Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Total 9806 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3215 1 Apple 1 Swiftnio 2022-09-30 N/A 7.5 HIGH
NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines to their input (usually in encoded form) and "inject" those newlines into the returned HTTP response. This capability allows users to work around security headers and HTTP/1.1 framing headers by injecting entirely false responses or other new headers. The injected false responses may also be treated as the response to subsequent requests, which can lead to XSS, cache poisoning, and a number of other flaws. This issue was resolved by adding validation to the HTTPHeaders type, ensuring that there's no whitespace incorrectly present in the HTTP headers provided by users. As the existing API surface is non-failable, all invalid characters are replaced by linear whitespace.
CVE-2022-32799 1 Apple 1 Macos 2022-09-30 N/A 5.9 MEDIUM
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information.
CVE-2021-30860 3 Apple, Freedesktop, Xpdfreader 7 Ipados, Iphone Os, Mac Os X and 4 more 2022-09-30 6.8 MEDIUM 7.8 HIGH
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2022-0530 5 Apple, Debian, Fedoraproject and 2 more 6 Mac Os X, Macos, Debian Linux and 3 more 2022-09-30 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
CVE-2022-32886 3 Apple, Debian, Fedoraproject 5 Ipados, Iphone Os, Safari and 2 more 2022-09-30 N/A 8.8 HIGH
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2021-45444 4 Apple, Debian, Fedoraproject and 1 more 5 Mac Os X, Macos, Debian Linux and 2 more 2022-09-30 5.1 MEDIUM 7.8 HIGH
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
CVE-2022-3197 3 Apple, Google, Linux 3 Macos, Chrome, Linux Kernel 2022-09-29 N/A 8.8 HIGH
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2022-3199 3 Apple, Google, Linux 3 Macos, Chrome, Linux Kernel 2022-09-29 N/A 8.8 HIGH
Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3200 3 Apple, Google, Linux 3 Macos, Chrome, Linux Kernel 2022-09-29 N/A 8.8 HIGH
Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3053 2 Apple, Google 2 Macos, Chrome 2022-09-29 N/A 4.3 MEDIUM
Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page.
CVE-2022-3196 3 Apple, Google, Linux 3 Macos, Chrome, Linux Kernel 2022-09-29 N/A 8.8 HIGH
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2022-3198 3 Apple, Google, Linux 3 Macos, Chrome, Linux Kernel 2022-09-29 N/A 8.8 HIGH
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2010-1281 3 Adobe, Apple, Microsoft 3 Shockwave Player, Macos, Windows 2022-09-29 9.3 HIGH 8.8 HIGH
iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.
CVE-2022-32783 1 Apple 1 Macos 2022-09-29 N/A 5.5 MEDIUM
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An app may gain unauthorized access to Bluetooth.
CVE-2022-0804 4 Apple, Google, Linux and 1 more 5 Macos, Android, Chrome and 2 more 2022-09-28 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-0802 4 Apple, Google, Linux and 1 more 5 Macos, Android, Chrome and 2 more 2022-09-28 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-0805 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2022-09-28 6.8 MEDIUM 8.8 HIGH
Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
CVE-2022-0803 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2022-09-28 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-0807 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2022-09-28 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2022-0806 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2022-09-28 4.3 MEDIUM 6.5 MEDIUM
Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page.