policy.
Source: Apple Inc.
Max CVSS
8.8
EPSS Score
0.19%
Published
2021-04-02
Updated
2022-06-28
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing maliciously crafted web content may lead to code execution.
Source: Apple Inc.
Max CVSS
8.8
EPSS Score
0.43%
Published
2021-04-02
Updated
2023-01-09
A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code.
Source: Apple Inc.
Max CVSS
8.8
EPSS Score
0.14%
Published
2020-10-16
Updated
2023-01-09
A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox.
Source: Apple Inc.
Max CVSS
8.6
EPSS Score
0.09%
Published
2020-10-16
Updated
2023-01-09
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox.
Source: Apple Inc.
Max CVSS
8.6
EPSS Score
0.06%
Published
2020-06-09
Updated
2020-06-09
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.
Source: Apple Inc.
Max CVSS
8.8
EPSS Score
0.71%
Published
2020-06-09
Updated
2023-01-09
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.
Source: Apple Inc.
Max CVSS
8.1
EPSS Score
0.52%
Published
2020-06-09
Updated
2023-01-09
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.
Source: Apple Inc.
Max CVSS
8.8
EPSS Score
0.65%
Published
2020-02-27
Updated
2021-07-21
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
Source: CERT/CC
Max CVSS
8.1
EPSS Score
0.11%
Published
2019-08-14
Updated
2021-11-04
146 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!