Skip to main content

macOS

2033 CVEs product

Monthly

CVE-2021-1746 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-1745 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipados +3
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-1744 HIGH This Week

An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Ipados +5
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-1743 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipados +5
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-1742 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-1741 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipados +5
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-1738 HIGH This Week

An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Ipados +3
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-1737 HIGH This Week

An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Ipados +3
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-1736 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Mac Os X +1
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-23841 Cargo MEDIUM PATCH This Month

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Nessus Network Monitor +20
NVD
CVSS 3.1
5.9
EPSS
7.5%
CVE-2020-8286 HIGH POC PATCH This Week

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora Debian Linux Clustered Data Ontap +13
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2020-8285 HIGH POC PATCH This Week

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libcurl Debian Linux Fedora Clustered Data Ontap +19
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-8284 LOW PATCH Monitor

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Curl Fedora Debian Linux Clustered Data Ontap +19
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2020-13520 HIGH POC This Week

An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Openusd macOS
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2020-27918 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Memory Corruption Apple RCE +12
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-27896 MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Path Traversal Mac Os X macOS
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-27950 MEDIUM KEV THREAT This Month

A memory initialization issue was addressed. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
16.5%
CVE-2020-27932 HIGH KEV THREAT This Week

A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Apple Icloud Itunes +5
NVD
CVSS 3.1
7.8
EPSS
10.3%
CVE-2020-27930 HIGH KEV THREAT This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Ipados +4
NVD
CVSS 3.1
7.8
EPSS
22.2%
CVE-2020-27927 HIGH This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Ipados +4
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-27917 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Memory Corruption Apple RCE +8
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2020-27916 HIGH This Week

An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Ipados +4
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2020-27912 HIGH This Week

An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Memory Corruption Apple RCE +7
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2020-27911 HIGH This Week

An integer overflow was addressed through improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Microsoft Integer Overflow Icloud +6
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2020-27910 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipados +4
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2020-27909 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipados +4
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2020-27906 HIGH This Week

Multiple integer overflows were addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Integer Overflow macOS
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-27904 HIGH This Week

A logic issue existed resulting in memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
3.1%
CVE-2020-27903 HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-27900 MEDIUM This Month

An issue existed in the handling of snapshots. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-27898 MEDIUM This Month

A denial of service issue was addressed with improved state handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple macOS
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-9972 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Ipad Os Iphone Os +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-9965 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Ipados +4
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-9849 MEDIUM This Month

An information disclosure issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Microsoft Information Disclosure Icloud Itunes +4
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-27894 MEDIUM This Month

The issue was addressed with additional user controls. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-10016 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Ipados +5
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2020-10014 MEDIUM This Month

A parsing issue in the handling of directory paths was addressed with improved path validation. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Path Traversal Mac Os X macOS
NVD
CVSS 3.1
6.3
EPSS
1.1%
CVE-2020-10012 MEDIUM This Month

An access issue was addressed with improved access restrictions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Mac Os X macOS
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-13524 MEDIUM POC This Month

An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Openusd Mac Os X macOS
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-8037 HIGH PATCH This Week

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Tcpdump Debian Linux Fedora Mac Os X +1
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-15969 HIGH This Week

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +9
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-9941 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-9883 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Microsoft Apple Icloud +7
NVD
CVSS 3.1
7.8
EPSS
5.7%
CVE-2020-9876 HIGH This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Memory Corruption Apple RCE +8
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-15358 MEDIUM POC PATCH This Month

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Sqlite Ubuntu Linux Icloud +13
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-14155 MEDIUM PATCH This Month

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Pcre macOS Gitlab +12
NVD
CVSS 3.1
5.3
EPSS
4.2%
CVE-2020-13631 MEDIUM PATCH This Month

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Sqlite Fedora Ubuntu Linux Cloud Backup +14
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-13630 HIGH PATCH This Week

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Sqlite Fedora +17
NVD
CVSS 3.1
7.0
EPSS
1.0%
CVE-2020-13434 MEDIUM POC PATCH This Month

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Sqlite Debian Linux Fedora +12
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-10663 Ruby HIGH PATCH This Week

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Json Fedora Leap Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
6.8%
CVE-2019-14899 HIGH This Week

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Google Apple Freebsd Linux Kernel +6
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2019-13118 Ruby MEDIUM PATCH This Month

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Information Disclosure Memory Corruption Libxslt Leap Active Iq Unified Manager +22
NVD VulDB
CVSS 3.1
5.3
EPSS
1.0%
CVE-2013-0340 MEDIUM POC This Month

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service XXE Libexpat Python Ipados +4
NVD GitHub
CVSS 2.0
6.8
EPSS
0.1%
EPSS 1% CVSS 7.8
HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados +5
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE +5
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE +7
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE +7
NVD
EPSS 1% CVSS 7.8
HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Ipados +5
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE +7
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE +5
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE +5
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE +3
NVD
EPSS 7% CVSS 5.9
MEDIUM PATCH This Month

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service +22
NVD
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora +15
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libcurl Debian Linux +21
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Curl Fedora +21
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Openusd +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Memory Corruption +14
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Path Traversal Mac Os X +1
NVD
EPSS 17% CVSS 5.5
MEDIUM KEV THREAT This Month

A memory initialization issue was addressed. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +3
NVD
EPSS 10% CVSS 7.8
HIGH KEV THREAT This Week

A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Apple +7
NVD
EPSS 22% CVSS 7.8
HIGH KEV THREAT This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +6
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +6
NVD
EPSS 2% CVSS 7.8
HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Memory Corruption +10
NVD
EPSS 2% CVSS 7.8
HIGH This Week

An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +6
NVD
EPSS 2% CVSS 7.8
HIGH This Week

An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Memory Corruption +9
NVD
EPSS 3% CVSS 7.8
HIGH This Week

An integer overflow was addressed through improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Microsoft +8
NVD
EPSS 2% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE +6
NVD
EPSS 2% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE +6
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Multiple integer overflows were addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Integer Overflow +1
NVD
EPSS 3% CVSS 7.8
HIGH This Week

A logic issue existed resulting in memory corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

An issue existed in the handling of snapshots. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

A denial of service issue was addressed with improved state handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple macOS
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple +4
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE +6
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

An information disclosure issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Microsoft Information Disclosure +6
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

The issue was addressed with additional user controls. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 2% CVSS 7.8
HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +7
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

A parsing issue in the handling of directory paths was addressed with improved path validation. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Path Traversal Mac Os X +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An access issue was addressed with improved access restrictions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Mac Os X +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Openusd Mac Os X +1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Tcpdump Debian Linux +3
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +11
NVD
EPSS 3% CVSS 7.5
HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +4
NVD
EPSS 6% CVSS 7.8
HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Microsoft +9
NVD
EPSS 2% CVSS 7.8
HIGH This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Memory Corruption +10
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Sqlite +15
NVD
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Pcre +14
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Sqlite Fedora +16
NVD
EPSS 1% CVSS 7.0
HIGH PATCH This Week

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure +19
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Sqlite +14
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Json Fedora +3
NVD
EPSS 1% CVSS 7.4
HIGH This Week

A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Google Apple +8
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Information Disclosure Memory Corruption Libxslt +24
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service XXE Libexpat +6
NVD GitHub
Prev Page 23 of 23

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy