) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2018-25032 |
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. Published: March 25, 2022; 5:15:08 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2022-22665 |
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges. Published: March 18, 2022; 2:15:15 PM -0400 |
V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
| CVE-2022-22627 |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. Published: March 18, 2022; 2:15:14 PM -0400 |
V3.1: 7.1 HIGH V2.0: 5.8 MEDIUM |
| CVE-2022-22597 |
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution. Published: March 18, 2022; 2:15:12 PM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2022-22593 |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges. Published: March 18, 2022; 2:15:12 PM -0400 |
V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
| CVE-2022-22589 |
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. Published: March 18, 2022; 2:15:12 PM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2022-22579 |
An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution. Published: March 18, 2022; 2:15:12 PM -0400 |
V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
| CVE-2022-22719 |
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. Published: March 14, 2022; 7:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2022-23308 |
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. Published: February 26, 2022; 12:15:08 AM -0500 |
V3.1: 7.5 HIGH V2.0: 4.3 MEDIUM |
| CVE-2021-45444 |
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. Published: February 14, 2022; 7:15:15 AM -0500 |
V3.1: 7.8 HIGH V2.0: 5.1 MEDIUM |
| CVE-2022-0530 |
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. Published: February 09, 2022; 6:15:16 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2021-4193 |
vim is vulnerable to Out-of-bounds Read Published: December 31, 2021; 11:15:07 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2021-4192 |
vim is vulnerable to Use After Free Published: December 31, 2021; 10:15:08 AM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2021-4187 |
vim is vulnerable to Use After Free Published: December 29, 2021; 12:15:07 PM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2021-4173 |
vim is vulnerable to Use After Free Published: December 27, 2021; 8:15:07 AM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2021-4166 |
vim is vulnerable to Out-of-bounds Read Published: December 25, 2021; 2:15:07 PM -0500 |
V3.1: 7.1 HIGH V2.0: 5.8 MEDIUM |
| CVE-2021-44224 |
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). Published: December 20, 2021; 7:15:07 AM -0500 |
V3.1: 8.2 HIGH V2.0: 6.4 MEDIUM |
| CVE-2021-4136 |
vim is vulnerable to Heap-based Buffer Overflow Published: December 19, 2021; 12:15:07 PM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2021-30833 |
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files. Published: October 28, 2021; 3:15:09 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2021-30850 |
An access issue was addressed with improved access restrictions. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6, tvOS 15. A user may gain access to protected parts of the file system. Published: October 19, 2021; 10:15:09 AM -0400 |
V3.1: 5.5 MEDIUM V2.0: 7.1 HIGH |