{"cves":[{"cve_id":"CVE-2024-41868","summary":"Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08371,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/audition/apsb24-54.html"],"published_time":"2024-09-11T16:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-39378","summary":"Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00109,"ranking_epss":0.2912,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/audition/apsb24-54.html"],"published_time":"2024-09-11T16:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3187","summary":"An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00197,"ranking_epss":0.41655,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.beyondtrust.com/docs/release-notes/privilege-management/index.htm","https://www.beyondtrust.com/trust-center/security-advisories/bt22-06","https://www.beyondtrust.com/docs/release-notes/privilege-management/index.htm","https://www.beyondtrust.com/trust-center/security-advisories/bt22-06"],"published_time":"2023-12-11T23:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-34045","summary":"VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during \ninstallation for the first time (the user needs to drag or copy the \napplication to a folder from the '.dmg' volume) or when installing an \nupgrade. A malicious actor with local non-administrative user privileges may \nexploit this vulnerability to escalate privileges to root on the system \nwhere Fusion is installed or being installed for the first time.","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.0012,"ranking_epss":0.30889,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.vmware.com/security/advisories/VMSA-2023-0022.html","https://www.vmware.com/security/advisories/VMSA-2023-0022.html"],"published_time":"2023-10-20T10:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-34044","summary":"VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds \nread vulnerability that exists in the functionality for sharing host \nBluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual \nmachine may be able to read privileged information contained in \nhypervisor memory from a virtual machine.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11419,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.vmware.com/security/advisories/VMSA-2023-0022.html","https://www.vmware.com/security/advisories/VMSA-2023-0022.html"],"published_time":"2023-10-20T09:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-34046","summary":"VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) \nvulnerability that occurs during installation for the first time (the \nuser needs to drag or copy the application to a folder from the '.dmg' \nvolume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may \nexploit this vulnerability to escalate privileges to root on the system \nwhere Fusion is installed or being installed for the first time.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00141,"ranking_epss":0.3422,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.vmware.com/security/advisories/VMSA-2023-0022.html","https://www.vmware.com/security/advisories/VMSA-2023-0022.html"],"published_time":"2023-10-20T09:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-46706","summary":"A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185"],"published_time":"2023-08-14T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22630","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00518,"ranking_epss":0.66752,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256"],"published_time":"2023-06-23T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1763","summary":"Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.1692,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://psirt.canon/advisory-information/cp2023-002/","https://psirt.canon/hardening/","https://psirt.canon/advisory-information/cp2023-002/","https://psirt.canon/hardening/"],"published_time":"2023-05-17T01:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1764","summary":"Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07474,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://psirt.canon/advisory-information/cp2023-002/","https://psirt.canon/hardening/","https://psirt.canon/advisory-information/cp2023-002/","https://psirt.canon/hardening/"],"published_time":"2023-05-17T01:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-27960","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in GarageBand for macOS 10.4.8. An app may be able to gain elevated privileges during the installation of GarageBand.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00129,"ranking_epss":0.32286,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213650","https://support.apple.com/en-us/HT213650"],"published_time":"2023-05-08T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-20871","summary":"VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24549,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.vmware.com/security/advisories/VMSA-2023-0008.html","https://www.vmware.com/security/advisories/VMSA-2023-0008.html"],"published_time":"2023-04-25T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-20872","summary":"VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00766,"ranking_epss":0.73493,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.vmware.com/security/advisories/VMSA-2023-0008.html","https://www.vmware.com/security/advisories/VMSA-2023-0008.html"],"published_time":"2023-04-25T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-28143","summary":"\nQualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7)\ninstaller allows a local escalation of privilege bounded only to the time of\ninstallation and only on older macOSX (macOS 10.15 and older) versions.\nAttackers may exploit incorrect file permissions to give them ROOT command\nexecution privileges on the host. During the install of the PKG, a step in the\nprocess involves extracting the package and copying files to several\ndirectories. Attackers may gain writable access to files during the install of\nPKG when extraction of the package and copying files to several directories,\nenabling a local escalation of privilege.\n\n\n\n\n\n\n\n\n\n","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.26072,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://qualys.com/security-advisories","https://qualys.com/security-advisories"],"published_time":"2023-04-18T16:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22582","summary":"A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.02608,"ranking_epss":0.8566,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185"],"published_time":"2023-02-27T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-31705","summary":"VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":0.01438,"ranking_epss":0.80736,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.vmware.com/security/advisories/VMSA-2022-0033.html","https://www.vmware.com/security/advisories/VMSA-2022-0033.html"],"published_time":"2022-12-14T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32910","summary":"A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5, Security Update 2022-005 Catalina. An archive may be able to bypass Gatekeeper.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00439,"ranking_epss":0.63168,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345"],"published_time":"2022-11-01T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32794","summary":"A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.1518,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257"],"published_time":"2022-11-01T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32820","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00162,"ranking_epss":0.37073,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32823","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00112,"ranking_epss":0.296,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32826","summary":"An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22039,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32831","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19803,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32832","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.08902,"ranking_epss":0.92581,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32842","summary":"An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. An app may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.14856,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213345"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32843","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19263,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32847","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. A remote user may be able to cause unexpected system termination or corrupt kernel memory.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00819,"ranking_epss":0.74406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32849","summary":"An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23459,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/kb/HT213488","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/kb/HT213488"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32851","summary":"An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10086,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32853","summary":"An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19803,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345"],"published_time":"2022-09-23T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32781","summary":"This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.19515,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344"],"published_time":"2022-09-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32785","summary":"A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.2254,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32786","summary":"An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00104,"ranking_epss":0.28223,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345"],"published_time":"2022-09-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32787","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0068,"ranking_epss":0.7161,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32790","summary":"This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01709,"ranking_epss":0.82361,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258"],"published_time":"2022-09-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32797","summary":"This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00091,"ranking_epss":0.25579,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345"],"published_time":"2022-09-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32799","summary":"An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00281,"ranking_epss":0.51481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213345"],"published_time":"2022-09-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32800","summary":"This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26233,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345"],"published_time":"2022-09-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32805","summary":"The issue was addressed with improved handling of caches. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to access sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00156,"ranking_epss":0.36294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345"],"published_time":"2022-09-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32807","summary":"This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10086,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345"],"published_time":"2022-09-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32815","summary":"The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0025,"ranking_epss":0.48309,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32819","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00127,"ranking_epss":0.32041,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-09-23T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32839","summary":"The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A remote user may cause an unexpected app termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02412,"ranking_epss":0.8512,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-08-24T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32857","summary":"This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A user in a privileged network position can track a user’s activity.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.23289,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-08-24T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32811","summary":"A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14173,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345"],"published_time":"2022-08-24T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32812","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18725,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345"],"published_time":"2022-08-24T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32813","summary":"The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. An app with root privileges may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00152,"ranking_epss":0.35903,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213340","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-08-24T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32834","summary":"An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09272,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345"],"published_time":"2022-08-24T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32837","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.0966,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/kb/HT213343","https://support.apple.com/en-us/HT213342","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/kb/HT213343"],"published_time":"2022-08-24T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-32838","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6. An app may be able to read arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20035,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346","https://support.apple.com/en-us/HT213343","https://support.apple.com/en-us/HT213344","https://support.apple.com/en-us/HT213345","https://support.apple.com/en-us/HT213346"],"published_time":"2022-08-24T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-2294","summary":"Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01165,"ranking_epss":0.7864,"kev":true,"propose_action":"WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.","ransomware_campaign":"Known","references":["http://www.openwall.com/lists/oss-security/2022/07/28/2","https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html","https://crbug.com/1341043","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/","https://security.gentoo.org/glsa/202208-35","https://security.gentoo.org/glsa/202208-39","https://security.gentoo.org/glsa/202311-11","http://www.openwall.com/lists/oss-security/2022/07/28/2","https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html","https://crbug.com/1341043","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/","https://security.gentoo.org/glsa/202208-35","https://security.gentoo.org/glsa/202208-39","https://security.gentoo.org/glsa/202311-11","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-2294"],"published_time":"2022-07-28T02:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26775","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01025,"ranking_epss":0.77305,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213257","https://support.apple.com/kb/HT213253","https://support.apple.com/kb/HT213254","https://support.apple.com/kb/HT213258","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213257","https://support.apple.com/kb/HT213253","https://support.apple.com/kb/HT213254","https://support.apple.com/kb/HT213258"],"published_time":"2022-05-26T20:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26751","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00627,"ranking_epss":0.70242,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213259","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213259"],"published_time":"2022-05-26T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26755","summary":"This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox.","cvss":6.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00283,"ranking_epss":0.51765,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257"],"published_time":"2022-05-26T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26756","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00292,"ranking_epss":0.52629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257"],"published_time":"2022-05-26T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26757","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.06703,"ranking_epss":0.91275,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/167517/XNU-Flow-Divert-Race-Condition-Use-After-Free.html","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","http://packetstormsecurity.com/files/167517/XNU-Flow-Divert-Race-Condition-Use-After-Free.html","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258"],"published_time":"2022-05-26T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26761","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00213,"ranking_epss":0.43831,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256"],"published_time":"2022-05-26T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26763","summary":"An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.19484,"ranking_epss":0.95409,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258"],"published_time":"2022-05-26T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26766","summary":"A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01964,"ranking_epss":0.83551,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258"],"published_time":"2022-05-26T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26769","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00248,"ranking_epss":0.48136,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257"],"published_time":"2022-05-26T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26770","summary":"An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00266,"ranking_epss":0.50071,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257"],"published_time":"2022-05-26T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26746","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00271,"ranking_epss":0.50581,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257"],"published_time":"2022-05-26T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26748","summary":"An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00693,"ranking_epss":0.71884,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257"],"published_time":"2022-05-26T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26704","summary":"A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00368,"ranking_epss":0.58781,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Jul/13","http://seclists.org/fulldisclosure/2022/Jul/14","https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0032/MNDT-2022-0032.md","https://support.apple.com/en-us/HT213257","https://support.apple.com/kb/HT213343","https://support.apple.com/kb/HT213344","http://seclists.org/fulldisclosure/2022/Jul/13","http://seclists.org/fulldisclosure/2022/Jul/14","https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0032/MNDT-2022-0032.md","https://support.apple.com/en-us/HT213257","https://support.apple.com/kb/HT213343","https://support.apple.com/kb/HT213344"],"published_time":"2022-05-26T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26714","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0048,"ranking_epss":0.65085,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213254","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213258"],"published_time":"2022-05-26T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26715","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35666,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257"],"published_time":"2022-05-26T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26720","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00271,"ranking_epss":0.5061,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257"],"published_time":"2022-05-26T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26721","summary":"A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00371,"ranking_epss":0.58951,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257"],"published_time":"2022-05-26T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26722","summary":"A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00173,"ranking_epss":0.38617,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257"],"published_time":"2022-05-26T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26726","summary":"This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.08519,"ranking_epss":0.92393,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213253","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257"],"published_time":"2022-05-26T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26727","summary":"This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00169,"ranking_epss":0.38024,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213257"],"published_time":"2022-05-26T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26728","summary":"This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to access restricted files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00409,"ranking_epss":0.61322,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257"],"published_time":"2022-05-26T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26697","summary":"An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00229,"ranking_epss":0.45716,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257"],"published_time":"2022-05-26T19:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26698","summary":"An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00225,"ranking_epss":0.45247,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213257"],"published_time":"2022-05-26T19:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22672","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00317,"ranking_epss":0.54766,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185"],"published_time":"2022-05-26T18:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22674","summary":"An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00217,"ranking_epss":0.44302,"kev":true,"propose_action":"macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT213220","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213220","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22674"],"published_time":"2022-05-26T18:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26688","summary":"An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files.","cvss":4.4,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.4,"cvss_v4":null,"epss":0.0023,"ranking_epss":0.45849,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185"],"published_time":"2022-05-26T18:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-26691","summary":"A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.","cvss":6.7,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.10744,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444","https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md","https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO/","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://www.debian.org/security/2022/dsa-5149","https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444","https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md","https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO/","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://www.debian.org/security/2022/dsa-5149"],"published_time":"2022-05-26T18:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22616","summary":"This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.20512,"ranking_epss":0.95573,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185"],"published_time":"2022-05-26T18:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22662","summary":"A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00223,"ranking_epss":0.44962,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2022/07/05/3","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33BWWAQLLBHKGSI332ZZCORTFZ2XLOIH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANNHXXARVBRGI74TVQNZOAG6P7AGSMUJ/","https://security.gentoo.org/glsa/202208-39","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","http://www.openwall.com/lists/oss-security/2022/07/05/3","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33BWWAQLLBHKGSI332ZZCORTFZ2XLOIH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANNHXXARVBRGI74TVQNZOAG6P7AGSMUJ/","https://security.gentoo.org/glsa/202208-39","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185"],"published_time":"2022-05-26T18:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22663","summary":"This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper checks.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0026,"ranking_epss":0.49318,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213255","https://support.apple.com/en-us/HT213256"],"published_time":"2022-05-26T18:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-44719","summary":"Docker Desktop 4.3.0 has Incorrect Access Control.","cvss":8.4,"cvss_version":3.0,"cvss_v2":6.6,"cvss_v3":8.4,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19197,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.docker.com/desktop/mac/release-notes/","https://docs.docker.com/desktop/release-notes/#security-2","https://docs.docker.com/desktop/windows/release-notes/","https://docs.docker.com/desktop/mac/release-notes/","https://docs.docker.com/desktop/release-notes/#security-2","https://docs.docker.com/desktop/windows/release-notes/"],"published_time":"2022-05-25T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-28871","summary":"A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.","cvss":4.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00206,"ranking_epss":0.4288,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28871","https://www.withsecure.com/en/support/security-advisories/cve-2022-28871","https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28871","https://www.withsecure.com/en/support/security-advisories/cve-2022-28871"],"published_time":"2022-04-25T11:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13495","summary":"An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00211,"ranking_epss":0.4365,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://talosintelligence.com/vulnerability_reports/TALOS-2020-1104","https://talosintelligence.com/vulnerability_reports/TALOS-2020-1104"],"published_time":"2022-04-18T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-25032","summary":"zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00089,"ranking_epss":0.25248,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://github.com/madler/zlib/issues/605","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://security.gentoo.org/glsa/202210-42","https://security.netapp.com/advisory/ntap-20220526-0009/","https://security.netapp.com/advisory/ntap-20220729-0004/","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://www.debian.org/security/2022/dsa-5111","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://www.oracle.com/security-alerts/cpujul2022.html","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","http://www.openwall.com/lists/oss-security/2022/03/25/2","http://www.openwall.com/lists/oss-security/2022/03/26/1","https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf","https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","https://github.com/madler/zlib/issues/605","https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","https://security.gentoo.org/glsa/202210-42","https://security.netapp.com/advisory/ntap-20220526-0009/","https://security.netapp.com/advisory/ntap-20220729-0004/","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://www.debian.org/security/2022/dsa-5111","https://www.openwall.com/lists/oss-security/2022/03/24/1","https://www.openwall.com/lists/oss-security/2022/03/28/1","https://www.openwall.com/lists/oss-security/2022/03/28/3","https://www.oracle.com/security-alerts/cpujul2022.html"],"published_time":"2022-03-25T09:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22661","summary":"A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00384,"ranking_epss":0.59672,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185"],"published_time":"2022-03-18T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22665","summary":"A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00335,"ranking_epss":0.56333,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","https://support.apple.com/en-us/HT213183","https://support.apple.com/kb/HT213184","https://support.apple.com/kb/HT213185","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","https://support.apple.com/en-us/HT213183","https://support.apple.com/kb/HT213184","https://support.apple.com/kb/HT213185","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256"],"published_time":"2022-03-18T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22627","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00347,"ranking_epss":0.57286,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185"],"published_time":"2022-03-18T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22631","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00136,"ranking_epss":0.33385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185"],"published_time":"2022-03-18T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22638","summary":"A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01019,"ranking_epss":0.77243,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193"],"published_time":"2022-03-18T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22647","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window.","cvss":4.6,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00098,"ranking_epss":0.26888,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185"],"published_time":"2022-03-18T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22648","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185"],"published_time":"2022-03-18T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22650","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26399,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185"],"published_time":"2022-03-18T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22656","summary":"An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen.","cvss":3.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.3387,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185"],"published_time":"2022-03-18T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22613","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00619,"ranking_epss":0.70043,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193"],"published_time":"2022-03-18T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22614","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00763,"ranking_epss":0.73413,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193"],"published_time":"2022-03-18T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22615","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00763,"ranking_epss":0.73413,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193","https://support.apple.com/en-us/HT213182","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213186","https://support.apple.com/en-us/HT213193"],"published_time":"2022-03-18T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22617","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34482,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/kb/HT213257","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/kb/HT213257"],"published_time":"2022-03-18T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22625","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00353,"ranking_epss":0.57663,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185"],"published_time":"2022-03-18T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22626","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00347,"ranking_epss":0.57286,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185"],"published_time":"2022-03-18T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22579","summary":"An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.003,"ranking_epss":0.5339,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213055","https://support.apple.com/en-us/HT213056","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213055","https://support.apple.com/en-us/HT213056","https://support.apple.com/en-us/HT213057"],"published_time":"2022-03-18T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22583","summary":"A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00169,"ranking_epss":0.38136,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213055","https://support.apple.com/en-us/HT213056","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213055","https://support.apple.com/en-us/HT213056"],"published_time":"2022-03-18T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22589","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00788,"ranking_epss":0.73878,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","https://security.gentoo.org/glsa/202208-39","https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213058","https://support.apple.com/en-us/HT213059","https://support.apple.com/kb/HT213185","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","https://security.gentoo.org/glsa/202208-39","https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213058","https://support.apple.com/en-us/HT213059","https://support.apple.com/kb/HT213185","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256"],"published_time":"2022-03-18T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22593","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01694,"ranking_epss":0.82293,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213055","https://support.apple.com/en-us/HT213056","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213059","https://support.apple.com/en-us/HT213053","https://support.apple.com/en-us/HT213054","https://support.apple.com/en-us/HT213055","https://support.apple.com/en-us/HT213056","https://support.apple.com/en-us/HT213057","https://support.apple.com/en-us/HT213059"],"published_time":"2022-03-18T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22597","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00374,"ranking_epss":0.5911,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185","https://support.apple.com/en-us/HT213183","https://support.apple.com/en-us/HT213184","https://support.apple.com/en-us/HT213185"],"published_time":"2022-03-18T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22719","summary":"A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.29423,"ranking_epss":0.96613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","http://www.openwall.com/lists/oss-security/2022/03/14/4","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/","https://security.gentoo.org/glsa/202208-20","https://security.netapp.com/advisory/ntap-20220321-0001/","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://www.oracle.com/security-alerts/cpuapr2022.html","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","http://www.openwall.com/lists/oss-security/2022/03/14/4","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/","https://security.gentoo.org/glsa/202208-20","https://security.netapp.com/advisory/ntap-20220321-0001/","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://www.oracle.com/security-alerts/cpuapr2022.html"],"published_time":"2022-03-14T11:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22720","summary":"Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.27458,"ranking_epss":0.96429,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","http://www.openwall.com/lists/oss-security/2022/03/14/3","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/","https://security.gentoo.org/glsa/202208-20","https://security.netapp.com/advisory/ntap-20220321-0001/","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","http://www.openwall.com/lists/oss-security/2022/03/14/3","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/","https://security.gentoo.org/glsa/202208-20","https://security.netapp.com/advisory/ntap-20220321-0001/","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html"],"published_time":"2022-03-14T11:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-22721","summary":"If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.","cvss":9.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":9.1,"cvss_v4":null,"epss":0.13224,"ranking_epss":0.94164,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","http://www.openwall.com/lists/oss-security/2022/03/14/2","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/","https://security.gentoo.org/glsa/202208-20","https://security.netapp.com/advisory/ntap-20220321-0001/","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","http://www.openwall.com/lists/oss-security/2022/03/14/2","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/","https://security.gentoo.org/glsa/202208-20","https://security.netapp.com/advisory/ntap-20220321-0001/","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html"],"published_time":"2022-03-14T11:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-23308","summary":"valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.","cvss":7.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15393,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/34","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/36","http://seclists.org/fulldisclosure/2022/May/37","http://seclists.org/fulldisclosure/2022/May/38","https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e","https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS","https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/","https://security.gentoo.org/glsa/202210-03","https://security.netapp.com/advisory/ntap-20220331-0008/","https://support.apple.com/kb/HT213253","https://support.apple.com/kb/HT213254","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://support.apple.com/kb/HT213258","https://www.oracle.com/security-alerts/cpujul2022.html","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/34","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/36","http://seclists.org/fulldisclosure/2022/May/37","http://seclists.org/fulldisclosure/2022/May/38","https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e","https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS","https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/","https://security.gentoo.org/glsa/202210-03","https://security.netapp.com/advisory/ntap-20220331-0008/","https://support.apple.com/kb/HT213253","https://support.apple.com/kb/HT213254","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://support.apple.com/kb/HT213258","https://www.oracle.com/security-alerts/cpujul2022.html"],"published_time":"2022-02-26T05:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-45444","summary":"In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.","cvss":7.8,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00113,"ranking_epss":0.29825,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://lists.debian.org/debian-lts-announce/2022/02/msg00020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2P3LPMGENEHKDWFO4MWMZSZL6G7Y4CV7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWF3EXNBX5SVFDBL4ZFOD4GJBWFUKWN4/","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://vuln.ryotak.me/advisories/63","https://www.debian.org/security/2022/dsa-5078","https://zsh.sourceforge.io/releases.html","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://lists.debian.org/debian-lts-announce/2022/02/msg00020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2P3LPMGENEHKDWFO4MWMZSZL6G7Y4CV7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWF3EXNBX5SVFDBL4ZFOD4GJBWFUKWN4/","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://vuln.ryotak.me/advisories/63","https://www.debian.org/security/2022/dsa-5078","https://zsh.sourceforge.io/releases.html"],"published_time":"2022-02-14T12:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-0530","summary":"A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00163,"ranking_epss":0.37158,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://bugzilla.redhat.com/show_bug.cgi?id=2051395","https://github.com/ByteHackr/unzip_poc","https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html","https://security.gentoo.org/glsa/202310-17","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://www.debian.org/security/2022/dsa-5202","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","https://bugzilla.redhat.com/show_bug.cgi?id=2051395","https://github.com/ByteHackr/unzip_poc","https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html","https://security.gentoo.org/glsa/202310-17","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://www.debian.org/security/2022/dsa-5202"],"published_time":"2022-02-09T23:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-0261","summary":"Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00163,"ranking_epss":0.37145,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Oct/28","http://seclists.org/fulldisclosure/2022/Oct/41","http://seclists.org/fulldisclosure/2022/Oct/43","https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc","https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82","https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html","https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html","https://security.gentoo.org/glsa/202208-32","https://support.apple.com/kb/HT213444","https://support.apple.com/kb/HT213488","http://seclists.org/fulldisclosure/2022/Oct/28","http://seclists.org/fulldisclosure/2022/Oct/41","http://seclists.org/fulldisclosure/2022/Oct/43","https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc","https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82","https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html","https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html","https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html","https://security.gentoo.org/glsa/202208-32","https://support.apple.com/kb/HT213444","https://support.apple.com/kb/HT213488"],"published_time":"2022-01-18T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-0128","summary":"vim is vulnerable to Out-of-bounds Read","cvss":7.1,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00341,"ranking_epss":0.56848,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Jul/14","http://seclists.org/fulldisclosure/2022/Mar/29","http://seclists.org/fulldisclosure/2022/May/35","http://www.openwall.com/lists/oss-security/2022/01/15/1","https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a","https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba","https://security.gentoo.org/glsa/202208-32","https://support.apple.com/kb/HT213183","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213343","http://seclists.org/fulldisclosure/2022/Jul/14","http://seclists.org/fulldisclosure/2022/Mar/29","http://seclists.org/fulldisclosure/2022/May/35","http://www.openwall.com/lists/oss-security/2022/01/15/1","https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a","https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba","https://security.gentoo.org/glsa/202208-32","https://support.apple.com/kb/HT213183","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213343"],"published_time":"2022-01-06T17:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-22045","summary":"VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.8,"cvss_v4":null,"epss":0.02138,"ranking_epss":0.84224,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/165440/VMware-Security-Advisory-2022-0001.html","https://www.vmware.com/security/advisories/VMSA-2022-0001.html","https://www.zerodayinitiative.com/advisories/ZDI-22-003/","http://packetstormsecurity.com/files/165440/VMware-Security-Advisory-2022-0001.html","https://www.vmware.com/security/advisories/VMSA-2022-0001.html","https://www.zerodayinitiative.com/advisories/ZDI-22-003/"],"published_time":"2022-01-04T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4193","summary":"vim is vulnerable to Out-of-bounds Read","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00562,"ranking_epss":0.68368,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Jul/14","http://seclists.org/fulldisclosure/2022/Mar/29","http://seclists.org/fulldisclosure/2022/May/35","http://www.openwall.com/lists/oss-security/2022/01/15/1","https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b","https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0","https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html","https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/","https://security.gentoo.org/glsa/202208-32","https://support.apple.com/kb/HT213183","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213343","http://seclists.org/fulldisclosure/2022/Jul/14","http://seclists.org/fulldisclosure/2022/Mar/29","http://seclists.org/fulldisclosure/2022/May/35","http://www.openwall.com/lists/oss-security/2022/01/15/1","https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b","https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0","https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html","https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/","https://security.gentoo.org/glsa/202208-32","https://support.apple.com/kb/HT213183","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213343"],"published_time":"2021-12-31T16:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4192","summary":"vim is vulnerable to Use After Free","cvss":5.5,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00554,"ranking_epss":0.68098,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Jul/14","http://seclists.org/fulldisclosure/2022/Mar/29","http://seclists.org/fulldisclosure/2022/May/35","http://www.openwall.com/lists/oss-security/2022/01/15/1","https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952","https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22","https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html","https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/","https://security.gentoo.org/glsa/202208-32","https://support.apple.com/kb/HT213183","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213343","http://seclists.org/fulldisclosure/2022/Jul/14","http://seclists.org/fulldisclosure/2022/Mar/29","http://seclists.org/fulldisclosure/2022/May/35","http://www.openwall.com/lists/oss-security/2022/01/15/1","https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952","https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22","https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html","https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/","https://security.gentoo.org/glsa/202208-32","https://support.apple.com/kb/HT213183","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213343"],"published_time":"2021-12-31T15:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4187","summary":"vim is vulnerable to Use After Free","cvss":6.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00337,"ranking_epss":0.56551,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Jul/14","http://seclists.org/fulldisclosure/2022/Mar/29","http://seclists.org/fulldisclosure/2022/May/35","http://www.openwall.com/lists/oss-security/2022/01/15/1","https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441","https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/","https://security.gentoo.org/glsa/202208-32","https://support.apple.com/kb/HT213183","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213343","http://seclists.org/fulldisclosure/2022/Jul/14","http://seclists.org/fulldisclosure/2022/Mar/29","http://seclists.org/fulldisclosure/2022/May/35","http://www.openwall.com/lists/oss-security/2022/01/15/1","https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441","https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e","https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/","https://security.gentoo.org/glsa/202208-32","https://support.apple.com/kb/HT213183","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213343"],"published_time":"2021-12-29T17:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4173","summary":"vim is vulnerable to Use After Free","cvss":6.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00337,"ranking_epss":0.56551,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Jul/14","http://seclists.org/fulldisclosure/2022/Mar/29","http://seclists.org/fulldisclosure/2022/May/35","http://www.openwall.com/lists/oss-security/2022/01/15/1","https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04","https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/","https://security.gentoo.org/glsa/202208-32","https://support.apple.com/kb/HT213183","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213343","http://seclists.org/fulldisclosure/2022/Jul/14","http://seclists.org/fulldisclosure/2022/Mar/29","http://seclists.org/fulldisclosure/2022/May/35","http://www.openwall.com/lists/oss-security/2022/01/15/1","https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04","https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766","https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/","https://security.gentoo.org/glsa/202208-32","https://support.apple.com/kb/HT213183","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213343"],"published_time":"2021-12-27T13:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4166","summary":"vim is vulnerable to Out-of-bounds Read","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.0035,"ranking_epss":0.57521,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Jul/14","http://seclists.org/fulldisclosure/2022/Mar/29","http://seclists.org/fulldisclosure/2022/May/35","http://www.openwall.com/lists/oss-security/2022/01/15/1","https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682","https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/","https://security.gentoo.org/glsa/202208-32","https://support.apple.com/kb/HT213183","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213343","http://seclists.org/fulldisclosure/2022/Jul/14","http://seclists.org/fulldisclosure/2022/Mar/29","http://seclists.org/fulldisclosure/2022/May/35","http://www.openwall.com/lists/oss-security/2022/01/15/1","https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682","https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/","https://security.gentoo.org/glsa/202208-32","https://support.apple.com/kb/HT213183","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213343"],"published_time":"2021-12-25T19:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30767","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local user may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18502,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981"],"published_time":"2021-12-23T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13835","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00367,"ranking_epss":0.58719,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT208144","https://support.apple.com/en-us/HT208144"],"published_time":"2021-12-23T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13892","summary":"An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan. Sharing contact information may lead to unexpected data sharing.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00322,"ranking_epss":0.55345,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT208331","https://support.apple.com/en-us/HT208331"],"published_time":"2021-12-23T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13905","summary":"A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges.","cvss":8.1,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00607,"ranking_epss":0.69701,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT208325","https://support.apple.com/en-us/HT208327","https://support.apple.com/en-us/HT208331","https://support.apple.com/en-us/HT208334","https://support.apple.com/en-us/HT208325","https://support.apple.com/en-us/HT208327","https://support.apple.com/en-us/HT208331","https://support.apple.com/en-us/HT208334"],"published_time":"2021-12-23T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13906","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A malicious application may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00222,"ranking_epss":0.44856,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT208144","https://support.apple.com/en-us/HT208221","https://support.apple.com/en-us/HT208144","https://support.apple.com/en-us/HT208221"],"published_time":"2021-12-23T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13907","summary":"A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked.","cvss":6.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18835,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT208221","https://support.apple.com/en-us/HT208221"],"published_time":"2021-12-23T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13908","summary":"An issue in handling file permissions was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A local attacker may be able to execute non-executable text files via an SMB share.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09648,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT208144","https://support.apple.com/en-us/HT208221","https://support.apple.com/en-us/HT208144","https://support.apple.com/en-us/HT208221"],"published_time":"2021-12-23T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13909","summary":"An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15169,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT208144","https://support.apple.com/en-us/HT208144"],"published_time":"2021-12-23T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-13910","summary":"An access issue was addressed with additional sandbox restrictions on applications. This issue is fixed in macOS High Sierra 10.13. An application may be able to access restricted files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT208144","https://support.apple.com/en-us/HT208144"],"published_time":"2021-12-23T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4302","summary":"A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00424,"ranking_epss":0.62218,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT208112","https://support.apple.com/en-us/HT208115","https://support.apple.com/en-us/HT208141","https://support.apple.com/en-us/HT208142","https://support.apple.com/en-us/HT208144","https://support.apple.com/en-us/HT208112","https://support.apple.com/en-us/HT208115","https://support.apple.com/en-us/HT208141","https://support.apple.com/en-us/HT208142","https://support.apple.com/en-us/HT208144"],"published_time":"2021-12-23T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4478","summary":"A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges.","cvss":6.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12535,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT208849","https://support.apple.com/en-us/HT208849"],"published_time":"2021-12-23T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8643","summary":"CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management..","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00504,"ranking_epss":0.6617,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209139","https://support.apple.com/en-us/HT209139"],"published_time":"2021-12-23T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8702","summary":"This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18905,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210346","https://support.apple.com/en-us/HT210348","https://support.apple.com/en-us/HT210351","https://support.apple.com/en-us/HT210346","https://support.apple.com/en-us/HT210348","https://support.apple.com/en-us/HT210351"],"published_time":"2021-12-23T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8703","summary":"This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00868,"ranking_epss":0.75199,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634"],"published_time":"2021-12-23T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3886","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00352,"ranking_epss":0.57644,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211100","https://support.apple.com/en-us/HT211100"],"published_time":"2021-12-23T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3896","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to overwrite arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00244,"ranking_epss":0.47736,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211100","https://support.apple.com/en-us/HT211100"],"published_time":"2021-12-23T20:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-44224","summary":"A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).","cvss":8.2,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":8.2,"cvss_v4":null,"epss":0.1096,"ranking_epss":0.93441,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://httpd.apache.org/security/vulnerabilities_24.html","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","http://www.openwall.com/lists/oss-security/2021/12/20/3","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/","https://security.gentoo.org/glsa/202208-20","https://security.netapp.com/advisory/ntap-20211224-0001/","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://www.debian.org/security/2022/dsa-5035","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.tenable.com/security/tns-2022-01","https://www.tenable.com/security/tns-2022-03","http://httpd.apache.org/security/vulnerabilities_24.html","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","http://www.openwall.com/lists/oss-security/2021/12/20/3","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/","https://security.gentoo.org/glsa/202208-20","https://security.netapp.com/advisory/ntap-20211224-0001/","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://www.debian.org/security/2022/dsa-5035","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.tenable.com/security/tns-2022-01","https://www.tenable.com/security/tns-2022-03"],"published_time":"2021-12-20T12:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-44790","summary":"A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.86011,"ranking_epss":0.99394,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://httpd.apache.org/security/vulnerabilities_24.html","http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","http://www.openwall.com/lists/oss-security/2021/12/20/4","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/","https://security.gentoo.org/glsa/202208-20","https://security.netapp.com/advisory/ntap-20211224-0001/","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://www.debian.org/security/2022/dsa-5035","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.tenable.com/security/tns-2022-01","https://www.tenable.com/security/tns-2022-03","http://httpd.apache.org/security/vulnerabilities_24.html","http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html","http://seclists.org/fulldisclosure/2022/May/33","http://seclists.org/fulldisclosure/2022/May/35","http://seclists.org/fulldisclosure/2022/May/38","http://www.openwall.com/lists/oss-security/2021/12/20/4","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/","https://security.gentoo.org/glsa/202208-20","https://security.netapp.com/advisory/ntap-20211224-0001/","https://support.apple.com/kb/HT213255","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213257","https://www.debian.org/security/2022/dsa-5035","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.tenable.com/security/tns-2022-01","https://www.tenable.com/security/tns-2022-03"],"published_time":"2021-12-20T12:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4136","summary":"vim is vulnerable to Heap-based Buffer Overflow","cvss":7.3,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00301,"ranking_epss":0.53431,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2022/Jul/14","http://seclists.org/fulldisclosure/2022/Mar/29","http://seclists.org/fulldisclosure/2022/May/35","http://www.openwall.com/lists/oss-security/2022/01/15/1","https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264","https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/","https://security.gentoo.org/glsa/202208-32","https://support.apple.com/kb/HT213183","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213343","http://seclists.org/fulldisclosure/2022/Jul/14","http://seclists.org/fulldisclosure/2022/Mar/29","http://seclists.org/fulldisclosure/2022/May/35","http://www.openwall.com/lists/oss-security/2022/01/15/1","https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264","https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/","https://security.gentoo.org/glsa/202208-32","https://support.apple.com/kb/HT213183","https://support.apple.com/kb/HT213256","https://support.apple.com/kb/HT213343"],"published_time":"2021-12-19T17:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30821","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00292,"ranking_epss":0.52629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872"],"published_time":"2021-10-28T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30824","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00292,"ranking_epss":0.52629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872"],"published_time":"2021-10-28T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30833","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0305,"ranking_epss":0.86713,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212869","https://support.apple.com/kb/HT212871","https://support.apple.com/kb/HT212872","https://support.apple.com/en-us/HT212869","https://support.apple.com/kb/HT212871","https://support.apple.com/kb/HT212872"],"published_time":"2021-10-28T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30834","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00344,"ranking_epss":0.57017,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/en-us/HT212871","https://support.apple.com/kb/HT212804","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/en-us/HT212871","https://support.apple.com/kb/HT212804"],"published_time":"2021-10-28T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30832","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20484,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://www.zerodayinitiative.com/advisories/ZDI-22-355/","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://www.zerodayinitiative.com/advisories/ZDI-22-355/"],"published_time":"2021-10-19T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30835","summary":"This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00402,"ranking_epss":0.60841,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212817","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212804","https://support.apple.com/kb/HT212953","http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212817","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212804","https://support.apple.com/kb/HT212953"],"published_time":"2021-10-19T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30841","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0027,"ranking_epss":0.50524,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819"],"published_time":"2021-10-19T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30842","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0027,"ranking_epss":0.50524,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819"],"published_time":"2021-10-19T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30843","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0027,"ranking_epss":0.50524,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819"],"published_time":"2021-10-19T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30844","summary":"A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00571,"ranking_epss":0.68649,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/kb/HT212871","https://support.apple.com/kb/HT212872","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/kb/HT212871","https://support.apple.com/kb/HT212872"],"published_time":"2021-10-19T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30847","summary":"This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00402,"ranking_epss":0.60841,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212817","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212807","https://support.apple.com/kb/HT212953","http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212817","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212807","https://support.apple.com/kb/HT212953"],"published_time":"2021-10-19T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30850","summary":"An access issue was addressed with improved access restrictions. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6, tvOS 15. A user may gain access to protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00222,"ranking_epss":0.44869,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212815","http://seclists.org/fulldisclosure/2021/Oct/63","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212815"],"published_time":"2021-10-19T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29622","summary":"A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-005 Catalina. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.6,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00366,"ranking_epss":0.58616,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212805"],"published_time":"2021-10-19T14:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30811","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8. A local attacker may be able to read sensitive information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26488,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212600","https://support.apple.com/kb/HT212603","https://support.apple.com/kb/HT212804","http://seclists.org/fulldisclosure/2021/Oct/61","http://seclists.org/fulldisclosure/2021/Oct/62","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212600","https://support.apple.com/kb/HT212603","https://support.apple.com/kb/HT212804"],"published_time":"2021-10-19T14:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30827","summary":"A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06833,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805"],"published_time":"2021-10-19T14:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30828","summary":"This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to read arbitrary files as root.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12621,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805"],"published_time":"2021-10-19T14:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30829","summary":"A URI parsing issue was addressed with improved parsing. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to execute arbitrary files.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11431,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805"],"published_time":"2021-10-19T14:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30830","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00195,"ranking_epss":0.41411,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805"],"published_time":"2021-10-19T14:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-39537","summary":"An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00365,"ranking_epss":0.58549,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup","http://seclists.org/fulldisclosure/2022/Oct/28","http://seclists.org/fulldisclosure/2022/Oct/41","http://seclists.org/fulldisclosure/2022/Oct/43","http://seclists.org/fulldisclosure/2022/Oct/45","https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html","https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html","https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html","https://security.netapp.com/advisory/ntap-20230427-0012/","https://support.apple.com/kb/HT213443","https://support.apple.com/kb/HT213444","https://support.apple.com/kb/HT213488","http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup","http://seclists.org/fulldisclosure/2022/Oct/28","http://seclists.org/fulldisclosure/2022/Oct/41","http://seclists.org/fulldisclosure/2022/Oct/43","http://seclists.org/fulldisclosure/2022/Oct/45","https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html","https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html","https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html","https://security.netapp.com/advisory/ntap-20230427-0012/","https://support.apple.com/kb/HT213443","https://support.apple.com/kb/HT213444","https://support.apple.com/kb/HT213488"],"published_time":"2021-09-20T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30716","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to perform denial of service.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00645,"ranking_epss":0.70724,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30717","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to execute arbitrary code.","cvss":8.1,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00885,"ranking_epss":0.7547,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30719","summary":"A local user may be able to cause unexpected system termination or read kernel memory. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. An out-of-bounds read issue was addressed by removing the vulnerable code.","cvss":7.1,"cvss_version":3.0,"cvss_v2":6.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.0875,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530"],"published_time":"2021-09-08T15:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30694","summary":"An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00269,"ranking_epss":0.50438,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30695","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00269,"ranking_epss":0.50438,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30696","summary":"An attacker in a privileged network position may be able to misrepresent application state. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A logic issue was addressed with improved state management.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00289,"ranking_epss":0.52373,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30697","summary":"A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local user may be able to leak sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.1888,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30701","summary":"This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00727,"ranking_epss":0.72644,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30702","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A person with physical access to a Mac may be able to bypass Login Window.","cvss":4.6,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30703","summary":"A double free issue was addressed with improved memory management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0032,"ranking_epss":0.55128,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212603"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30704","summary":"A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00361,"ranking_epss":0.58233,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30705","summary":"This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted ASTC file may disclose memory contents.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00259,"ranking_epss":0.4929,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30708","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00376,"ranking_epss":0.59203,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30709","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00244,"ranking_epss":0.47671,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30710","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of service or potentially disclose memory contents.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00238,"ranking_epss":0.4688,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30712","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01108,"ranking_epss":0.78141,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30713","summary":"A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0016,"ranking_epss":0.36803,"kev":true,"propose_action":"Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.","ransomware_campaign":"Unknown","references":["http://seclists.org/fulldisclosure/2021/Sep/40","https://support.apple.com/en-us/HT212529","https://support.apple.com/kb/HT212805","http://seclists.org/fulldisclosure/2021/Sep/40","https://support.apple.com/en-us/HT212529","https://support.apple.com/kb/HT212805","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30713"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30715","summary":"A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00653,"ranking_epss":0.70926,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30676","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A local user may be able to cause unexpected system termination or read kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":6.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12245,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30677","summary":"This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to break out of its sandbox.","cvss":8.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29314,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212603","https://support.apple.com/kb/HT212602","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212603","https://support.apple.com/kb/HT212602"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30678","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02479,"ranking_epss":0.85306,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30679","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An application may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00225,"ranking_epss":0.45247,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30681","summary":"A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00157,"ranking_epss":0.36445,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30683","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application could execute arbitrary code leading to compromise of user information.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00528,"ranking_epss":0.67182,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30684","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A remote attacker may cause an unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00429,"ranking_epss":0.6255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30685","summary":"This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Parsing a maliciously crafted audio file may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00296,"ranking_epss":0.52937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30686","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted audio file may disclose restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00296,"ranking_epss":0.52937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30687","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00394,"ranking_epss":0.60351,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30688","summary":"A malicious application may be able to break out of its sandbox. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A path handling issue was addressed with improved validation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13119,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30690","summary":"Multiple issues in apache were addressed by updating apache to version 2.4.46. This issue is fixed in Security Update 2021-004 Mojave. Multiple issues in apache.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00504,"ranking_epss":0.6617,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30691","summary":"An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00269,"ranking_epss":0.50438,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30692","summary":"An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00269,"ranking_epss":0.50438,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30693","summary":"A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00402,"ranking_epss":0.60828,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30655","summary":"An application may be able to execute arbitrary code with system privileges. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. The issue was addressed with improved permissions logic.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00838,"ranking_epss":0.74696,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326"],"published_time":"2021-09-08T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30657","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited..","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.83081,"ranking_epss":0.99261,"kev":true,"propose_action":"Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30657"],"published_time":"2021-09-08T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30669","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may bypass Gatekeeper checks.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00098,"ranking_epss":0.26958,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30671","summary":"A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to send unauthorized Apple events to Finder.","cvss":3.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33542,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530"],"published_time":"2021-09-08T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30672","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00352,"ranking_epss":0.57621,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212603"],"published_time":"2021-09-08T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30673","summary":"An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to access a user's call history.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00178,"ranking_epss":0.39358,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530"],"published_time":"2021-09-08T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1873","summary":"An API issue in Accessibility TCC permissions was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to unexpectedly leak a user's credentials from secure text fields.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00308,"ranking_epss":0.54041,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1875","summary":"A double free issue was addressed with improved memory management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted file may lead to heap corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00249,"ranking_epss":0.4821,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1876","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00813,"ranking_epss":0.74294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1878","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. An attacker in a privileged network position may be able to leak sensitive user information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00501,"ranking_epss":0.66039,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1881","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00502,"ranking_epss":0.66084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1882","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to gain elevated privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00871,"ranking_epss":0.75232,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326"],"published_time":"2021-09-08T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1883","summary":"This issue was addressed with improved checks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted server messages may lead to heap corruption.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00994,"ranking_epss":0.76961,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1884","summary":"A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. A remote attacker may be able to cause a denial of service.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.01006,"ranking_epss":0.77078,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30652","summary":"A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":7.6,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00225,"ranking_epss":0.45249,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1846","summary":"Processing a maliciously crafted audio file may disclose restricted memory. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds read was addressed with improved input validation.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00296,"ranking_epss":0.52937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326"],"published_time":"2021-09-08T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1847","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00407,"ranking_epss":0.61146,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1851","summary":"A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00913,"ranking_epss":0.75897,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1857","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may disclose sensitive user information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00605,"ranking_epss":0.69643,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212319","https://support.apple.com/en-us/HT212321","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212319","https://support.apple.com/en-us/HT212321","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1858","summary":"Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds write issue was addressed with improved bounds checking.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00483,"ranking_epss":0.65203,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326"],"published_time":"2021-09-08T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1860","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to disclose kernel memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00522,"ranking_epss":0.66921,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1868","summary":"A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17422,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1824","summary":"This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application with root privileges may be able to access private information.","cvss":4.4,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.4,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15414,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326"],"published_time":"2021-09-08T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1828","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. An application may be able to cause unexpected system termination or write kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":8.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00181,"ranking_epss":0.39701,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1832","summary":"Copied files may not have the expected file permissions. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. The issue was addressed with improved permissions logic.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00166,"ranking_epss":0.37619,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326"],"published_time":"2021-09-08T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1834","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01437,"ranking_epss":0.80733,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1839","summary":"The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11216,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1840","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21097,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1841","summary":"A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. An out-of-bounds write issue was addressed with improved bounds checking.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42252,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326"],"published_time":"2021-09-08T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1843","summary":"This issue was addressed with improved checks. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00344,"ranking_epss":0.57017,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27942","summary":"A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00348,"ranking_epss":0.57388,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1739","summary":"A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20359,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1740","summary":"A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21193,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1762","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00275,"ranking_epss":0.51018,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1784","summary":"A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to modify protected parts of the file system.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00361,"ranking_epss":0.58279,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1808","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00542,"ranking_epss":0.67716,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1809","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to read restricted memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00542,"ranking_epss":0.67716,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1810","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.5118,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/164375/Gatekeeper-Bypass-Proof-Of-Concept.html","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","http://packetstormsecurity.com/files/164375/Gatekeeper-Bypass-Proof-Of-Concept.html","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1811","summary":"A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00605,"ranking_epss":0.69643,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212319","https://support.apple.com/en-us/HT212321","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212319","https://support.apple.com/en-us/HT212321","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1813","summary":"A validation issue was addressed with improved logic. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00235,"ranking_epss":0.46507,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212326","https://support.apple.com/en-us/HT212327"],"published_time":"2021-09-08T15:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30780","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A malicious application may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00393,"ranking_epss":0.60275,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30781","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A local attacker may be able to cause unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00248,"ranking_epss":0.48107,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30782","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to access restricted files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00552,"ranking_epss":0.68055,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30783","summary":"An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A sandboxed process may be able to circumvent sandbox restrictions.","cvss":6.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00141,"ranking_epss":0.34308,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Sep/40","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/kb/HT212805","http://seclists.org/fulldisclosure/2021/Sep/40","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/kb/HT212805"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30784","summary":"Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.5. A local attacker may be able to execute code on the Apple T2 Security Chip.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00372,"ranking_epss":0.59,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212602","https://support.apple.com/kb/HT212600","https://support.apple.com/kb/HT212603","https://support.apple.com/en-us/HT212602","https://support.apple.com/kb/HT212600","https://support.apple.com/kb/HT212603"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30785","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00799,"ranking_epss":0.7406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://www.zerodayinitiative.com/advisories/ZDI-22-353/","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://www.zerodayinitiative.com/advisories/ZDI-22-353/"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30787","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to cause unexpected system termination or write kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00334,"ranking_epss":0.5621,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30788","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00337,"ranking_epss":0.56547,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30789","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00623,"ranking_epss":0.70174,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30790","summary":"An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0097,"ranking_epss":0.76653,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30791","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Processing a maliciously crafted file may disclose user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0034,"ranking_epss":0.56748,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/kb/HT212600","https://support.apple.com/kb/HT212603","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/kb/HT212600","https://support.apple.com/kb/HT212603"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30792","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00497,"ranking_epss":0.65872,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/kb/HT212600","https://support.apple.com/kb/HT212603","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/kb/HT212600","https://support.apple.com/kb/HT212603"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30793","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01622,"ranking_epss":0.81873,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30796","summary":"A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing a maliciously crafted image may lead to a denial of service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00555,"ranking_epss":0.68133,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30799","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01008,"ranking_epss":0.77099,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30805","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01622,"ranking_epss":0.81873,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603"],"published_time":"2021-09-08T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30759","summary":"A stack overflow was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01048,"ranking_epss":0.77546,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30760","summary":"An integer overflow was addressed through improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00447,"ranking_epss":0.6353,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30765","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00546,"ranking_epss":0.67857,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30766","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00546,"ranking_epss":0.67857,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30768","summary":"A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. A sandboxed process may be able to circumvent sandbox restrictions.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00504,"ranking_epss":0.66147,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30772","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.57091,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212602","https://support.apple.com/kb/HT212600","https://support.apple.com/kb/HT212603","https://support.apple.com/en-us/HT212602","https://support.apple.com/kb/HT212600","https://support.apple.com/kb/HT212603"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30774","summary":"A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. A malicious application may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00299,"ranking_epss":0.53303,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/kb/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/kb/HT212600"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30775","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00798,"ranking_epss":0.74045,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30776","summary":"A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Playing a malicious audio file may lead to an unexpected application termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00314,"ranking_epss":0.54569,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212601","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212604","https://support.apple.com/en-us/HT212605"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30777","summary":"An injection issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00435,"ranking_epss":0.62947,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212602","https://support.apple.com/en-us/HT212603"],"published_time":"2021-09-08T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30731","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina. An unprivileged application may be able to capture USB devices.","cvss":5.5,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00259,"ranking_epss":0.4927,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212600"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30733","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00334,"ranking_epss":0.56224,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212603","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212600","https://support.apple.com/en-us/HT212603"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30735","summary":"A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00271,"ranking_epss":0.5061,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30737","summary":"A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted certificate may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.004,"ranking_epss":0.6072,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212548","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212548"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30738","summary":"A malicious application may be able to overwrite arbitrary files. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Mojave. An issue with path validation logic for hardlinks was addressed with improved path sanitization.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18775,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30739","summary":"A local attacker may be able to elevate their privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A memory corruption issue was addressed with improved validation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21097,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30743","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00424,"ranking_epss":0.62218,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212317","https://support.apple.com/en-us/HT212323","https://support.apple.com/en-us/HT212324","https://support.apple.com/en-us/HT212325","https://support.apple.com/en-us/HT212530"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30746","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00269,"ranking_epss":0.50438,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T14:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30721","summary":"A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00501,"ranking_epss":0.66039,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T14:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30722","summary":"An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00481,"ranking_epss":0.6513,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T14:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30723","summary":"An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00269,"ranking_epss":0.50438,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T14:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30724","summary":"This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0025,"ranking_epss":0.48306,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212532","https://support.apple.com/en-us/HT212533"],"published_time":"2021-09-08T14:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30725","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00406,"ranking_epss":0.61092,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212528","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T14:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30726","summary":"A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00292,"ranking_epss":0.52629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T14:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30728","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00292,"ranking_epss":0.52629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531","https://support.apple.com/en-us/HT212529","https://support.apple.com/en-us/HT212530","https://support.apple.com/en-us/HT212531"],"published_time":"2021-09-08T14:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30995","summary":"A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to elevate privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00179,"ranking_epss":0.39459,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","https://www.zerodayinitiative.com/advisories/ZDI-22-360/","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","https://www.zerodayinitiative.com/advisories/ZDI-22-360/"],"published_time":"2021-08-24T19:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-31010","summary":"A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release..","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00722,"ranking_epss":0.72543,"kev":true,"propose_action":"In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212806","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212824","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212806","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212824","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31010"],"published_time":"2021-08-24T19:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30973","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted file may disclose user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00264,"ranking_epss":0.49772,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30975","summary":"This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions.","cvss":8.6,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00447,"ranking_epss":0.63548,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30976","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00227,"ranking_epss":0.45519,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30977","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00398,"ranking_epss":0.60637,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/kb/HT213183","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/kb/HT213183"],"published_time":"2021-08-24T19:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30979","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00607,"ranking_epss":0.69709,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://www.zerodayinitiative.com/advisories/ZDI-22-358/","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://www.zerodayinitiative.com/advisories/ZDI-22-358/"],"published_time":"2021-08-24T19:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30980","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00591,"ranking_epss":0.69243,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30981","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00747,"ranking_epss":0.73111,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30982","summary":"A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A remote attacker may be able to cause unexpected application termination or heap corruption.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00312,"ranking_epss":0.54414,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30990","summary":"A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00227,"ranking_epss":0.45519,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30958","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Playing a malicious audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0034,"ranking_epss":0.56745,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30959","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00235,"ranking_epss":0.464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30961","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00235,"ranking_epss":0.464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30963","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00235,"ranking_epss":0.464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30965","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to cause a denial of service to Endpoint Security clients.","cvss":6.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0035,"ranking_epss":0.57524,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30968","summary":"A validation issue related to hard link behavior was addressed with improved sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to bypass certain Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0023,"ranking_epss":0.45851,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30969","summary":"A path handling issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00233,"ranking_epss":0.46208,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30971","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00244,"ranking_epss":0.47747,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30972","summary":"This issue was addressed with improved checks. This issue is fixed in Security Update 2022-001 Catalina, macOS Big Sur 11.6.3. A malicious application may be able to bypass certain Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17101,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT213055","https://support.apple.com/en-us/HT213056","https://support.apple.com/kb/HT212978","https://support.apple.com/en-us/HT213055","https://support.apple.com/en-us/HT213056","https://support.apple.com/kb/HT212978"],"published_time":"2021-08-24T19:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30939","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00411,"ranking_epss":0.61408,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1414","https://www.zerodayinitiative.com/advisories/ZDI-22-359/","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1414","https://www.zerodayinitiative.com/advisories/ZDI-22-359/"],"published_time":"2021-08-24T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30940","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may disclose memory contents.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00305,"ranking_epss":0.53772,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30941","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may disclose memory contents.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00305,"ranking_epss":0.53772,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30942","summary":"Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00325,"ranking_epss":0.55546,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/165559/Apple-ColorSync-Out-Of-Bounds-Read.html","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","http://packetstormsecurity.com/files/165559/Apple-ColorSync-Out-Of-Bounds-Read.html","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30945","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19907,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30949","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00415,"ranking_epss":0.61686,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/165670/XNU-Kernel-mach_msg-Use-After-Free.html","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","http://packetstormsecurity.com/files/165670/XNU-Kernel-mach_msg-Use-After-Free.html","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30950","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00282,"ranking_epss":0.51649,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30926","summary":"Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00339,"ranking_epss":0.56695,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/kb/HT212868","https://support.apple.com/kb/HT212871","https://support.apple.com/kb/HT212872","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212980","https://support.apple.com/kb/HT212868","https://support.apple.com/kb/HT212871","https://support.apple.com/kb/HT212872"],"published_time":"2021-08-24T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30927","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00098,"ranking_epss":0.2687,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30929","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may disclose memory contents.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00077,"ranking_epss":0.22878,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30931","summary":"A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. A malicious application may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00242,"ranking_epss":0.4751,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30935","summary":"A logic issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges.","cvss":8.8,"cvss_version":3.0,"cvss_v2":8.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00124,"ranking_epss":0.31596,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/kb/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/kb/HT212978"],"published_time":"2021-08-24T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30937","summary":"A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.24484,"ranking_epss":0.96131,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/165475/XNU-inm_merge-Heap-Use-After-Free.html","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981","http://packetstormsecurity.com/files/165475/XNU-inm_merge-Heap-Use-After-Free.html","https://support.apple.com/en-us/HT212975","https://support.apple.com/en-us/HT212976","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212980","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30938","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A local user may be able to cause unexpected system termination or read kernel memory.","cvss":7.7,"cvss_version":3.0,"cvss_v2":6.6,"cvss_v3":7.7,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.1515,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981","https://support.apple.com/en-us/HT212978","https://support.apple.com/en-us/HT212979","https://support.apple.com/en-us/HT212981"],"published_time":"2021-08-24T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30911","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, iOS 15.1 and iPadOS 15.1, macOS Big Sur 11.6.1. Processing a maliciously crafted USD file may disclose memory contents.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00264,"ranking_epss":0.49772,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872"],"published_time":"2021-08-24T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30912","summary":"The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may gain access to a user's Keychain items.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00178,"ranking_epss":0.39285,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872"],"published_time":"2021-08-24T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30913","summary":"The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.1. An unprivileged application may be able to edit NVRAM variables.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00172,"ranking_epss":0.3841,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212872","https://support.apple.com/kb/HT212871","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212872","https://support.apple.com/kb/HT212871"],"published_time":"2021-08-24T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30915","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A person with physical access to an iOS device may be able to determine characteristics of a user's password in a secure text entry field.","cvss":2.4,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00112,"ranking_epss":0.29534,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876"],"published_time":"2021-08-24T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30916","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00387,"ranking_epss":0.59841,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Dec/43","http://seclists.org/fulldisclosure/2021/Dec/44","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/kb/HT212975","https://support.apple.com/kb/HT212980","http://seclists.org/fulldisclosure/2021/Dec/43","http://seclists.org/fulldisclosure/2021/Dec/44","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/kb/HT212975","https://support.apple.com/kb/HT212980"],"published_time":"2021-08-24T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30917","summary":"A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00493,"ranking_epss":0.65705,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/165075/Apple-ColorSync-CMMNDimLinear-Interpolate-Uninitialized-Memory.html","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","http://packetstormsecurity.com/files/165075/Apple-ColorSync-CMMNDimLinear-Interpolate-Uninitialized-Memory.html","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876"],"published_time":"2021-08-24T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30919","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted PDF may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00601,"ranking_epss":0.695,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://www.zerodayinitiative.com/advisories/ZDI-22-357/","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://www.zerodayinitiative.com/advisories/ZDI-22-357/"],"published_time":"2021-08-24T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30922","summary":"Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18223,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212872","https://support.apple.com/kb/HT212869","https://support.apple.com/kb/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/kb/HT212869","https://support.apple.com/kb/HT212871"],"published_time":"2021-08-24T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30901","summary":"Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00258,"ranking_epss":0.49237,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872"],"published_time":"2021-08-24T19:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30903","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1. A local attacker may be able to cause unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00189,"ranking_epss":0.40714,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/kb/HT212871","https://support.apple.com/kb/HT212872","https://support.apple.com/kb/HT212874","https://support.apple.com/kb/HT212876","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/kb/HT212871","https://support.apple.com/kb/HT212872","https://support.apple.com/kb/HT212874","https://support.apple.com/kb/HT212876"],"published_time":"2021-08-24T19:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30905","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina. Processing a maliciously crafted file may disclose user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00321,"ranking_epss":0.55222,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/kb/HT212807","https://support.apple.com/kb/HT212872","https://www.zerodayinitiative.com/advisories/ZDI-21-1368/","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/kb/HT212807","https://support.apple.com/kb/HT212872","https://www.zerodayinitiative.com/advisories/ZDI-21-1368/"],"published_time":"2021-08-24T19:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30906","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00112,"ranking_epss":0.29538,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/kb/HT212871","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/kb/HT212871"],"published_time":"2021-08-24T19:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30907","summary":"An integer overflow was addressed through improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00491,"ranking_epss":0.6562,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876"],"published_time":"2021-08-24T19:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30909","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00576,"ranking_epss":0.68804,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212868","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876"],"published_time":"2021-08-24T19:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30910","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted file may disclose user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00327,"ranking_epss":0.55687,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212876","https://www.zerodayinitiative.com/advisories/ZDI-21-1369/","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212876","https://www.zerodayinitiative.com/advisories/ZDI-21-1369/"],"published_time":"2021-08-24T19:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30892","summary":"An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01938,"ranking_epss":0.8345,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872"],"published_time":"2021-08-24T19:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30899","summary":"A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":7.6,"cvss_v3":7.0,"cvss_v4":null,"epss":0.002,"ranking_epss":0.42059,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872"],"published_time":"2021-08-24T19:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30879","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00364,"ranking_epss":0.58502,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872"],"published_time":"2021-08-24T19:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30880","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00241,"ranking_epss":0.47396,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872"],"published_time":"2021-08-24T19:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30881","summary":"An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Unpacking a maliciously crafted archive may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00574,"ranking_epss":0.68751,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876","https://support.apple.com/en-us/HT212867","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212874","https://support.apple.com/en-us/HT212876"],"published_time":"2021-08-24T19:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30869","summary":"A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0172,"ranking_epss":0.82429,"kev":true,"propose_action":"Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212824","https://support.apple.com/en-us/HT212825","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212824","https://support.apple.com/en-us/HT212825","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30869"],"published_time":"2021-08-24T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30873","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00273,"ranking_epss":0.50783,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212869","https://support.apple.com/kb/HT212871","https://support.apple.com/en-us/HT212869","https://support.apple.com/kb/HT212871"],"published_time":"2021-08-24T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30876","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00364,"ranking_epss":0.58502,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872"],"published_time":"2021-08-24T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30877","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00241,"ranking_epss":0.47396,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872","https://support.apple.com/en-us/HT212869","https://support.apple.com/en-us/HT212871","https://support.apple.com/en-us/HT212872"],"published_time":"2021-08-24T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30855","summary":"A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. An application may be able to access restricted files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00214,"ranking_epss":0.43969,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212815","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212819","https://support.apple.com/kb/HT212815"],"published_time":"2021-08-24T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30857","summary":"A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":7.6,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00237,"ranking_epss":0.46871,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212814","https://support.apple.com/en-us/HT212815","https://support.apple.com/en-us/HT212819"],"published_time":"2021-08-24T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30859","summary":"A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00268,"ranking_epss":0.503,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212807"],"published_time":"2021-08-24T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30860","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.70642,"ranking_epss":0.98698,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY.","ransomware_campaign":"Unknown","references":["http://seclists.org/fulldisclosure/2021/Sep/25","http://seclists.org/fulldisclosure/2021/Sep/26","http://seclists.org/fulldisclosure/2021/Sep/27","http://seclists.org/fulldisclosure/2021/Sep/28","http://seclists.org/fulldisclosure/2021/Sep/38","http://seclists.org/fulldisclosure/2021/Sep/39","http://seclists.org/fulldisclosure/2021/Sep/40","http://seclists.org/fulldisclosure/2021/Sep/50","http://www.openwall.com/lists/oss-security/2022/09/02/11","https://security.gentoo.org/glsa/202209-21","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212806","https://support.apple.com/en-us/HT212807","https://support.apple.com/kb/HT212824","http://seclists.org/fulldisclosure/2021/Sep/25","http://seclists.org/fulldisclosure/2021/Sep/26","http://seclists.org/fulldisclosure/2021/Sep/27","http://seclists.org/fulldisclosure/2021/Sep/28","http://seclists.org/fulldisclosure/2021/Sep/38","http://seclists.org/fulldisclosure/2021/Sep/39","http://seclists.org/fulldisclosure/2021/Sep/40","http://seclists.org/fulldisclosure/2021/Sep/50","http://www.openwall.com/lists/oss-security/2022/09/02/11","https://security.gentoo.org/glsa/202209-21","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212806","https://support.apple.com/en-us/HT212807","https://support.apple.com/kb/HT212824","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30860"],"published_time":"2021-08-24T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30865","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6, Security Update 2021-005 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00233,"ranking_epss":0.46208,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805","https://support.apple.com/en-us/HT212804","https://support.apple.com/en-us/HT212805"],"published_time":"2021-08-24T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-22925","summary":"curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00424,"ranking_epss":0.62202,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Sep/39","http://seclists.org/fulldisclosure/2021/Sep/40","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf","https://hackerone.com/reports/1223882","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","https://security.gentoo.org/glsa/202212-01","https://security.netapp.com/advisory/ntap-20210902-0003/","https://support.apple.com/kb/HT212804","https://support.apple.com/kb/HT212805","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuoct2021.html","http://seclists.org/fulldisclosure/2021/Sep/39","http://seclists.org/fulldisclosure/2021/Sep/40","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf","https://hackerone.com/reports/1223882","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/","https://security.gentoo.org/glsa/202212-01","https://security.netapp.com/advisory/ntap-20210902-0003/","https://support.apple.com/kb/HT212804","https://support.apple.com/kb/HT212805","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpuoct2021.html"],"published_time":"2021-08-05T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-25709","summary":"A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.35675,"ranking_epss":0.97083,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Feb/14","https://bugzilla.redhat.com/show_bug.cgi?id=1899675","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/12/msg00008.html","https://security.netapp.com/advisory/ntap-20210716-0003/","https://support.apple.com/kb/HT212147","https://www.debian.org/security/2020/dsa-4792","http://seclists.org/fulldisclosure/2021/Feb/14","https://bugzilla.redhat.com/show_bug.cgi?id=1899675","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/12/msg00008.html","https://security.netapp.com/advisory/ntap-20210716-0003/","https://support.apple.com/kb/HT212147","https://www.debian.org/security/2020/dsa-4792"],"published_time":"2021-05-18T12:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-21204","summary":"Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01401,"ranking_epss":0.80449,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html","https://crbug.com/1189926","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/","https://security.gentoo.org/glsa/202104-08","https://www.debian.org/security/2021/dsa-4906","https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html","https://crbug.com/1189926","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/","https://security.gentoo.org/glsa/202104-08","https://www.debian.org/security/2021/dsa-4906"],"published_time":"2021-04-26T17:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1805","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00257,"ranking_epss":0.49079,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Apr/54","https://support.apple.com/en-us/HT212177","https://support.apple.com/kb/HT212327","http://seclists.org/fulldisclosure/2021/Apr/54","https://support.apple.com/en-us/HT212177","https://support.apple.com/kb/HT212327"],"published_time":"2021-04-02T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1806","summary":"A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":7.6,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00199,"ranking_epss":0.41933,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Apr/54","https://support.apple.com/en-us/HT212177","https://support.apple.com/kb/HT212327","http://seclists.org/fulldisclosure/2021/Apr/54","https://support.apple.com/en-us/HT212177","https://support.apple.com/kb/HT212327"],"published_time":"2021-04-02T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1818","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01746,"ranking_epss":0.82572,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1870","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01151,"ranking_epss":0.78508,"kev":true,"propose_action":"Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1870"],"published_time":"2021-04-02T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1871","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00938,"ranking_epss":0.7623,"kev":true,"propose_action":"Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.","ransomware_campaign":"Unknown","references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://www.debian.org/security/2021/dsa-4923","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://www.debian.org/security/2021/dsa-4923","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1871"],"published_time":"2021-04-02T19:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1793","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00548,"ranking_epss":0.67936,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1797","summary":"The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00104,"ranking_epss":0.28367,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Apr/51","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/kb/HT212326","https://support.apple.com/kb/HT212327","http://seclists.org/fulldisclosure/2021/Apr/51","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/kb/HT212326","https://support.apple.com/kb/HT212327"],"published_time":"2021-04-02T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1802","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13249,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T19:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1753","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00362,"ranking_epss":0.58298,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T19:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1761","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01093,"ranking_epss":0.77985,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T19:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1790","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00306,"ranking_epss":0.53844,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T19:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1777","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00402,"ranking_epss":0.60828,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1778","summary":"An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00309,"ranking_epss":0.54084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1779","summary":"A logic error in kext loading was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00302,"ranking_epss":0.53552,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1781","summary":"A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A malicious application may be able to leak sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00236,"ranking_epss":0.46608,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1782","summary":"A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited..","cvss":7.0,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.0,"cvss_v4":null,"epss":0.05879,"ranking_epss":0.9059,"kev":true,"propose_action":"Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.","ransomware_campaign":"Unknown","references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1782"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1783","summary":"An access issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00419,"ranking_epss":0.61923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1785","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00419,"ranking_epss":0.61923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1786","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to create or modify system files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00158,"ranking_epss":0.36593,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1787","summary":"Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00122,"ranking_epss":0.31293,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1788","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00408,"ranking_epss":0.61174,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212152","https://www.debian.org/security/2021/dsa-4923","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212152","https://www.debian.org/security/2021/dsa-4923"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1789","summary":"A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00243,"ranking_epss":0.47651,"kev":true,"propose_action":"A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.","ransomware_campaign":"Unknown","references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212152","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212152","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1789"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1791","summary":"An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to disclose kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00558,"ranking_epss":0.68213,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1792","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01041,"ranking_epss":0.77459,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1758","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01347,"ranking_epss":0.80107,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1759","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00637,"ranking_epss":0.7051,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1760","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application could execute arbitrary code leading to compromise of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00338,"ranking_epss":0.56592,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1763","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00404,"ranking_epss":0.60964,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1764","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01093,"ranking_epss":0.77985,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1765","summary":"This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00083,"ranking_epss":0.24111,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT212147","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1766","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00309,"ranking_epss":0.54084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1767","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to heap corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00227,"ranking_epss":0.45502,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1768","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00276,"ranking_epss":0.51117,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1769","summary":"A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16947,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1771","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A user that is removed from an iMessage group could rejoin the group.","cvss":3.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00238,"ranking_epss":0.46954,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1772","summary":"A stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted text file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00683,"ranking_epss":0.71663,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://www.zerodayinitiative.com/advisories/ZDI-21-758/","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://www.zerodayinitiative.com/advisories/ZDI-21-758/"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1773","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00309,"ranking_epss":0.54084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1774","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00419,"ranking_epss":0.61923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1775","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00377,"ranking_epss":0.59332,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1776","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00359,"ranking_epss":0.58083,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1737","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00266,"ranking_epss":0.5012,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212147","https://support.apple.com/kb/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/kb/HT212146"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1738","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00266,"ranking_epss":0.5012,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212147","https://support.apple.com/kb/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/kb/HT212146"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1741","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00395,"ranking_epss":0.60382,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1742","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00395,"ranking_epss":0.60382,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1743","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00568,"ranking_epss":0.68553,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1744","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00693,"ranking_epss":0.71888,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1745","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00338,"ranking_epss":0.5665,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1746","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00881,"ranking_epss":0.7541,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1747","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing maliciously crafted web content may lead to code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00785,"ranking_epss":0.73804,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1750","summary":"Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00553,"ranking_epss":0.68068,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1751","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00197,"ranking_epss":0.41645,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1754","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00772,"ranking_epss":0.73589,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1757","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00232,"ranking_epss":0.46065,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149","https://support.apple.com/en-us/HT212146","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212148","https://support.apple.com/en-us/HT212149"],"published_time":"2021-04-02T18:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29625","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00418,"ranking_epss":0.61862,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29633","summary":"An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An attacker in a privileged network position may be able to bypass authentication policy.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00635,"ranking_epss":0.70429,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9926","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00667,"ranking_epss":0.7128,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211288","https://support.apple.com/en-us/HT211289","https://support.apple.com/en-us/HT211290","https://support.apple.com/en-us/HT211291","https://support.apple.com/en-us/HT211295","https://support.apple.com/en-us/HT211288","https://support.apple.com/en-us/HT211289","https://support.apple.com/en-us/HT211290","https://support.apple.com/en-us/HT211291","https://support.apple.com/en-us/HT211295"],"published_time":"2021-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9930","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A local user may be able to cause unexpected system termination or read kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":6.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11762,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211289","https://support.apple.com/en-us/HT211289"],"published_time":"2021-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9956","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00395,"ranking_epss":0.60382,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9960","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00395,"ranking_epss":0.60382,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9962","summary":"A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00766,"ranking_epss":0.73487,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9967","summary":"Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01262,"ranking_epss":0.79453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/163501/XNU-Network-Stack-Kernel-Heap-Overflow.html","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","http://packetstormsecurity.com/files/163501/XNU-Network-Stack-Kernel-Heap-Overflow.html","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9975","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00522,"ranking_epss":0.66915,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9978","summary":"This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network position may be able to unexpectedly alter application state.","cvss":4.5,"cvss_version":3.0,"cvss_v2":2.7,"cvss_v3":4.5,"cvss_v4":null,"epss":0.00157,"ranking_epss":0.36491,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-1736","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00418,"ranking_epss":0.61862,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27952","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00491,"ranking_epss":0.65628,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29608","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, watchOS 7.2. A remote attacker may be able to leak memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00698,"ranking_epss":0.71984,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29610","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may disclose restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00359,"ranking_epss":0.58129,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29611","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00461,"ranking_epss":0.6419,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212145","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212145"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29612","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00264,"ranking_epss":0.49884,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29614","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted file may lead to heap corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00352,"ranking_epss":0.5766,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29615","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted image may lead to a denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00341,"ranking_epss":0.56821,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29616","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00418,"ranking_epss":0.61862,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29617","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00352,"ranking_epss":0.5766,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212145","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212145"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29618","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00849,"ranking_epss":0.7489,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212145","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212145"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29619","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00352,"ranking_epss":0.5766,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212145","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212145"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29620","summary":"This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00176,"ranking_epss":0.39021,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29621","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to bypass Privacy preferences.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15927,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29623","summary":"\"Clear History and Website Data\" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.","cvss":3.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09271,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212011","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/","https://security.gentoo.org/glsa/202104-03","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-29624","summary":"A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00395,"ranking_epss":0.60382,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27933","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, iCloud for Windows 7.20, watchOS 6.2.8, tvOS 13.4.8, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00483,"ranking_epss":0.65203,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211288","https://support.apple.com/en-us/HT211289","https://support.apple.com/en-us/HT211290","https://support.apple.com/en-us/HT211291","https://support.apple.com/en-us/HT211295","https://support.apple.com/en-us/HT211288","https://support.apple.com/en-us/HT211289","https://support.apple.com/en-us/HT211290","https://support.apple.com/en-us/HT211291","https://support.apple.com/en-us/HT211295"],"published_time":"2021-04-02T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27935","summary":"Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbox restrictions.","cvss":6.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.3,"cvss_v4":null,"epss":0.05665,"ranking_epss":0.90395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931"],"published_time":"2021-04-02T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27936","summary":"An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A local user may be able to cause unexpected system termination or read kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":6.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11762,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27937","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to access private information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00583,"ranking_epss":0.69018,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27938","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00153,"ranking_epss":0.35952,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27945","summary":"An integer overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00266,"ranking_epss":0.5012,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212147","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212147"],"published_time":"2021-04-02T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27946","summary":"An information disclosure issue was addressed with improved state management. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00324,"ranking_epss":0.55458,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27947","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00245,"ranking_epss":0.4779,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27948","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00461,"ranking_epss":0.6419,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212003","https://support.apple.com/en-us/HT212005","https://support.apple.com/en-us/HT212009","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27949","summary":"This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00215,"ranking_epss":0.44053,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27897","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28534,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://www.zerodayinitiative.com/advisories/ZDI-21-486/","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://www.zerodayinitiative.com/advisories/ZDI-21-486/"],"published_time":"2021-04-02T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27908","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00482,"ranking_epss":0.65187,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27914","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00235,"ranking_epss":0.46406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27915","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00235,"ranking_epss":0.46406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27919","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00616,"ranking_epss":0.6995,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27920","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing maliciously crafted web content may lead to code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00485,"ranking_epss":0.65374,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27921","summary":"A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00184,"ranking_epss":0.4011,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27922","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00482,"ranking_epss":0.65187,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27923","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00482,"ranking_epss":0.65187,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27924","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00413,"ranking_epss":0.615,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27931","summary":"A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00433,"ranking_epss":0.62786,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10001","summary":"An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24698,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.debian.org/debian-lts-announce/2021/10/msg00027.html","https://support.apple.com/en-us/HT212011","https://lists.debian.org/debian-lts-announce/2021/10/msg00027.html","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10015","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00235,"ranking_epss":0.46406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT212011"],"published_time":"2021-04-02T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-36226","summary":"A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00643,"ranking_epss":0.70657,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/May/64","http://seclists.org/fulldisclosure/2021/May/65","http://seclists.org/fulldisclosure/2021/May/70","https://bugs.openldap.org/show_bug.cgi?id=9413","https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65","https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26","https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439","https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8","https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html","https://security.netapp.com/advisory/ntap-20210226-0002/","https://support.apple.com/kb/HT212529","https://support.apple.com/kb/HT212530","https://support.apple.com/kb/HT212531","https://www.debian.org/security/2021/dsa-4845","http://seclists.org/fulldisclosure/2021/May/64","http://seclists.org/fulldisclosure/2021/May/65","http://seclists.org/fulldisclosure/2021/May/70","https://bugs.openldap.org/show_bug.cgi?id=9413","https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65","https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26","https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439","https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8","https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html","https://security.netapp.com/advisory/ntap-20210226-0002/","https://support.apple.com/kb/HT212529","https://support.apple.com/kb/HT212530","https://support.apple.com/kb/HT212531","https://www.debian.org/security/2021/dsa-4845"],"published_time":"2021-01-26T18:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-36229","summary":"A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02218,"ranking_epss":0.84503,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/May/64","http://seclists.org/fulldisclosure/2021/May/65","http://seclists.org/fulldisclosure/2021/May/70","https://bugs.openldap.org/show_bug.cgi?id=9425","https://git.openldap.org/openldap/openldap/-/commit/4bdfffd2889c0c5cdf58bebafbdc8fce4bb2bff0","https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html","https://security.netapp.com/advisory/ntap-20210226-0002/","https://support.apple.com/kb/HT212529","https://support.apple.com/kb/HT212530","https://support.apple.com/kb/HT212531","https://www.debian.org/security/2021/dsa-4845","http://seclists.org/fulldisclosure/2021/May/64","http://seclists.org/fulldisclosure/2021/May/65","http://seclists.org/fulldisclosure/2021/May/70","https://bugs.openldap.org/show_bug.cgi?id=9425","https://git.openldap.org/openldap/openldap/-/commit/4bdfffd2889c0c5cdf58bebafbdc8fce4bb2bff0","https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html","https://security.netapp.com/advisory/ntap-20210226-0002/","https://support.apple.com/kb/HT212529","https://support.apple.com/kb/HT212530","https://support.apple.com/kb/HT212531","https://www.debian.org/security/2021/dsa-4845"],"published_time":"2021-01-26T18:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-36230","summary":"A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01917,"ranking_epss":0.83361,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/May/64","http://seclists.org/fulldisclosure/2021/May/65","http://seclists.org/fulldisclosure/2021/May/70","https://bugs.openldap.org/show_bug.cgi?id=9423","https://git.openldap.org/openldap/openldap/-/commit/8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793","https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html","https://security.netapp.com/advisory/ntap-20210226-0002/","https://support.apple.com/kb/HT212529","https://support.apple.com/kb/HT212530","https://support.apple.com/kb/HT212531","https://www.debian.org/security/2021/dsa-4845","http://seclists.org/fulldisclosure/2021/May/64","http://seclists.org/fulldisclosure/2021/May/65","http://seclists.org/fulldisclosure/2021/May/70","https://bugs.openldap.org/show_bug.cgi?id=9423","https://git.openldap.org/openldap/openldap/-/commit/8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793","https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html","https://security.netapp.com/advisory/ntap-20210226-0002/","https://support.apple.com/kb/HT212529","https://support.apple.com/kb/HT212530","https://support.apple.com/kb/HT212531","https://www.debian.org/security/2021/dsa-4845"],"published_time":"2021-01-26T18:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-36221","summary":"An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.47645,"ranking_epss":0.97715,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/May/64","http://seclists.org/fulldisclosure/2021/May/65","http://seclists.org/fulldisclosure/2021/May/70","https://bugs.openldap.org/show_bug.cgi?id=9404","https://bugs.openldap.org/show_bug.cgi?id=9424","https://git.openldap.org/openldap/openldap/-/commit/38ac838e4150c626bbfa0082b7e2cf3a2bb4df31","https://git.openldap.org/openldap/openldap/-/commit/58c1748e81c843c5b6e61648d2a4d1d82b47e842","https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html","https://security.netapp.com/advisory/ntap-20210226-0002/","https://support.apple.com/kb/HT212529","https://support.apple.com/kb/HT212530","https://support.apple.com/kb/HT212531","https://www.debian.org/security/2021/dsa-4845","http://seclists.org/fulldisclosure/2021/May/64","http://seclists.org/fulldisclosure/2021/May/65","http://seclists.org/fulldisclosure/2021/May/70","https://bugs.openldap.org/show_bug.cgi?id=9404","https://bugs.openldap.org/show_bug.cgi?id=9424","https://git.openldap.org/openldap/openldap/-/commit/38ac838e4150c626bbfa0082b7e2cf3a2bb4df31","https://git.openldap.org/openldap/openldap/-/commit/58c1748e81c843c5b6e61648d2a4d1d82b47e842","https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html","https://security.netapp.com/advisory/ntap-20210226-0002/","https://support.apple.com/kb/HT212529","https://support.apple.com/kb/HT212530","https://support.apple.com/kb/HT212531","https://www.debian.org/security/2021/dsa-4845"],"published_time":"2021-01-26T18:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-36222","summary":"A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.2974,"ranking_epss":0.9664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/May/64","http://seclists.org/fulldisclosure/2021/May/65","http://seclists.org/fulldisclosure/2021/May/70","https://bugs.openldap.org/show_bug.cgi?id=9406","https://bugs.openldap.org/show_bug.cgi?id=9407","https://git.openldap.org/openldap/openldap/-/commit/02dfc32d658fadc25e4040f78e36592f6e1e1ca0","https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed","https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed.aa","https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html","https://security.netapp.com/advisory/ntap-20210226-0002/","https://support.apple.com/kb/HT212529","https://support.apple.com/kb/HT212530","https://support.apple.com/kb/HT212531","https://www.debian.org/security/2021/dsa-4845","http://seclists.org/fulldisclosure/2021/May/64","http://seclists.org/fulldisclosure/2021/May/65","http://seclists.org/fulldisclosure/2021/May/70","https://bugs.openldap.org/show_bug.cgi?id=9406","https://bugs.openldap.org/show_bug.cgi?id=9407","https://git.openldap.org/openldap/openldap/-/commit/02dfc32d658fadc25e4040f78e36592f6e1e1ca0","https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed","https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed.aa","https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html","https://security.netapp.com/advisory/ntap-20210226-0002/","https://support.apple.com/kb/HT212529","https://support.apple.com/kb/HT212530","https://support.apple.com/kb/HT212531","https://www.debian.org/security/2021/dsa-4845"],"published_time":"2021-01-26T18:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-36223","summary":"A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.06669,"ranking_epss":0.91248,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/May/64","http://seclists.org/fulldisclosure/2021/May/65","http://seclists.org/fulldisclosure/2021/May/70","https://bugs.openldap.org/show_bug.cgi?id=9408","https://git.openldap.org/openldap/openldap/-/commit/21981053a1195ae1555e23df4d9ac68d34ede9dd","https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html","https://security.netapp.com/advisory/ntap-20210226-0002/","https://support.apple.com/kb/HT212529","https://support.apple.com/kb/HT212530","https://support.apple.com/kb/HT212531","https://www.debian.org/security/2021/dsa-4845","http://seclists.org/fulldisclosure/2021/May/64","http://seclists.org/fulldisclosure/2021/May/65","http://seclists.org/fulldisclosure/2021/May/70","https://bugs.openldap.org/show_bug.cgi?id=9408","https://git.openldap.org/openldap/openldap/-/commit/21981053a1195ae1555e23df4d9ac68d34ede9dd","https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html","https://security.netapp.com/advisory/ntap-20210226-0002/","https://support.apple.com/kb/HT212529","https://support.apple.com/kb/HT212530","https://support.apple.com/kb/HT212531","https://www.debian.org/security/2021/dsa-4845"],"published_time":"2021-01-26T18:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-36224","summary":"A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00872,"ranking_epss":0.75248,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/May/64","http://seclists.org/fulldisclosure/2021/May/65","http://seclists.org/fulldisclosure/2021/May/70","https://bugs.openldap.org/show_bug.cgi?id=9409","https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65","https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26","https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439","https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8","https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html","https://security.netapp.com/advisory/ntap-20210226-0002/","https://support.apple.com/kb/HT212529","https://support.apple.com/kb/HT212530","https://support.apple.com/kb/HT212531","https://www.debian.org/security/2021/dsa-4845","http://seclists.org/fulldisclosure/2021/May/64","http://seclists.org/fulldisclosure/2021/May/65","http://seclists.org/fulldisclosure/2021/May/70","https://bugs.openldap.org/show_bug.cgi?id=9409","https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65","https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26","https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439","https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8","https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html","https://security.netapp.com/advisory/ntap-20210226-0002/","https://support.apple.com/kb/HT212529","https://support.apple.com/kb/HT212530","https://support.apple.com/kb/HT212531","https://www.debian.org/security/2021/dsa-4845"],"published_time":"2021-01-26T18:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3999","summary":"VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.","cvss":6.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00103,"ranking_epss":0.28185,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.vmware.com/security/advisories/VMSA-2020-0029.html","https://www.vmware.com/security/advisories/VMSA-2020-0029.html"],"published_time":"2020-12-21T16:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8286","summary":"curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00286,"ranking_epss":0.52137,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Apr/50","http://seclists.org/fulldisclosure/2021/Apr/51","http://seclists.org/fulldisclosure/2021/Apr/54","https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://curl.se/docs/CVE-2020-8286.html","https://hackerone.com/reports/1048457","https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/","https://security.gentoo.org/glsa/202012-14","https://security.netapp.com/advisory/ntap-20210122-0007/","https://support.apple.com/kb/HT212325","https://support.apple.com/kb/HT212326","https://support.apple.com/kb/HT212327","https://www.debian.org/security/2021/dsa-4881","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html","http://seclists.org/fulldisclosure/2021/Apr/50","http://seclists.org/fulldisclosure/2021/Apr/51","http://seclists.org/fulldisclosure/2021/Apr/54","https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://curl.se/docs/CVE-2020-8286.html","https://hackerone.com/reports/1048457","https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/","https://security.gentoo.org/glsa/202012-14","https://security.netapp.com/advisory/ntap-20210122-0007/","https://support.apple.com/kb/HT212325","https://support.apple.com/kb/HT212326","https://support.apple.com/kb/HT212327","https://www.debian.org/security/2021/dsa-4881","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"published_time":"2020-12-14T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8284","summary":"A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00104,"ranking_epss":0.28241,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://curl.se/docs/CVE-2020-8284.html","https://hackerone.com/reports/1040166","https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/","https://security.gentoo.org/glsa/202012-14","https://security.netapp.com/advisory/ntap-20210122-0007/","https://support.apple.com/kb/HT212325","https://support.apple.com/kb/HT212326","https://support.apple.com/kb/HT212327","https://www.debian.org/security/2021/dsa-4881","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://curl.se/docs/CVE-2020-8284.html","https://hackerone.com/reports/1040166","https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/","https://security.gentoo.org/glsa/202012-14","https://security.netapp.com/advisory/ntap-20210122-0007/","https://support.apple.com/kb/HT212325","https://support.apple.com/kb/HT212326","https://support.apple.com/kb/HT212327","https://www.debian.org/security/2021/dsa-4881","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"published_time":"2020-12-14T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8285","summary":"curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00742,"ranking_epss":0.73007,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Apr/51","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://curl.se/docs/CVE-2020-8285.html","https://github.com/curl/curl/issues/6255","https://hackerone.com/reports/1045844","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/","https://security.gentoo.org/glsa/202012-14","https://security.netapp.com/advisory/ntap-20210122-0007/","https://support.apple.com/kb/HT212325","https://support.apple.com/kb/HT212326","https://support.apple.com/kb/HT212327","https://www.debian.org/security/2021/dsa-4881","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2022.html","http://seclists.org/fulldisclosure/2021/Apr/51","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://curl.se/docs/CVE-2020-8285.html","https://github.com/curl/curl/issues/6255","https://hackerone.com/reports/1045844","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/","https://security.gentoo.org/glsa/202012-14","https://security.netapp.com/advisory/ntap-20210122-0007/","https://support.apple.com/kb/HT212325","https://support.apple.com/kb/HT212326","https://support.apple.com/kb/HT212327","https://www.debian.org/security/2021/dsa-4881","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2022.html"],"published_time":"2020-12-14T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9991","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02136,"ranking_epss":0.84218,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211847","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT211846","http://seclists.org/fulldisclosure/2020/Dec/32","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211847","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT211846"],"published_time":"2020-12-08T22:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27896","summary":"A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to modify the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00978,"ranking_epss":0.76762,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T22:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27930","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.43948,"ranking_epss":0.97545,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.","ransomware_campaign":"Unknown","references":["http://packetstormsecurity.com/files/161294/Apple-Safari-Remote-Code-Execution.html","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211940","https://support.apple.com/en-us/HT211944","https://support.apple.com/en-us/HT211945","https://support.apple.com/en-us/HT211946","https://support.apple.com/en-us/HT211947","http://packetstormsecurity.com/files/161294/Apple-Safari-Remote-Code-Execution.html","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211940","https://support.apple.com/en-us/HT211944","https://support.apple.com/en-us/HT211945","https://support.apple.com/en-us/HT211946","https://support.apple.com/en-us/HT211947","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-27930"],"published_time":"2020-12-08T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-27932","summary":"A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.15743,"ranking_epss":0.94733,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges.","ransomware_campaign":"Unknown","references":["http://packetstormsecurity.com/files/161295/XNU-Kernel-Turnstiles-Type-Confusion.html","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211940","https://support.apple.com/en-us/HT211944","https://support.apple.com/en-us/HT211945","https://support.apple.com/en-us/HT211946","https://support.apple.com/en-us/HT211947","http://packetstormsecurity.com/files/161295/XNU-Kernel-Turnstiles-Type-Confusion.html","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211940","https://support.apple.com/en-us/HT211944","https://support.apple.com/en-us/HT211945","https://support.apple.com/en-us/HT211946","https://support.apple.com/en-us/HT211947","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-27932"],"published_time":"2020-12-08T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10017","summary":"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00646,"ranking_epss":0.70734,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9989","summary":"The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931"],"published_time":"2020-12-08T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9996","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0031,"ranking_epss":0.54182,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931"],"published_time":"2020-12-08T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9999","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00718,"ranking_epss":0.72483,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211952","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211935","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211952","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211935"],"published_time":"2020-12-08T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9963","summary":"The issue was addressed with improved handling of icon caches. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious app may be able to determine the existence of files on the computer.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00325,"ranking_epss":0.55564,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931"],"published_time":"2020-12-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9966","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00788,"ranking_epss":0.73874,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931"],"published_time":"2020-12-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9969","summary":"An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A local user may be able to view senstive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00156,"ranking_epss":0.36294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931"],"published_time":"2020-12-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9974","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00349,"ranking_epss":0.57412,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9977","summary":"A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to determine a user's open tabs in Safari.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00359,"ranking_epss":0.58129,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931"],"published_time":"2020-12-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9981","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00395,"ranking_epss":0.60368,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211849","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211935","https://support.apple.com/en-us/HT211952","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211849","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211935","https://support.apple.com/en-us/HT211952"],"published_time":"2020-12-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9988","summary":"The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931"],"published_time":"2020-12-08T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9922","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted email may lead to writing arbitrary files.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00405,"ranking_epss":0.61027,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211289","https://support.apple.com/en-us/HT211289"],"published_time":"2020-12-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9942","summary":"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00247,"ranking_epss":0.48015,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211292","https://support.apple.com/en-us/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211292","https://support.apple.com/en-us/HT211931"],"published_time":"2020-12-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9943","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A malicious application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00302,"ranking_epss":0.53568,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9944","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00302,"ranking_epss":0.53568,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9945","summary":"A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0034,"ranking_epss":0.5677,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211934","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211934"],"published_time":"2020-12-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9949","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra, tvOS 14.0. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.007,"ranking_epss":0.7202,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211289","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211289","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211931"],"published_time":"2020-12-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9954","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 7.0, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Playing a malicious audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0086,"ranking_epss":0.75046,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211849","https://support.apple.com/en-us/HT211850","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211844","https://support.apple.com/en-us/HT211849","https://support.apple.com/en-us/HT211850"],"published_time":"2020-12-08T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10014","summary":"A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to break out of its sandbox.","cvss":6.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00755,"ranking_epss":0.73289,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10016","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00564,"ranking_epss":0.68438,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10003","summary":"An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00177,"ranking_epss":0.39146,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931"],"published_time":"2020-12-08T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10004","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00559,"ranking_epss":0.68274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT211930","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT211930","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10006","summary":"This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.003,"ranking_epss":0.53364,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211931"],"published_time":"2020-12-08T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10007","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10009","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00289,"ranking_epss":0.52395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10010","summary":"A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28457,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10011","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00716,"ranking_epss":0.72411,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211849","https://support.apple.com/en-us/HT211929","https://support.apple.com/kb/HT211930","https://support.apple.com/kb/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211849","https://support.apple.com/en-us/HT211929","https://support.apple.com/kb/HT211930","https://support.apple.com/kb/HT211931"],"published_time":"2020-12-08T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10012","summary":"An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted document may lead to a cross site scripting attack.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00891,"ranking_epss":0.75579,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211931","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10013","summary":"A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00246,"ranking_epss":0.47943,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211850","https://support.apple.com/kb/HT211849","https://support.apple.com/en-us/HT211843","https://support.apple.com/en-us/HT211850","https://support.apple.com/kb/HT211849"],"published_time":"2020-12-08T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10002","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00108,"ranking_epss":0.28947,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211933","https://support.apple.com/en-us/HT211935","https://support.apple.com/kb/HT212011","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/en-us/HT211928","https://support.apple.com/en-us/HT211929","https://support.apple.com/en-us/HT211930","https://support.apple.com/en-us/HT211931","https://support.apple.com/en-us/HT211933","https://support.apple.com/en-us/HT211935","https://support.apple.com/kb/HT212011"],"published_time":"2020-12-08T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-13524","summary":"An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.","cvss":6.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00411,"ranking_epss":0.6142,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/kb/HT212011","https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125","http://seclists.org/fulldisclosure/2020/Dec/26","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/kb/HT212011","https://talosintelligence.com/vulnerability_reports/TALOS-2020-1125"],"published_time":"2020-12-03T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-4004","summary":"VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.","cvss":8.2,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00365,"ranking_epss":0.5852,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.vmware.com/security/advisories/VMSA-2020-0026.html","https://www.vmware.com/security/advisories/VMSA-2020-0026.html"],"published_time":"2020-11-20T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8037","summary":"The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00273,"ranking_epss":0.50784,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Apr/51","https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231","https://lists.debian.org/debian-lts-announce/2020/11/msg00018.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2MX34MJIUJQGL6CMEPLTKFOOOC3CJ4Z/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWDBONZVLC6BAOR2KM376DJCM4H3FERV/","https://support.apple.com/kb/HT212325","https://support.apple.com/kb/HT212326","https://support.apple.com/kb/HT212327","http://seclists.org/fulldisclosure/2021/Apr/51","https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231","https://lists.debian.org/debian-lts-announce/2020/11/msg00018.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2MX34MJIUJQGL6CMEPLTKFOOOC3CJ4Z/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWDBONZVLC6BAOR2KM376DJCM4H3FERV/","https://support.apple.com/kb/HT212325","https://support.apple.com/kb/HT212326","https://support.apple.com/kb/HT212327"],"published_time":"2020-11-04T18:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-15977","summary":"Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0114,"ranking_epss":0.78429,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html","https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html","https://crbug.com/1097724","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/","https://security.gentoo.org/glsa/202101-30","https://www.debian.org/security/2021/dsa-4824","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html","https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html","https://crbug.com/1097724","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24QFL4C3AZKMFVL7LVSYMU2DNE5VVUGS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GWCWNHTTYOH6HSFUXPGPBB6J6JYZHZE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SC3U3H6AISVZB5PLZLLNF4HMQ4UFFL7M/","https://security.gentoo.org/glsa/202101-30","https://www.debian.org/security/2021/dsa-4824"],"published_time":"2020-11-03T03:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3855","summary":"An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. A malicious application may be able to overwrite arbitrary files.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00323,"ranking_epss":0.55369,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210919","https://support.apple.com/en-us/HT210919"],"published_time":"2020-10-27T21:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3863","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00326,"ranking_epss":0.55586,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210919","https://support.apple.com/en-us/HT210919"],"published_time":"2020-10-27T21:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3880","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00235,"ranking_epss":0.46389,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210918","https://support.apple.com/en-us/HT210919","https://support.apple.com/en-us/HT210920","https://support.apple.com/en-us/HT210921","https://support.apple.com/en-us/HT210918","https://support.apple.com/en-us/HT210919","https://support.apple.com/en-us/HT210920","https://support.apple.com/en-us/HT210921"],"published_time":"2020-10-27T21:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9774","summary":"An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35632,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210919","https://support.apple.com/en-us/HT210919"],"published_time":"2020-10-27T21:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9782","summary":"A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files.","cvss":7.5,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00487,"ranking_epss":0.65438,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210788"],"published_time":"2020-10-27T21:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9786","summary":"This issue was addressed with improved checks This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. An application may be able to trigger a sysdiagnose.","cvss":3.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00238,"ranking_epss":0.46954,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211100","https://support.apple.com/en-us/HT211100"],"published_time":"2020-10-27T21:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9857","summary":"An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra. A malicious website may be able to exfiltrate autofilled data in Safari.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0025,"ranking_epss":0.4842,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211170","https://support.apple.com/en-us/HT211170"],"published_time":"2020-10-27T21:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9866","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A buffer overflow may result in arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01214,"ranking_epss":0.79027,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT211289","https://support.apple.com/en-us/HT211289"],"published_time":"2020-10-27T21:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9941","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. A remote attacker may be able to unexpectedly alter application state.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01467,"ranking_epss":0.80933,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/21","http://seclists.org/fulldisclosure/2020/Nov/22","https://support.apple.com/en-us/HT211849","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/21","http://seclists.org/fulldisclosure/2020/Nov/22","https://support.apple.com/en-us/HT211849","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211931"],"published_time":"2020-10-27T21:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9961","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00275,"ranking_epss":0.50984,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/21","http://seclists.org/fulldisclosure/2020/Nov/22","https://support.apple.com/en-us/HT211849","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211935","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/21","http://seclists.org/fulldisclosure/2020/Nov/22","https://support.apple.com/en-us/HT211849","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211935","https://support.apple.com/kb/HT211952"],"published_time":"2020-10-27T21:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9973","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00248,"ranking_epss":0.48104,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/21","https://support.apple.com/en-us/HT211849","https://support.apple.com/en-us/HT211850","https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1104","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/21","https://support.apple.com/en-us/HT211849","https://support.apple.com/en-us/HT211850","https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1104"],"published_time":"2020-10-27T21:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3851","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00195,"ranking_epss":0.41378,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210919","https://support.apple.com/en-us/HT211100","https://support.apple.com/en-us/HT210919","https://support.apple.com/en-us/HT211100"],"published_time":"2020-10-27T21:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8848","summary":"This issue was addressed with improved checks. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An application may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00297,"ranking_epss":0.53062,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795"],"published_time":"2020-10-27T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8850","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may disclose restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00299,"ranking_epss":0.53283,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8852","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.04795,"ranking_epss":0.89502,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210788"],"published_time":"2020-10-27T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8853","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00236,"ranking_epss":0.46608,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT211100","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT211100"],"published_time":"2020-10-27T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8854","summary":"A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00378,"ranking_epss":0.59384,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634"],"published_time":"2020-10-27T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8855","summary":"An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access restricted files.","cvss":6.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00278,"ranking_epss":0.51284,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210634"],"published_time":"2020-10-27T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8856","summary":"An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans.","cvss":3.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.3,"cvss_v4":null,"epss":0.0021,"ranking_epss":0.43426,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789"],"published_time":"2020-10-27T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8858","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A user who shares their screen may not be able to end screen sharing.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00241,"ranking_epss":0.47442,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8531","summary":"A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be trusted.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00317,"ranking_epss":0.54766,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209599","https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209602","https://support.apple.com/en-us/HT209599","https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209602"],"published_time":"2020-10-27T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8796","summary":"A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iOS 12.4.3, watchOS 6.1, iOS 13.2 and iPadOS 13.2. AirDrop transfers may be unexpectedly accepted while in Everyone mode.","cvss":5.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00336,"ranking_epss":0.56467,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210721","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210724","https://support.apple.com/en-us/HT211134","https://support.apple.com/en-us/HT210721","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210724","https://support.apple.com/en-us/HT211134"],"published_time":"2020-10-27T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8847","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00326,"ranking_epss":0.55586,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210788"],"published_time":"2020-10-27T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8842","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.","cvss":3.3,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00352,"ranking_epss":0.57645,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","https://support.apple.com/en-us/HT210788","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","https://support.apple.com/en-us/HT210788"],"published_time":"2020-10-27T20:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8851","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A Mac may not lock immediately upon wake.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00389,"ranking_epss":0.60001,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210788"],"published_time":"2020-10-27T20:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8826","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00681,"ranking_epss":0.71613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210634"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8828","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00484,"ranking_epss":0.65295,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8829","summary":"A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6.1, tvOS 13.2, iOS 13.2 and iPadOS 13.2. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00182,"ranking_epss":0.39865,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210721","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210723","https://support.apple.com/en-us/HT210724","https://support.apple.com/en-us/HT210721","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210723","https://support.apple.com/en-us/HT210724"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8830","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, watchOS 5.3.4. Processing malicious video via FaceTime may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01747,"ranking_epss":0.82578,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210787","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210791","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210787","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210791"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8831","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00245,"ranking_epss":0.47871,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8832","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00484,"ranking_epss":0.65295,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8833","summary":"A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00484,"ranking_epss":0.65295,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8834","summary":"A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00317,"ranking_epss":0.54811,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8837","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A malicious application may be able to access restricted files.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00179,"ranking_epss":0.39457,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210788"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8838","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00484,"ranking_epss":0.65295,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8839","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An attacker in a privileged position may be able to perform a denial of service attack.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00313,"ranking_epss":0.54442,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210788","https://support.apple.com/en-us/HT210788"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8761","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00595,"ranking_epss":0.69336,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html"],"published_time":"2020-10-27T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8767","summary":"A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Processing a maliciously crafted string may lead to heap corruption.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00451,"ranking_epss":0.63701,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8774","summary":"A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34549,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210634"],"published_time":"2020-10-27T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8776","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00326,"ranking_epss":0.55586,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210634"],"published_time":"2020-10-27T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8777","summary":"A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A local attacker may be able to view contacts from the lock screen.","cvss":2.4,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":2.4,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13097,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209600"],"published_time":"2020-10-27T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8799","summary":"This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications.","cvss":2.4,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":2.4,"cvss_v4":null,"epss":0.0007,"ranking_epss":0.21325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634"],"published_time":"2020-10-27T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8809","summary":"A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier.","cvss":3.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21525,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634"],"published_time":"2020-10-27T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8824","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00367,"ranking_epss":0.58656,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8825","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 10.7, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00547,"ranking_epss":0.67895,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8736","summary":"An input validation issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged network position may be able to leak sensitive user information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00353,"ranking_epss":0.57665,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8737","summary":"A denial of service issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged position may be able to perform a denial of service attack.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00447,"ranking_epss":0.63535,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8744","summary":"A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. A malicious application may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00314,"ranking_epss":0.5455,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8746","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02306,"ranking_epss":0.84774,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8753","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. Processing maliciously crafted web content may lead to a cross site scripting attack.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00433,"ranking_epss":0.62758,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634"],"published_time":"2020-10-27T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8754","summary":"A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A malicious HTML document may be able to render iframes with sensitive user information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0016,"ranking_epss":0.36825,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8756","summary":"Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01253,"ranking_epss":0.79368,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210635","https://support.apple.com/en-us/HT210636","https://support.apple.com/en-us/HT210637","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8759","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. A local user may be able to cause unexpected system termination or read kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":6.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8656","summary":"This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.03766,"ranking_epss":0.88058,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210348","https://support.apple.com/en-us/HT210348"],"published_time":"2020-10-27T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8675","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01419,"ranking_epss":0.80607,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210348","https://support.apple.com/en-us/HT210348"],"published_time":"2020-10-27T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8696","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01419,"ranking_epss":0.80607,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210348","https://support.apple.com/en-us/HT210348"],"published_time":"2020-10-27T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8706","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00485,"ranking_epss":0.65371,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210603","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8708","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. A local user may be able to check for the existence of arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18905,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8709","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00501,"ranking_epss":0.66015,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210607","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8715","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00257,"ranking_epss":0.49079,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8716","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00567,"ranking_epss":0.68521,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8592","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, tvOS 12.3, watchOS 5.2.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, iOS 13. Playing a malicious audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00433,"ranking_epss":0.62743,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120","https://support.apple.com/en-us/HT210122","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120","https://support.apple.com/en-us/HT210122","https://support.apple.com/en-us/HT210604","https://support.apple.com/en-us/HT210606","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8612","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, tvOS 12.3, watchOS 5.2.1, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. An attacker in a privileged network position can modify driver state.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00323,"ranking_epss":0.55378,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120","https://support.apple.com/en-us/HT210122","https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120","https://support.apple.com/en-us/HT210122"],"published_time":"2020-10-27T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8618","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A sandboxed process may be able to circumvent sandbox restrictions.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00289,"ranking_epss":0.52373,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209599","https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209602","https://support.apple.com/en-us/HT209599","https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209602"],"published_time":"2020-10-27T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8631","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00289,"ranking_epss":0.52373,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120","https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120"],"published_time":"2020-10-27T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8633","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3, watchOS 5.3. An application may be able to read restricted memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00378,"ranking_epss":0.59384,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120","https://support.apple.com/en-us/HT210353","https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120","https://support.apple.com/en-us/HT210353"],"published_time":"2020-10-27T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8640","summary":"A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra. A sandboxed process may be able to circumvent sandbox restrictions.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00241,"ranking_epss":0.47442,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210119"],"published_time":"2020-10-27T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8642","summary":"An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing.","cvss":3.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00088,"ranking_epss":0.24985,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209600"],"published_time":"2020-10-27T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8645","summary":"An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00327,"ranking_epss":0.55677,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209600"],"published_time":"2020-10-27T20:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8538","summary":"A denial of service issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. Processing a maliciously crafted vcf file may lead to a denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00196,"ranking_epss":0.41568,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209599","https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209602","https://support.apple.com/en-us/HT209599","https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209602"],"published_time":"2020-10-27T20:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8539","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. A malicious application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00279,"ranking_epss":0.51352,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210348","https://support.apple.com/en-us/HT210348"],"published_time":"2020-10-27T20:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8547","summary":"An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A remote attacker may be able to leak memory.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01002,"ranking_epss":0.77037,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209599","https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209602","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT209599","https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209602","https://support.apple.com/en-us/HT210119"],"published_time":"2020-10-27T20:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8564","summary":"A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position can modify driver state.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00241,"ranking_epss":0.47442,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209600"],"published_time":"2020-10-27T20:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8569","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An application may be able to execute arbitrary code with system privileges.","cvss":6.7,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.1433,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT210119"],"published_time":"2020-10-27T20:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8573","summary":"An input validation issue was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause a system denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00537,"ranking_epss":0.67557,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210122","https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210122"],"published_time":"2020-10-27T20:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8579","summary":"An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An application may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.17893,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209600"],"published_time":"2020-10-27T20:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8582","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iCloud for Windows 7.12, tvOS 12.3, iTunes 12.9.5 for Windows, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00296,"ranking_epss":0.52937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120","https://support.apple.com/en-us/HT210124","https://support.apple.com/en-us/HT210125","https://support.apple.com/en-us/HT210118","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT210120","https://support.apple.com/en-us/HT210124","https://support.apple.com/en-us/HT210125"],"published_time":"2020-10-27T20:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4467","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra. A malicious application may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00222,"ranking_epss":0.44856,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209341","https://support.apple.com/en-us/HT209446","https://support.apple.com/en-us/HT209341","https://support.apple.com/en-us/HT209446"],"published_time":"2020-10-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4468","summary":"This issue was addressed by removing additional entitlements. This issue is fixed in macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra. A malicious application may be able to access restricted files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00226,"ranking_epss":0.45414,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209193","https://support.apple.com/en-us/HT209193"],"published_time":"2020-10-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-6238","summary":"A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted package may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00343,"ranking_epss":0.56982,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209600"],"published_time":"2020-10-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7288","summary":"The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos .","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00528,"ranking_epss":0.67194,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209520","https://support.apple.com/en-us/HT209521","https://support.apple.com/en-us/HT209520","https://support.apple.com/en-us/HT209521"],"published_time":"2020-10-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8509","summary":"This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. A malicious application may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00256,"ranking_epss":0.49027,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722","https://support.apple.com/en-us/HT210634","https://support.apple.com/en-us/HT210722"],"published_time":"2020-10-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8525","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel privileges.","cvss":6.7,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17823,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209599","https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209602","https://support.apple.com/en-us/HT210119","https://support.apple.com/en-us/HT209599","https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209602","https://support.apple.com/en-us/HT210119"],"published_time":"2020-10-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8528","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel privileges.","cvss":6.7,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.22589,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209599","https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209602","https://support.apple.com/en-us/HT209599","https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209602"],"published_time":"2020-10-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8534","summary":"A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":6.7,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.13554,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209600"],"published_time":"2020-10-27T20:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4296","summary":"This issue is fixed in macOS Mojave 10.14. A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00381,"ranking_epss":0.59547,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209139","https://support.apple.com/en-us/HT209139"],"published_time":"2020-10-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4390","summary":"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00232,"ranking_epss":0.4606,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT208221","https://support.apple.com/en-us/HT208696","https://support.apple.com/en-us/HT209192","https://support.apple.com/en-us/HT208221","https://support.apple.com/en-us/HT208696","https://support.apple.com/en-us/HT209192"],"published_time":"2020-10-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4391","summary":"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00232,"ranking_epss":0.4606,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT208221","https://support.apple.com/en-us/HT208696","https://support.apple.com/en-us/HT209192","https://support.apple.com/en-us/HT208221","https://support.apple.com/en-us/HT208696","https://support.apple.com/en-us/HT209192"],"published_time":"2020-10-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4433","summary":"A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00302,"ranking_epss":0.5354,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209106","https://support.apple.com/en-us/HT209107","https://support.apple.com/en-us/HT209108","https://support.apple.com/en-us/HT209139","https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209106","https://support.apple.com/en-us/HT209107","https://support.apple.com/en-us/HT209108","https://support.apple.com/en-us/HT209139","https://support.apple.com/en-us/HT209600"],"published_time":"2020-10-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4448","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.1.1, watchOS 5.1.2, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra, tvOS 12.1.1. A local user may be able to read kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.20709,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209340","https://support.apple.com/en-us/HT209341","https://support.apple.com/en-us/HT209342","https://support.apple.com/en-us/HT209343","https://support.apple.com/en-us/HT209600","https://support.apple.com/en-us/HT209340","https://support.apple.com/en-us/HT209341","https://support.apple.com/en-us/HT209342","https://support.apple.com/en-us/HT209343","https://support.apple.com/en-us/HT209600"],"published_time":"2020-10-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4451","summary":"This issue is fixed in macOS Mojave 10.14. A memory corruption issue was addressed with improved input validation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00339,"ranking_epss":0.56702,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209139","https://support.apple.com/en-us/HT209139"],"published_time":"2020-10-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4452","summary":"A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra. A malicious application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00358,"ranking_epss":0.58059,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT209341","https://support.apple.com/en-us/HT209446","https://support.apple.com/en-us/HT209341","https://support.apple.com/en-us/HT209446"],"published_time":"2020-10-27T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9994","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00284,"ranking_epss":0.51868,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211168","https://support.apple.com/kb/HT211170","https://support.apple.com/kb/HT211171","https://support.apple.com/kb/HT211175","https://support.apple.com/kb/HT211168","https://support.apple.com/kb/HT211170","https://support.apple.com/kb/HT211171","https://support.apple.com/kb/HT211175"],"published_time":"2020-10-22T19:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9997","summary":"An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, watchOS 6.2.8. A malicious application may disclose restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00178,"ranking_epss":0.39358,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T19:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9927","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15143,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211289"],"published_time":"2020-10-22T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9928","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00245,"ranking_epss":0.4779,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211289"],"published_time":"2020-10-22T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9929","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":6.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.14074,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211289"],"published_time":"2020-10-22T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9935","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A user may be unexpectedly logged in to another user’s account.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00231,"ranking_epss":0.45954,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211289"],"published_time":"2020-10-22T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9937","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00424,"ranking_epss":0.62207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9938","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00424,"ranking_epss":0.62207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9939","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to load unsigned kernel extensions.","cvss":6.4,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":6.4,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13091,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211289"],"published_time":"2020-10-22T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9940","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00867,"ranking_epss":0.75176,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290"],"published_time":"2020-10-22T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9980","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted font file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00462,"ranking_epss":0.64211,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9984","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00424,"ranking_epss":0.62207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9985","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00755,"ranking_epss":0.73278,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9986","summary":"A file access issue existed with certain home folder files. This was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.7. A malicious application may be able to read sensitive location information.","cvss":3.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00182,"ranking_epss":0.39937,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Nov/21","https://support.apple.com/kb/HT211849","http://seclists.org/fulldisclosure/2020/Nov/21","https://support.apple.com/kb/HT211849"],"published_time":"2020-10-22T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9990","summary":"A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14403,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211289"],"published_time":"2020-10-22T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9901","summary":"An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15088,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290"],"published_time":"2020-10-22T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9902","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00246,"ranking_epss":0.47875,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9904","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00256,"ranking_epss":0.49042,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9905","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0121,"ranking_epss":0.79007,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290"],"published_time":"2020-10-22T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9906","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.","cvss":9.1,"cvss_version":3.0,"cvss_v2":9.4,"cvss_v3":9.1,"cvss_v4":null,"epss":0.01143,"ranking_epss":0.78454,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/162119/iOS-macOS-Radio-Proximity-Kernel-Memory-Corruption.html","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211291","http://packetstormsecurity.com/files/162119/iOS-macOS-Radio-Proximity-Kernel-Memory-Corruption.html","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9908","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":6.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11762,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211289"],"published_time":"2020-10-22T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9919","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00794,"ranking_epss":0.73975,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9920","summary":"A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files.","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00698,"ranking_epss":0.71968,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9921","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with system privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.1135,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211289"],"published_time":"2020-10-22T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9924","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may be able to cause a denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00598,"ranking_epss":0.69443,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211289"],"published_time":"2020-10-22T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9881","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00867,"ranking_epss":0.75176,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9882","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00867,"ranking_epss":0.75176,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9883","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0106,"ranking_epss":0.77663,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211931","https://www.zerodayinitiative.com/advisories/ZDI-20-1389/","http://seclists.org/fulldisclosure/2020/Dec/32","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211931","https://www.zerodayinitiative.com/advisories/ZDI-20-1389/"],"published_time":"2020-10-22T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9887","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. Viewing a maliciously crafted JPEG file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00418,"ranking_epss":0.61862,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211289"],"published_time":"2020-10-22T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9892","summary":"Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00243,"ranking_epss":0.47578,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9898","summary":"This issue was addressed with improved entitlements. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A sandboxed process may be able to circumvent sandbox restrictions.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00528,"ranking_epss":0.67194,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289"],"published_time":"2020-10-22T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9899","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00245,"ranking_epss":0.4779,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211289"],"published_time":"2020-10-22T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9900","summary":"An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15739,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9868","summary":"A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate.","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34606,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9869","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may cause an unexpected application termination.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00598,"ranking_epss":0.69443,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211289"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9871","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00424,"ranking_epss":0.62207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9872","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00312,"ranking_epss":0.5441,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9873","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00312,"ranking_epss":0.5441,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9874","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00424,"ranking_epss":0.62207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9875","summary":"An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00253,"ranking_epss":0.48659,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9876","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00741,"ranking_epss":0.72992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/22","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211935","https://support.apple.com/kb/HT211952","http://seclists.org/fulldisclosure/2020/Dec/32","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/22","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211843","https://support.apple.com/kb/HT211844","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211931","https://support.apple.com/kb/HT211935","https://support.apple.com/kb/HT211952"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9877","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00312,"ranking_epss":0.5441,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9879","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00424,"ranking_epss":0.62207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9880","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00864,"ranking_epss":0.75132,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T18:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3915","summary":"A path handling issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to overwrite arbitrary files.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.17893,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211100"],"published_time":"2020-10-22T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3918","summary":"An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may be able to view sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20697,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211101","https://support.apple.com/kb/HT211102","https://support.apple.com/kb/HT211103","https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211101","https://support.apple.com/kb/HT211102","https://support.apple.com/kb/HT211103"],"published_time":"2020-10-22T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9771","summary":"This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A user may gain access to protected parts of the file system.","cvss":7.1,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.30703,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211100"],"published_time":"2020-10-22T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9772","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A sandboxed process may be able to circumvent sandbox restrictions.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21639,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211101","https://support.apple.com/kb/HT211102","https://support.apple.com/kb/HT211103","https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211101","https://support.apple.com/kb/HT211102","https://support.apple.com/kb/HT211103"],"published_time":"2020-10-22T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9779","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":6.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11762,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211100"],"published_time":"2020-10-22T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9787","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. Some websites may not have appeared in Safari Preferences.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00292,"ranking_epss":0.52625,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211101","https://support.apple.com/kb/HT211102","https://support.apple.com/kb/HT211103","https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211101","https://support.apple.com/kb/HT211102","https://support.apple.com/kb/HT211103"],"published_time":"2020-10-22T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9796","summary":"A race condition was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10515,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211170","https://support.apple.com/kb/HT211170"],"published_time":"2020-10-22T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9810","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A person with physical access to a Mac may be able to bypass Login Window.","cvss":6.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18835,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211170","https://support.apple.com/kb/HT211170"],"published_time":"2020-10-22T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9828","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to leak sensitive user information.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00281,"ranking_epss":0.51492,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211100"],"published_time":"2020-10-22T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9853","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to determine kernel memory layout.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00255,"ranking_epss":0.48931,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211100"],"published_time":"2020-10-22T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9854","summary":"A logic issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. An application may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00392,"ranking_epss":0.60231,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211168","https://support.apple.com/kb/HT211170","https://support.apple.com/kb/HT211171","https://support.apple.com/kb/HT211168","https://support.apple.com/kb/HT211170","https://support.apple.com/kb/HT211171"],"published_time":"2020-10-22T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9863","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00287,"ranking_epss":0.52166,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291"],"published_time":"2020-10-22T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3898","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00162,"ranking_epss":0.37118,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211100"],"published_time":"2020-10-22T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3995","summary":"In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time.","cvss":5.3,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00313,"ranking_epss":0.54443,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.vmware.com/security/advisories/VMSA-2020-0023.html","https://www.vmware.com/security/advisories/VMSA-2020-0023.html"],"published_time":"2020-10-20T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3981","summary":"VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.","cvss":5.8,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":5.8,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34541,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.vmware.com/security/advisories/VMSA-2020-0023.html","https://www.vmware.com/security/advisories/VMSA-2020-0023.html"],"published_time":"2020-10-20T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3982","summary":"VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.","cvss":7.7,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":7.7,"cvss_v4":null,"epss":0.00201,"ranking_epss":0.42145,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.vmware.com/security/advisories/VMSA-2020-0023.html","https://www.vmware.com/security/advisories/VMSA-2020-0023.html"],"published_time":"2020-10-20T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9968","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.7, tvOS 14.0, watchOS 7.0. A malicious application may be able to access restricted files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00303,"ranking_epss":0.53618,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/21","http://seclists.org/fulldisclosure/2020/Nov/22","https://support.apple.com/HT211843","https://support.apple.com/HT211844","https://support.apple.com/HT211849","https://support.apple.com/HT211850","http://seclists.org/fulldisclosure/2020/Nov/19","http://seclists.org/fulldisclosure/2020/Nov/20","http://seclists.org/fulldisclosure/2020/Nov/21","http://seclists.org/fulldisclosure/2020/Nov/22","https://support.apple.com/HT211843","https://support.apple.com/HT211844","https://support.apple.com/HT211849","https://support.apple.com/HT211850"],"published_time":"2020-10-16T17:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9918","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01424,"ranking_epss":0.80639,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290","https://support.apple.com/HT211291","https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290","https://support.apple.com/HT211291"],"published_time":"2020-10-16T17:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9934","summary":"An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0244,"ranking_epss":0.85198,"kev":true,"propose_action":"Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information.","ransomware_campaign":"Unknown","references":["https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9934"],"published_time":"2020-10-16T17:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9889","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00447,"ranking_epss":0.63526,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290","https://support.apple.com/HT211291","https://www.zerodayinitiative.com/advisories/ZDI-20-1391/","https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290","https://support.apple.com/HT211291","https://www.zerodayinitiative.com/advisories/ZDI-20-1391/"],"published_time":"2020-10-16T17:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9890","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00462,"ranking_epss":0.64211,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290","https://support.apple.com/HT211291","https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290","https://support.apple.com/HT211291"],"published_time":"2020-10-16T17:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9891","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00462,"ranking_epss":0.64211,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290","https://support.apple.com/HT211291","https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290","https://support.apple.com/HT211291"],"published_time":"2020-10-16T17:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9913","summary":"This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14702,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211289","https://support.apple.com/HT211289"],"published_time":"2020-10-16T17:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9864","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01139,"ranking_epss":0.78422,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211289","https://support.apple.com/HT211289"],"published_time":"2020-10-16T17:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9865","summary":"A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox.","cvss":8.6,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00305,"ranking_epss":0.5376,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290","https://support.apple.com/HT211291","https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290","https://support.apple.com/HT211291"],"published_time":"2020-10-16T17:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9870","summary":"A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0056,"ranking_epss":0.6829,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290","https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290"],"published_time":"2020-10-16T17:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9878","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00867,"ranking_epss":0.75176,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211291","https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211291"],"published_time":"2020-10-16T17:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9884","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00418,"ranking_epss":0.61862,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211289","https://support.apple.com/HT211289"],"published_time":"2020-10-16T17:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9885","summary":"An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29298,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290","https://support.apple.com/HT211291","https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290","https://support.apple.com/HT211291"],"published_time":"2020-10-16T17:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9888","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00462,"ranking_epss":0.64211,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290","https://support.apple.com/HT211291","https://support.apple.com/HT211288","https://support.apple.com/HT211289","https://support.apple.com/HT211290","https://support.apple.com/HT211291"],"published_time":"2020-10-16T17:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9799","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00245,"ranking_epss":0.4779,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211289","https://support.apple.com/HT211289"],"published_time":"2020-10-16T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6574","summary":"Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.3215,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html","https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html","https://crbug.com/1102196","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/","https://www.debian.org/security/2021/dsa-4824","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00078.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00081.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html","https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html","https://crbug.com/1102196","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD/","https://www.debian.org/security/2021/dsa-4824"],"published_time":"2020-09-21T20:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3980","summary":"VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed.","cvss":6.7,"cvss_version":3.0,"cvss_v2":3.7,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00107,"ranking_epss":0.28738,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.vmware.com/security/advisories/VMSA-2020-0020.html","https://www.vmware.com/security/advisories/VMSA-2020-0020.html"],"published_time":"2020-09-16T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9847","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox.","cvss":8.6,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00217,"ranking_epss":0.44275,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211170","https://support.apple.com/HT211170"],"published_time":"2020-06-09T17:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9851","summary":"An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00194,"ranking_epss":0.41278,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211170","https://support.apple.com/HT211170"],"published_time":"2020-06-09T17:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9852","summary":"An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00533,"ranking_epss":0.67391,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175"],"published_time":"2020-06-09T17:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9855","summary":"A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.5. A local attacker may be able to elevate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15753,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211170","https://support.apple.com/HT211170"],"published_time":"2020-06-09T17:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9856","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges.","cvss":5.3,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":5.3,"cvss_v4":null,"epss":0.18924,"ranking_epss":0.95326,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211170","https://support.apple.com/HT211170"],"published_time":"2020-06-09T17:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9830","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00264,"ranking_epss":0.49884,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211170","https://support.apple.com/HT211170"],"published_time":"2020-06-09T17:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9831","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00226,"ranking_epss":0.45414,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211170","https://support.apple.com/HT211170"],"published_time":"2020-06-09T17:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9832","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00226,"ranking_epss":0.45414,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211170","https://support.apple.com/HT211170"],"published_time":"2020-06-09T17:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9833","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.5. A local user may be able to read kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00129,"ranking_epss":0.32291,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211170","https://support.apple.com/HT211170"],"published_time":"2020-06-09T17:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9834","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00245,"ranking_epss":0.4779,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211170","https://support.apple.com/HT211170"],"published_time":"2020-06-09T17:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9837","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00764,"ranking_epss":0.73458,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171"],"published_time":"2020-06-09T17:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9839","summary":"A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":7.0,"cvss_v4":null,"epss":0.35894,"ranking_epss":0.97094,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175"],"published_time":"2020-06-09T17:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9841","summary":"An integer overflow was addressed through improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00264,"ranking_epss":0.49884,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211170","https://support.apple.com/HT211170"],"published_time":"2020-06-09T17:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9842","summary":"An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application could interact with system processes to access private information and perform privileged actions.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00331,"ranking_epss":0.56043,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175"],"published_time":"2020-06-09T17:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9844","summary":"A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00528,"ranking_epss":0.672,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211168","https://support.apple.com/HT211170"],"published_time":"2020-06-09T17:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9814","summary":"A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00484,"ranking_epss":0.65295,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175"],"published_time":"2020-06-09T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9815","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00633,"ranking_epss":0.70378,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175"],"published_time":"2020-06-09T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9816","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00484,"ranking_epss":0.65295,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175"],"published_time":"2020-06-09T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9817","summary":"A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28598,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211170","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT","https://support.apple.com/HT211170","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT"],"published_time":"2020-06-09T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9821","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00533,"ranking_epss":0.67391,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175"],"published_time":"2020-06-09T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9822","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00245,"ranking_epss":0.4779,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211170","https://support.apple.com/HT211170"],"published_time":"2020-06-09T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9824","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A non-privileged user may be able to modify restricted network settings.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00241,"ranking_epss":0.47442,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211170","https://support.apple.com/HT211170"],"published_time":"2020-06-09T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9825","summary":"An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A malicious application may be able to bypass Privacy preferences.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00189,"ranking_epss":0.40673,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211168","https://support.apple.com/HT211170"],"published_time":"2020-06-09T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9826","summary":"A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00471,"ranking_epss":0.64625,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211168","https://support.apple.com/HT211170"],"published_time":"2020-06-09T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9827","summary":"A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00821,"ranking_epss":0.74437,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175"],"published_time":"2020-06-09T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9804","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. Inserting a USB device that sends invalid messages may cause a kernel panic.","cvss":4.6,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18326,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211170","https://support.apple.com/HT211170"],"published_time":"2020-06-09T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9808","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to cause unexpected system termination or write kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00335,"ranking_epss":0.56345,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175"],"published_time":"2020-06-09T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9809","summary":"An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00297,"ranking_epss":0.53071,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175"],"published_time":"2020-06-09T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9811","summary":"An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00325,"ranking_epss":0.55564,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175"],"published_time":"2020-06-09T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9812","summary":"An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00297,"ranking_epss":0.53071,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175"],"published_time":"2020-06-09T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9813","summary":"A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00484,"ranking_epss":0.65295,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175"],"published_time":"2020-06-09T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9788","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.5. A file may be incorrectly rendered to execute JavaScript.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00179,"ranking_epss":0.39457,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211170","https://support.apple.com/HT211170"],"published_time":"2020-06-09T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9789","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01342,"ranking_epss":0.80054,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211178","https://support.apple.com/HT211179","https://support.apple.com/HT211181","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211178","https://support.apple.com/HT211179","https://support.apple.com/HT211181"],"published_time":"2020-06-09T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9790","summary":"An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01342,"ranking_epss":0.80054,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211178","https://support.apple.com/HT211179","https://support.apple.com/HT211181","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211178","https://support.apple.com/HT211179","https://support.apple.com/HT211181"],"published_time":"2020-06-09T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9791","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00633,"ranking_epss":0.70378,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175"],"published_time":"2020-06-09T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9793","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01193,"ranking_epss":0.78872,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175"],"published_time":"2020-06-09T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9794","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.","cvss":8.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00959,"ranking_epss":0.76494,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211178","https://support.apple.com/HT211179","https://support.apple.com/HT211181","https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211178","https://support.apple.com/HT211179","https://support.apple.com/HT211181"],"published_time":"2020-06-09T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9795","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00626,"ranking_epss":0.70223,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175"],"published_time":"2020-06-09T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9797","summary":"An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine another application's memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00325,"ranking_epss":0.55564,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175"],"published_time":"2020-06-09T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9800","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0076,"ranking_epss":0.73378,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211177","https://support.apple.com/HT211178","https://support.apple.com/HT211179","https://support.apple.com/HT211181","https://support.apple.com/HT211168","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211177","https://support.apple.com/HT211178","https://support.apple.com/HT211179","https://support.apple.com/HT211181"],"published_time":"2020-06-09T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3882","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. Importing a maliciously crafted calendar invitation may exfiltrate user information.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0028,"ranking_epss":0.51386,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211170","https://support.apple.com/HT211170"],"published_time":"2020-06-09T16:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9792","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A USB device may be able to cause a denial of service.","cvss":4.6,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.13989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211168","https://support.apple.com/HT211170"],"published_time":"2020-06-09T16:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9859","summary":"A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26318,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges.","ransomware_campaign":"Unknown","references":["https://support.apple.com/HT211214","https://support.apple.com/HT211214","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9859"],"published_time":"2020-06-05T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20807","summary":"In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).","cvss":5.3,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00206,"ranking_epss":0.42876,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html","http://seclists.org/fulldisclosure/2020/Jul/24","https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075","https://github.com/vim/vim/releases/tag/v8.1.0881","https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html","https://support.apple.com/kb/HT211289","https://usn.ubuntu.com/4582-1/","https://www.starwindsoftware.com/security/sw-20220812-0003/","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html","http://seclists.org/fulldisclosure/2020/Jul/24","https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075","https://github.com/vim/vim/releases/tag/v8.1.0881","https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html","https://support.apple.com/kb/HT211289","https://usn.ubuntu.com/4582-1/","https://www.starwindsoftware.com/security/sw-20220812-0003/"],"published_time":"2020-05-28T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6477","summary":"Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08628,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html","https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html","https://crbug.com/946156","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT/","https://security.gentoo.org/glsa/202006-02","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html","https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop_19.html","https://crbug.com/946156","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT/","https://security.gentoo.org/glsa/202006-02"],"published_time":"2020-05-21T04:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6616","summary":"Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020).","cvss":6.5,"cvss_version":3.0,"cvss_v2":3.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00122,"ranking_epss":0.31195,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://bluetooth.lol","http://seclists.org/fulldisclosure/2020/May/49","https://github.com/seemoo-lab/internalblue/blob/master/doc/rng.md","https://media.ccc.de/v/DiVOC-6-finding_eastereggs_in_broadcom_s_bluetooth_random_number_generator","https://security.samsungmobile.com/securityUpdate.smsb","https://support.apple.com/HT211168","https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211168","https://twitter.com/naehrdine/status/1255980443368919045","https://twitter.com/naehrdine/status/1255981245147877377","http://bluetooth.lol","http://seclists.org/fulldisclosure/2020/May/49","https://github.com/seemoo-lab/internalblue/blob/master/doc/rng.md","https://media.ccc.de/v/DiVOC-6-finding_eastereggs_in_broadcom_s_bluetooth_random_number_generator","https://security.samsungmobile.com/securityUpdate.smsb","https://support.apple.com/HT211168","https://support.apple.com/kb/HT211100","https://support.apple.com/kb/HT211168","https://twitter.com/naehrdine/status/1255980443368919045","https://twitter.com/naehrdine/status/1255981245147877377"],"published_time":"2020-05-08T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-12243","summary":"In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.10757,"ranking_epss":0.93363,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html","https://bugs.openldap.org/show_bug.cgi?id=9202","https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES","https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440","https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html","https://security.netapp.com/advisory/ntap-20200511-0003/","https://support.apple.com/kb/HT211289","https://usn.ubuntu.com/4352-1/","https://usn.ubuntu.com/4352-2/","https://www.debian.org/security/2020/dsa-4666","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpuoct2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html","https://bugs.openldap.org/show_bug.cgi?id=9202","https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES","https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440","https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html","https://security.netapp.com/advisory/ntap-20200511-0003/","https://support.apple.com/kb/HT211289","https://usn.ubuntu.com/4352-1/","https://usn.ubuntu.com/4352-2/","https://www.debian.org/security/2020/dsa-4666","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-04-28T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-6203","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.10288,"ranking_epss":0.93196,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601"],"published_time":"2020-04-17T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11758","summary":"An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00642,"ranking_epss":0.70627,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755"],"published_time":"2020-04-14T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11759","summary":"An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.01059,"ranking_epss":0.77648,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755"],"published_time":"2020-04-14T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11760","summary":"An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00642,"ranking_epss":0.70627,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755"],"published_time":"2020-04-14T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11761","summary":"An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00576,"ranking_epss":0.6881,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755"],"published_time":"2020-04-14T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11762","summary":"An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00576,"ranking_epss":0.6881,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755"],"published_time":"2020-04-14T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11763","summary":"An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00576,"ranking_epss":0.6881,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755"],"published_time":"2020-04-14T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11764","summary":"An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00781,"ranking_epss":0.73746,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755"],"published_time":"2020-04-14T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-11765","summary":"An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00576,"ranking_epss":0.6881,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html","https://bugs.chromium.org/p/project-zero/issues/detail?id=1987","https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020","https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1","https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3/","https://security.gentoo.org/glsa/202107-27","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211291","https://support.apple.com/kb/HT211293","https://support.apple.com/kb/HT211294","https://support.apple.com/kb/HT211295","https://usn.ubuntu.com/4339-1/","https://www.debian.org/security/2020/dsa-4755"],"published_time":"2020-04-14T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14868","summary":"In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.","cvss":7.4,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.4,"cvss_v4":null,"epss":0.00204,"ranking_epss":0.42527,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/May/53","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868","https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2","https://lists.debian.org/debian-lts-announce/2020/07/msg00015.html","https://support.apple.com/kb/HT211170","http://seclists.org/fulldisclosure/2020/May/53","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868","https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2","https://lists.debian.org/debian-lts-announce/2020/07/msg00015.html","https://support.apple.com/kb/HT211170"],"published_time":"2020-04-02T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3847","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01337,"ranking_epss":0.80017,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210919","https://support.apple.com/HT210919"],"published_time":"2020-04-01T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3848","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00857,"ranking_epss":0.75016,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210919","https://support.apple.com/HT210919"],"published_time":"2020-04-01T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3849","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00857,"ranking_epss":0.75016,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210919","https://support.apple.com/HT210919"],"published_time":"2020-04-01T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3850","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.0118,"ranking_epss":0.78763,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210919","https://support.apple.com/HT210919"],"published_time":"2020-04-01T19:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9785","summary":"Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00276,"ranking_epss":0.51115,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211101","https://support.apple.com/HT211102","https://support.apple.com/HT211103","https://support.apple.com/HT211100","https://support.apple.com/HT211101","https://support.apple.com/HT211102","https://support.apple.com/HT211103"],"published_time":"2020-04-01T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3908","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":6.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11762,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211100"],"published_time":"2020-04-01T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3909","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02593,"ranking_epss":0.8562,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211101","https://support.apple.com/HT211102","https://support.apple.com/HT211103","https://support.apple.com/HT211105","https://support.apple.com/HT211106","https://support.apple.com/HT211107","https://www.oracle.com/security-alerts/cpuoct2020.html","https://support.apple.com/HT211100","https://support.apple.com/HT211101","https://support.apple.com/HT211102","https://support.apple.com/HT211103","https://support.apple.com/HT211105","https://support.apple.com/HT211106","https://support.apple.com/HT211107","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2020-04-01T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3910","summary":"A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01174,"ranking_epss":0.7871,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211101","https://support.apple.com/HT211102","https://support.apple.com/HT211103","https://support.apple.com/HT211105","https://support.apple.com/HT211106","https://support.apple.com/HT211107","https://support.apple.com/HT211100","https://support.apple.com/HT211101","https://support.apple.com/HT211102","https://support.apple.com/HT211103","https://support.apple.com/HT211105","https://support.apple.com/HT211106","https://support.apple.com/HT211107"],"published_time":"2020-04-01T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3911","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.01563,"ranking_epss":0.81523,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211101","https://support.apple.com/HT211102","https://support.apple.com/HT211103","https://support.apple.com/HT211105","https://support.apple.com/HT211106","https://support.apple.com/HT211107","https://support.apple.com/HT211100","https://support.apple.com/HT211101","https://support.apple.com/HT211102","https://support.apple.com/HT211103","https://support.apple.com/HT211105","https://support.apple.com/HT211106","https://support.apple.com/HT211107"],"published_time":"2020-04-01T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3912","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":6.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11762,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211100"],"published_time":"2020-04-01T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3913","summary":"A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, watchOS 6.2. A malicious application may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00196,"ranking_epss":0.41542,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211102","https://support.apple.com/HT211103","https://support.apple.com/HT211100","https://support.apple.com/HT211102","https://support.apple.com/HT211103"],"published_time":"2020-04-01T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3914","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.003,"ranking_epss":0.53366,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211101","https://support.apple.com/HT211102","https://support.apple.com/HT211103","https://support.apple.com/HT211100","https://support.apple.com/HT211101","https://support.apple.com/HT211102","https://support.apple.com/HT211103"],"published_time":"2020-04-01T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3919","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00266,"ranking_epss":0.50099,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211101","https://support.apple.com/HT211102","https://support.apple.com/HT211103","https://support.apple.com/HT211100","https://support.apple.com/HT211101","https://support.apple.com/HT211102","https://support.apple.com/HT211103"],"published_time":"2020-04-01T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9769","summary":"Multiple issues were addressed by updating to version 8.1.1850. This issue is fixed in macOS Catalina 10.15.4. Multiple issues in Vim.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00504,"ranking_epss":0.6617,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211100"],"published_time":"2020-04-01T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9775","summary":"An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Time.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00206,"ranking_epss":0.42977,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211102","https://support.apple.com/kb/HT211100","https://support.apple.com/HT211102","https://support.apple.com/kb/HT211100"],"published_time":"2020-04-01T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-9776","summary":"This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to access a user's call history.","cvss":3.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.3,"cvss_v4":null,"epss":0.0019,"ranking_epss":0.4084,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211100"],"published_time":"2020-04-01T18:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3889","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to read arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14702,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211100"],"published_time":"2020-04-01T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3892","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00302,"ranking_epss":0.53552,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211100"],"published_time":"2020-04-01T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3893","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00302,"ranking_epss":0.53552,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211100"],"published_time":"2020-04-01T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3903","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.4. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00302,"ranking_epss":0.53552,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211100"],"published_time":"2020-04-01T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3904","summary":"Multiple memory corruption issues were addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00326,"ranking_epss":0.55586,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211100"],"published_time":"2020-04-01T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3905","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00302,"ranking_epss":0.53552,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211100"],"published_time":"2020-04-01T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3906","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.4. A maliciously crafted application may be able to bypass code signing enforcement.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00256,"ranking_epss":0.48948,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211100"],"published_time":"2020-04-01T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3907","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":6.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211100"],"published_time":"2020-04-01T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3881","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to view sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14702,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211100"],"published_time":"2020-04-01T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3883","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to use arbitrary entitlements.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00475,"ranking_epss":0.64839,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211101","https://support.apple.com/HT211102","https://support.apple.com/HT211103","https://support.apple.com/HT211100","https://support.apple.com/HT211101","https://support.apple.com/HT211102","https://support.apple.com/HT211103"],"published_time":"2020-04-01T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3884","summary":"An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00502,"ranking_epss":0.66091,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211100","https://support.apple.com/HT211100"],"published_time":"2020-04-01T18:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8741","summary":"A denial of service issue was addressed with improved input validation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02749,"ranking_epss":0.86015,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://eprint.iacr.org/2019/1421","https://support.apple.com/HT210604","https://support.apple.com/HT210606","https://support.apple.com/HT210607","https://support.apple.com/HT210634","https://support.apple.com/HT210635","https://support.apple.com/HT210636","https://support.apple.com/HT210637","https://eprint.iacr.org/2019/1421","https://support.apple.com/HT210604","https://support.apple.com/HT210606","https://support.apple.com/HT210607","https://support.apple.com/HT210634","https://support.apple.com/HT210635","https://support.apple.com/HT210636","https://support.apple.com/HT210637"],"published_time":"2020-02-28T14:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3866","summary":"This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Catalina 10.15.3. Searching for and opening a file from an attacker controlled NFS mount may bypass Gatekeeper.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00217,"ranking_epss":0.44241,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210919","https://support.apple.com/HT210919"],"published_time":"2020-02-27T21:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3870","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00613,"ranking_epss":0.69869,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921","https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921"],"published_time":"2020-02-27T21:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3871","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00374,"ranking_epss":0.59095,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210919","https://support.apple.com/HT210919"],"published_time":"2020-02-27T21:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3872","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00325,"ranking_epss":0.55564,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921","https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921"],"published_time":"2020-02-27T21:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3875","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00325,"ranking_epss":0.55564,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921","https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921"],"published_time":"2020-02-27T21:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3877","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01152,"ranking_epss":0.78517,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210919","https://support.apple.com/HT210921","https://support.apple.com/HT210919","https://support.apple.com/HT210921"],"published_time":"2020-02-27T21:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3878","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00616,"ranking_epss":0.69951,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211178","https://support.apple.com/HT211179","https://support.apple.com/HT211181","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/HT211178","https://support.apple.com/HT211179","https://support.apple.com/HT211181"],"published_time":"2020-02-27T21:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3845","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00374,"ranking_epss":0.59095,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210919","https://support.apple.com/HT210919"],"published_time":"2020-02-27T21:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3846","summary":"A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00773,"ranking_epss":0.73612,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210947","https://support.apple.com/HT210948","https://support.apple.com/HT210947","https://support.apple.com/HT210948"],"published_time":"2020-02-27T21:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3853","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. A malicious application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00414,"ranking_epss":0.61645,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921","https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921"],"published_time":"2020-02-27T21:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3854","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00374,"ranking_epss":0.59095,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210919","https://support.apple.com/HT210919"],"published_time":"2020-02-27T21:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3856","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted string may lead to heap corruption.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00352,"ranking_epss":0.57621,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921","https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921"],"published_time":"2020-02-27T21:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3857","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00226,"ranking_epss":0.45384,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921","https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921"],"published_time":"2020-02-27T21:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3829","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00299,"ranking_epss":0.53266,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921","https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921"],"published_time":"2020-02-27T21:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3830","summary":"A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to overwrite arbitrary files.","cvss":3.3,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00181,"ranking_epss":0.39753,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210919","https://support.apple.com/HT210919"],"published_time":"2020-02-27T21:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3835","summary":"A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to access restricted files.","cvss":4.4,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00137,"ranking_epss":0.33427,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210919","https://support.apple.com/HT210919"],"published_time":"2020-02-27T21:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3836","summary":"An access issue was addressed with improved memory management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. A malicious application may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00134,"ranking_epss":0.32953,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921","https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921"],"published_time":"2020-02-27T21:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3837","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0642,"ranking_epss":0.91076,"kev":true,"propose_action":"Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.","ransomware_campaign":"Unknown","references":["https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921","https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3837"],"published_time":"2020-02-27T21:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3838","summary":"The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00399,"ranking_epss":0.60698,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2021/Apr/51","https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921","https://support.apple.com/kb/HT212326","https://support.apple.com/kb/HT212327","http://seclists.org/fulldisclosure/2021/Apr/51","https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921","https://support.apple.com/kb/HT212326","https://support.apple.com/kb/HT212327"],"published_time":"2020-02-27T21:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3839","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.3. An application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00159,"ranking_epss":0.36705,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210919","https://support.apple.com/HT210919"],"published_time":"2020-02-27T21:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3840","summary":"An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1. Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00469,"ranking_epss":0.6456,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920"],"published_time":"2020-02-27T21:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3842","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00414,"ranking_epss":0.61645,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921","https://support.apple.com/HT210918","https://support.apple.com/HT210919","https://support.apple.com/HT210920","https://support.apple.com/HT210921"],"published_time":"2020-02-27T21:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3826","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing a maliciously crafted image may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00504,"ranking_epss":0.6617,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210947","https://support.apple.com/HT210948","https://support.apple.com/HT210947","https://support.apple.com/HT210948"],"published_time":"2020-02-27T21:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3827","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. Viewing a maliciously crafted JPEG file may lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00374,"ranking_epss":0.59095,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210919","https://support.apple.com/HT210919"],"published_time":"2020-02-27T21:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-20044","summary":"In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.20806,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/May/49","http://seclists.org/fulldisclosure/2020/May/53","http://seclists.org/fulldisclosure/2020/May/55","http://seclists.org/fulldisclosure/2020/May/59","http://zsh.sourceforge.net/releases.html","https://github.com/XMB5/zsh-privileged-upgrade","https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html","https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6/","https://security.gentoo.org/glsa/202003-55","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/kb/HT211168","https://support.apple.com/kb/HT211170","https://support.apple.com/kb/HT211171","https://support.apple.com/kb/HT211175","https://www.zsh.org/mla/zsh-announce/141","http://seclists.org/fulldisclosure/2020/May/49","http://seclists.org/fulldisclosure/2020/May/53","http://seclists.org/fulldisclosure/2020/May/55","http://seclists.org/fulldisclosure/2020/May/59","http://zsh.sourceforge.net/releases.html","https://github.com/XMB5/zsh-privileged-upgrade","https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html","https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6/","https://security.gentoo.org/glsa/202003-55","https://support.apple.com/HT211168","https://support.apple.com/HT211170","https://support.apple.com/HT211171","https://support.apple.com/HT211175","https://support.apple.com/kb/HT211168","https://support.apple.com/kb/HT211170","https://support.apple.com/kb/HT211171","https://support.apple.com/kb/HT211175","https://www.zsh.org/mla/zsh-announce/141"],"published_time":"2020-02-24T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-4606","summary":"Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00218,"ranking_epss":0.44436,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/93055","http://www.securitytracker.com/id/1036858","https://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html","http://www.securityfocus.com/bid/93055","http://www.securitytracker.com/id/1036858","https://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"],"published_time":"2020-02-21T02:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2012-5366","summary":"The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00941,"ranking_epss":0.76274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2012/10/10/12","https://www.securityfocus.com/bid/56170/info","http://www.openwall.com/lists/oss-security/2012/10/10/12","https://www.securityfocus.com/bid/56170/info"],"published_time":"2020-02-20T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2011-3336","summary":"regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.24637,"ranking_epss":0.96146,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2014/Mar/166","http://www.securityfocus.com/bid/50541","https://cxsecurity.com/issue/WLB-2011110082","https://www.securityfocus.com/archive/1/520390","http://seclists.org/fulldisclosure/2014/Mar/166","http://www.securityfocus.com/bid/50541","https://cxsecurity.com/issue/WLB-2011110082","https://www.securityfocus.com/archive/1/520390"],"published_time":"2020-02-12T20:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2014-8128","summary":"LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00994,"ranking_epss":0.76963,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html","http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html","http://openwall.com/lists/oss-security/2015/01/24/15","http://support.apple.com/kb/HT204941","http://support.apple.com/kb/HT204942","http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt","https://bugzilla.redhat.com/show_bug.cgi?id=1185812","http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html","http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html","http://openwall.com/lists/oss-security/2015/01/24/15","http://support.apple.com/kb/HT204941","http://support.apple.com/kb/HT204942","http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt","https://bugzilla.redhat.com/show_bug.cgi?id=1185812"],"published_time":"2020-02-12T03:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2014-9390","summary":"Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.77155,"ranking_epss":0.98973,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://article.gmane.org/gmane.linux.kernel/1853266","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","http://mercurial.selenic.com/wiki/WhatsNew","http://securitytracker.com/id?1031404","http://support.apple.com/kb/HT204147","https://github.com/blog/1938-git-client-vulnerability-announced","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915","https://libgit2.org/security/","https://news.ycombinator.com/item?id=8769667","http://article.gmane.org/gmane.linux.kernel/1853266","http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","http://mercurial.selenic.com/wiki/WhatsNew","http://securitytracker.com/id?1031404","http://support.apple.com/kb/HT204147","https://github.com/blog/1938-git-client-vulnerability-announced","https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915","https://libgit2.org/security/","https://news.ycombinator.com/item?id=8769667"],"published_time":"2020-02-12T02:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15126","summary":"An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.","cvss":3.1,"cvss_version":3.0,"cvss_v2":2.9,"cvss_v3":3.1,"cvss_v4":null,"epss":0.08412,"ranking_epss":0.92345,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html","http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en","http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en","https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf","https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001","https://support.apple.com/kb/HT210721","https://support.apple.com/kb/HT210722","https://support.apple.com/kb/HT210788","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure","https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05","https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/","https://www.synology.com/security/advisory/Synology_SA_20_03","http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html","http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en","http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en","https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf","https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001","https://support.apple.com/kb/HT210721","https://support.apple.com/kb/HT210722","https://support.apple.com/kb/HT210788","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure","https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05","https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/","https://www.synology.com/security/advisory/Synology_SA_20_03"],"published_time":"2020-02-05T17:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-4676","summary":"A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01783,"ranking_epss":0.82763,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2016/Oct/89","http://www.securityfocus.com/bid/93851","http://www.securitytracker.com/id/1037087","https://lists.apple.com/archives/security-announce/2016/Oct/msg00002.html","https://packetstormsecurity.com/files/cve/CVE-2016-4676","http://seclists.org/fulldisclosure/2016/Oct/89","http://www.securityfocus.com/bid/93851","http://www.securitytracker.com/id/1037087","https://lists.apple.com/archives/security-announce/2016/Oct/msg00002.html","https://packetstormsecurity.com/files/cve/CVE-2016-4676"],"published_time":"2020-02-03T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2013-1866","summary":"OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability","cvss":6.1,"cvss_version":3.0,"cvss_v2":6.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00149,"ranking_epss":0.35418,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/58620","https://exchange.xforce.ibmcloud.com/vulnerabilities/82987","http://www.securityfocus.com/bid/58620","https://exchange.xforce.ibmcloud.com/vulnerabilities/82987"],"published_time":"2020-01-30T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2013-1867","summary":"Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability","cvss":6.1,"cvss_version":3.0,"cvss_v2":6.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42276,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/58618","https://exchange.xforce.ibmcloud.com/vulnerabilities/82988","http://www.securityfocus.com/bid/58618","https://exchange.xforce.ibmcloud.com/vulnerabilities/82988"],"published_time":"2020-01-30T14:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8255","summary":"Brackets versions 1.14 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.16305,"ranking_epss":0.94847,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/brackets/apsb19-57.html","https://helpx.adobe.com/security/products/brackets/apsb19-57.html"],"published_time":"2019-12-19T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19906","summary":"cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00481,"ranking_epss":0.65155,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Jul/23","http://seclists.org/fulldisclosure/2020/Jul/24","http://www.openwall.com/lists/oss-security/2022/02/23/4","https://github.com/cyrusimap/cyrus-sasl/issues/587","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MW6GZCLECGL2PBNHVNPJIX4RPVRVFR7R/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OB4GSVOJ6ESHQNT5GSV63OX5D4KPSTGT/","https://seclists.org/bugtraq/2019/Dec/42","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://usn.ubuntu.com/4256-1/","https://www.debian.org/security/2019/dsa-4591","https://www.openldap.org/its/index.cgi/Incoming?id=9123","http://seclists.org/fulldisclosure/2020/Jul/23","http://seclists.org/fulldisclosure/2020/Jul/24","http://www.openwall.com/lists/oss-security/2022/02/23/4","https://github.com/cyrusimap/cyrus-sasl/issues/587","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MW6GZCLECGL2PBNHVNPJIX4RPVRVFR7R/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OB4GSVOJ6ESHQNT5GSV63OX5D4KPSTGT/","https://seclists.org/bugtraq/2019/Dec/42","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://usn.ubuntu.com/4256-1/","https://www.debian.org/security/2019/dsa-4591","https://www.openldap.org/its/index.cgi/Incoming?id=9123"],"published_time":"2019-12-19T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8817","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.1. An application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.003,"ranking_epss":0.53364,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210722","https://support.apple.com/HT210722"],"published_time":"2019-12-18T18:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8805","summary":"A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Catalina 10.15.1. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.13462,"ranking_epss":0.94227,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210722","https://support.apple.com/HT210722"],"published_time":"2019-12-18T18:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8807","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00303,"ranking_epss":0.53642,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210722","https://support.apple.com/HT210722"],"published_time":"2019-12-18T18:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8794","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00359,"ranking_epss":0.58129,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210721","https://support.apple.com/HT210722","https://support.apple.com/HT210723","https://support.apple.com/HT210724","https://support.apple.com/HT210721","https://support.apple.com/HT210722","https://support.apple.com/HT210723","https://support.apple.com/HT210724"],"published_time":"2019-12-18T18:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8797","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00456,"ranking_epss":0.63905,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210721","https://support.apple.com/HT210722","https://support.apple.com/HT210723","https://support.apple.com/HT210724","https://support.apple.com/HT210721","https://support.apple.com/HT210722","https://support.apple.com/HT210723","https://support.apple.com/HT210724"],"published_time":"2019-12-18T18:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8798","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with system privileges.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00173,"ranking_epss":0.38651,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210721","https://support.apple.com/HT210722","https://support.apple.com/HT210723","https://support.apple.com/HT210724","https://support.apple.com/HT210721","https://support.apple.com/HT210722","https://support.apple.com/HT210723","https://support.apple.com/HT210724"],"published_time":"2019-12-18T18:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8801","summary":"A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00154,"ranking_epss":0.36136,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210722","https://support.apple.com/HT210726","https://support.apple.com/HT210722","https://support.apple.com/HT210726"],"published_time":"2019-12-18T18:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8802","summary":"A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15.1. A malicious application may be able to gain root privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00141,"ranking_epss":0.34217,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210722","https://support.apple.com/HT210722"],"published_time":"2019-12-18T18:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8803","summary":"An authentication issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A local attacker may be able to login to the account of a previously logged in user without valid credentials..","cvss":8.4,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":8.4,"cvss_v4":null,"epss":0.00159,"ranking_epss":0.36748,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210721","https://support.apple.com/HT210722","https://support.apple.com/HT210723","https://support.apple.com/HT210724","https://support.apple.com/HT210721","https://support.apple.com/HT210722","https://support.apple.com/HT210723","https://support.apple.com/HT210724"],"published_time":"2019-12-18T18:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8785","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00456,"ranking_epss":0.63905,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210721","https://support.apple.com/HT210722","https://support.apple.com/HT210723","https://support.apple.com/HT210724","https://support.apple.com/HT210721","https://support.apple.com/HT210722","https://support.apple.com/HT210723","https://support.apple.com/HT210724"],"published_time":"2019-12-18T18:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8786","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00456,"ranking_epss":0.63905,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210721","https://support.apple.com/HT210722","https://support.apple.com/HT210723","https://support.apple.com/HT210724","https://support.apple.com/HT210721","https://support.apple.com/HT210722","https://support.apple.com/HT210723","https://support.apple.com/HT210724"],"published_time":"2019-12-18T18:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8787","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A remote attacker may be able to leak memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00689,"ranking_epss":0.71783,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210721","https://support.apple.com/HT210722","https://support.apple.com/HT210723","https://support.apple.com/HT210724","https://support.apple.com/HT210721","https://support.apple.com/HT210722","https://support.apple.com/HT210723","https://support.apple.com/HT210724"],"published_time":"2019-12-18T18:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8788","summary":"An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Improper URL processing may lead to data exfiltration.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00348,"ranking_epss":0.57352,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210721","https://support.apple.com/HT210722","https://support.apple.com/HT210721","https://support.apple.com/HT210722"],"published_time":"2019-12-18T18:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8789","summary":"A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00244,"ranking_epss":0.47712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210721","https://support.apple.com/HT210722","https://support.apple.com/HT210721","https://support.apple.com/HT210722"],"published_time":"2019-12-18T18:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8770","summary":"The issue was addressed with improved permissions logic. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access recent documents.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00227,"ranking_epss":0.45461,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210634","https://support.apple.com/HT210634"],"published_time":"2019-12-18T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8772","summary":"An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00348,"ranking_epss":0.57352,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210634","https://support.apple.com/kb/HT210722","https://support.apple.com/HT210634","https://support.apple.com/kb/HT210722"],"published_time":"2019-12-18T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8781","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.15354,"ranking_epss":0.94653,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210634","https://support.apple.com/HT210634"],"published_time":"2019-12-18T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8784","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00499,"ranking_epss":0.65942,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210721","https://support.apple.com/HT210722","https://support.apple.com/HT210726","https://support.apple.com/HT210727","https://support.apple.com/HT210728","https://support.apple.com/HT210721","https://support.apple.com/HT210722","https://support.apple.com/HT210726","https://support.apple.com/HT210727","https://support.apple.com/HT210728"],"published_time":"2019-12-18T18:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8755","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to determine kernel memory layout.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00127,"ranking_epss":0.31969,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210634","https://support.apple.com/HT210634"],"published_time":"2019-12-18T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8757","summary":"A race condition existed when reading and writing user preferences. This was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15. The \"Share Mac Analytics\" setting may not be disabled when a user deselects the switch to share analytics.","cvss":2.5,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":2.5,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.2652,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210634","https://support.apple.com/HT210634"],"published_time":"2019-12-18T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8758","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00122,"ranking_epss":0.31193,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210634","https://support.apple.com/HT210634"],"published_time":"2019-12-18T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8768","summary":"\"Clear History and Website Data\" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.0051,"ranking_epss":0.66421,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202003-22","https://support.apple.com/HT210634","https://security.gentoo.org/glsa/202003-22","https://support.apple.com/HT210634"],"published_time":"2019-12-18T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8769","summary":"An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.3573,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202003-22","https://support.apple.com/HT210634","https://security.gentoo.org/glsa/202003-22","https://support.apple.com/HT210634"],"published_time":"2019-12-18T18:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8745","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15, tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing a maliciously crafted text file may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01083,"ranking_epss":0.77893,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210634","https://support.apple.com/HT210635","https://support.apple.com/HT210636","https://support.apple.com/HT210637","https://support.apple.com/kb/HT210722","https://support.apple.com/HT210634","https://support.apple.com/HT210635","https://support.apple.com/HT210636","https://support.apple.com/HT210637","https://support.apple.com/kb/HT210722"],"published_time":"2019-12-18T18:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8748","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00122,"ranking_epss":0.31193,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210634","https://support.apple.com/kb/HT210722","https://support.apple.com/HT210634","https://support.apple.com/kb/HT210722"],"published_time":"2019-12-18T18:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8730","summary":"The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes.","cvss":3.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00107,"ranking_epss":0.28902,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210634","https://support.apple.com/HT210634"],"published_time":"2019-12-18T18:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8705","summary":"A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15, tvOS 13. Processing a maliciously crafted movie may result in the disclosure of process memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0021,"ranking_epss":0.43417,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210634","https://support.apple.com/kb/HT210722","https://support.apple.com/HT210634","https://support.apple.com/kb/HT210722"],"published_time":"2019-12-18T18:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8717","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, tvOS 13. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00239,"ranking_epss":0.47039,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210634","https://support.apple.com/kb/HT210722","https://support.apple.com/HT210634","https://support.apple.com/kb/HT210722"],"published_time":"2019-12-18T18:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8692","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210348","https://support.apple.com/HT210348"],"published_time":"2019-12-18T18:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8693","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00226,"ranking_epss":0.45414,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210348","https://support.apple.com/HT210348"],"published_time":"2019-12-18T18:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8694","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00245,"ranking_epss":0.4779,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210348","https://support.apple.com/HT210348"],"published_time":"2019-12-18T18:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8695","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00264,"ranking_epss":0.49884,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210348","https://support.apple.com/HT210348"],"published_time":"2019-12-18T18:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8697","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15143,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210348","https://support.apple.com/HT210348"],"published_time":"2019-12-18T18:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8701","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00122,"ranking_epss":0.31193,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210634","https://support.apple.com/HT210634"],"published_time":"2019-12-18T18:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8684","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03291,"ranking_epss":0.87223,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8685","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01466,"ranking_epss":0.80928,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8686","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00816,"ranking_epss":0.74363,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8687","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00816,"ranking_epss":0.74363,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8688","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03941,"ranking_epss":0.88356,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8689","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.30057,"ranking_epss":0.96671,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8690","summary":"A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.08113,"ranking_epss":0.92172,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8691","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210348","https://support.apple.com/HT210348"],"published_time":"2019-12-18T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8676","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03291,"ranking_epss":0.87223,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8677","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00816,"ranking_epss":0.74363,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8678","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00816,"ranking_epss":0.74363,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8679","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00816,"ranking_epss":0.74363,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8680","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00816,"ranking_epss":0.74363,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8681","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00816,"ranking_epss":0.74363,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8683","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00825,"ranking_epss":0.74488,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8666","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00816,"ranking_epss":0.74363,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8667","summary":"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6. The encryption status of a Time Machine backup may be incorrect.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.0013,"ranking_epss":0.32402,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210348","https://support.apple.com/HT210348"],"published_time":"2019-12-18T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8669","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03291,"ranking_epss":0.87223,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8670","summary":"An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00222,"ranking_epss":0.44811,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210348","https://support.apple.com/HT210355","https://support.apple.com/HT210348","https://support.apple.com/HT210355"],"published_time":"2019-12-18T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8671","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.25381,"ranking_epss":0.96221,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8672","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.41725,"ranking_epss":0.97433,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8673","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00816,"ranking_epss":0.74363,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8646","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to leak memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.05228,"ranking_epss":0.89973,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353"],"published_time":"2019-12-18T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8648","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.0268,"ranking_epss":0.85861,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353"],"published_time":"2019-12-18T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8649","summary":"A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.08579,"ranking_epss":0.92425,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8657","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00645,"ranking_epss":0.70719,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353"],"published_time":"2019-12-18T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8658","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00776,"ranking_epss":0.73661,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8660","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.09031,"ranking_epss":0.9265,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353"],"published_time":"2019-12-18T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8661","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.6. A remote attacker may be able to cause arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.0503,"ranking_epss":0.89759,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210348","https://support.apple.com/HT210348"],"published_time":"2019-12-18T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8662","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.12123,"ranking_epss":0.93833,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353"],"published_time":"2019-12-18T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8663","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6. A remote attacker may be able to leak memory.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.02252,"ranking_epss":0.8461,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210346","https://support.apple.com/HT210348"],"published_time":"2019-12-18T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8628","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00588,"ranking_epss":0.69162,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8629","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48715,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210119","https://support.apple.com/HT210119"],"published_time":"2019-12-18T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8634","summary":"An authentication issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5. A user may be unexpectedly logged in to another user’s account.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00323,"ranking_epss":0.55355,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210119","https://support.apple.com/HT210119"],"published_time":"2019-12-18T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8635","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15143,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210119","https://support.apple.com/HT210119"],"published_time":"2019-12-18T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8641","summary":"An out-of-bounds read was addressed with improved input validation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.10883,"ranking_epss":0.93411,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210588","https://support.apple.com/HT210589","https://support.apple.com/HT210590","https://support.apple.com/HT210606","https://support.apple.com/HT210607","https://support.apple.com/HT210588","https://support.apple.com/HT210589","https://support.apple.com/HT210590","https://support.apple.com/HT210606","https://support.apple.com/HT210607"],"published_time":"2019-12-18T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8644","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00816,"ranking_epss":0.74363,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8608","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":6.3,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00767,"ranking_epss":0.73516,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8609","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00811,"ranking_epss":0.74274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8610","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00811,"ranking_epss":0.74274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8611","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.25276,"ranking_epss":0.96209,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8615","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00728,"ranking_epss":0.72665,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8616","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15143,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210119","https://support.apple.com/HT210119"],"published_time":"2019-12-18T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8619","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00811,"ranking_epss":0.74274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8622","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.24382,"ranking_epss":0.96121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8623","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.24382,"ranking_epss":0.96121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8596","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00811,"ranking_epss":0.74274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8597","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00728,"ranking_epss":0.72665,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8598","summary":"An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.03391,"ranking_epss":0.87421,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8600","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"cvss_v4":null,"epss":0.12695,"ranking_epss":0.94009,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8601","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.09556,"ranking_epss":0.92872,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8602","summary":"A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.041,"ranking_epss":0.88609,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8603","summary":"A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5. An application may be able to read restricted memory.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00441,"ranking_epss":0.63261,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210119","https://support.apple.com/HT210119"],"published_time":"2019-12-18T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8604","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.","cvss":8.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26509,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210119","https://support.apple.com/HT210119"],"published_time":"2019-12-18T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8605","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.12104,"ranking_epss":0.93827,"kev":true,"propose_action":"A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges.","ransomware_campaign":"Unknown","references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8605"],"published_time":"2019-12-18T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8606","summary":"A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mojave 10.14.5. A local user may be able to load unsigned kernel extensions.","cvss":7.0,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08567,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210119","https://support.apple.com/HT210119"],"published_time":"2019-12-18T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8607","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00683,"ranking_epss":0.71662,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8577","summary":"An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. An application may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00724,"ranking_epss":0.72581,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://research.checkpoint.com/2019/select-code_execution-from-using-sqlite/","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8583","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0082,"ranking_epss":0.74422,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8584","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00811,"ranking_epss":0.74274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8585","summary":"An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. Processing a maliciously crafted movie file may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00679,"ranking_epss":0.71574,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122"],"published_time":"2019-12-18T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8586","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00811,"ranking_epss":0.74274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8587","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00811,"ranking_epss":0.74274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8589","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.5. A malicious application may bypass Gatekeeper checks.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00194,"ranking_epss":0.41278,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210119","https://support.apple.com/HT210119"],"published_time":"2019-12-18T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8590","summary":"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00264,"ranking_epss":0.49884,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210119","https://support.apple.com/HT210119"],"published_time":"2019-12-18T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8591","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to cause unexpected system termination or write kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":8.8,"cvss_v3":7.1,"cvss_v4":null,"epss":0.08398,"ranking_epss":0.92339,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122"],"published_time":"2019-12-18T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8594","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00811,"ranking_epss":0.74274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8595","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00811,"ranking_epss":0.74274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8560","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00269,"ranking_epss":0.50438,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122"],"published_time":"2019-12-18T18:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8561","summary":"A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.27114,"ranking_epss":0.96392,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209600","https://support.apple.com/HT209600"],"published_time":"2019-12-18T18:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8565","summary":"A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to gain root privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":7.6,"cvss_v3":7.0,"cvss_v4":null,"epss":0.2874,"ranking_epss":0.96556,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209599","https://support.apple.com/HT209600"],"published_time":"2019-12-18T18:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8568","summary":"A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to modify protected parts of the file system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.19367,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122"],"published_time":"2019-12-18T18:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8571","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00811,"ranking_epss":0.74274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8574","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00243,"ranking_epss":0.47578,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122"],"published_time":"2019-12-18T18:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8576","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to cause unexpected system termination or read kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":6.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16175,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210122"],"published_time":"2019-12-18T18:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8545","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to cause unexpected system termination or read kernel memory.","cvss":7.1,"cvss_version":3.0,"cvss_v2":6.6,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19012,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602"],"published_time":"2019-12-18T18:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8546","summary":"An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A local user may be able to view sensitive user information.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18905,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209602","https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209602"],"published_time":"2019-12-18T18:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8549","summary":"Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to execute arbitrary code with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00256,"ranking_epss":0.49042,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602"],"published_time":"2019-12-18T18:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8550","summary":"An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00314,"ranking_epss":0.54577,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209602","https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209602"],"published_time":"2019-12-18T18:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8552","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00259,"ranking_epss":0.49272,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602"],"published_time":"2019-12-18T18:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8555","summary":"A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00397,"ranking_epss":0.60579,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209600","https://support.apple.com/HT209600"],"published_time":"2019-12-18T18:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8522","summary":"A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4. An encrypted volume may be unmounted and remounted by a different user without prompting for the password.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14363,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209600","https://support.apple.com/HT209600"],"published_time":"2019-12-18T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8526","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00655,"ranking_epss":0.70967,"kev":true,"propose_action":"Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.","ransomware_campaign":"Unknown","references":["https://support.apple.com/HT209600","https://support.apple.com/HT209600","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8526"],"published_time":"2019-12-18T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8527","summary":"A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.","cvss":9.1,"cvss_version":3.0,"cvss_v2":9.4,"cvss_v3":9.1,"cvss_v4":null,"epss":0.01605,"ranking_epss":0.81758,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602"],"published_time":"2019-12-18T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8529","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. An application may be able to execute arbitrary code with kernel privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.1301,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209599","https://support.apple.com/HT209600"],"published_time":"2019-12-18T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8530","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. A malicious application may be able to overwrite arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00292,"ranking_epss":0.52626,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601"],"published_time":"2019-12-18T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8533","summary":"A lock handling issue was addressed with improved lock handling. This issue is fixed in macOS Mojave 10.14.4. A Mac may not lock when disconnecting from an external monitor.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15099,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209600","https://support.apple.com/HT209600"],"published_time":"2019-12-18T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8537","summary":"An access issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to view a user’s locked notes.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14702,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209600","https://support.apple.com/HT209600"],"published_time":"2019-12-18T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8540","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00402,"ranking_epss":0.60846,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602"],"published_time":"2019-12-18T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8542","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious application may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0035,"ranking_epss":0.57511,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209604","https://support.apple.com/HT209605","https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209604","https://support.apple.com/HT209605"],"published_time":"2019-12-18T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8508","summary":"A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15072,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209600","https://support.apple.com/HT209600"],"published_time":"2019-12-18T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8510","summary":"An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.2086,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602"],"published_time":"2019-12-18T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8511","summary":"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A malicious application may be able to elevate privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00365,"ranking_epss":0.5853,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209602","https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209602"],"published_time":"2019-12-18T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8513","summary":"This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell commands.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"cvss_v4":null,"epss":0.09355,"ranking_epss":0.92787,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209600","https://support.apple.com/HT209600"],"published_time":"2019-12-18T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8514","summary":"A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. An application may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.02778,"ranking_epss":0.86076,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602"],"published_time":"2019-12-18T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8516","summary":"A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00772,"ranking_epss":0.736,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602"],"published_time":"2019-12-18T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8517","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted font may result in the disclosure of process memory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00358,"ranking_epss":0.58054,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602"],"published_time":"2019-12-18T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8519","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. An application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209600","https://support.apple.com/HT209600"],"published_time":"2019-12-18T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8520","summary":"An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to read restricted memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209600","https://support.apple.com/HT209600"],"published_time":"2019-12-18T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8521","summary":"This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to overwrite arbitrary files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00213,"ranking_epss":0.43779,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209599","https://support.apple.com/HT209600"],"published_time":"2019-12-18T18:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7286","summary":"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"cvss_v4":null,"epss":0.01453,"ranking_epss":0.80831,"kev":true,"propose_action":"Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation.","ransomware_campaign":"Unknown","references":["https://support.apple.com/HT209520","https://support.apple.com/HT209521","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209520","https://support.apple.com/HT209521","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7286"],"published_time":"2019-12-18T18:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7293","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to read kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21666,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602"],"published_time":"2019-12-18T18:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8502","summary":"An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization.","cvss":3.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.3,"cvss_v4":null,"epss":0.00235,"ranking_epss":0.46369,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602"],"published_time":"2019-12-18T18:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8504","summary":"A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A local user may be able to read kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.14048,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209599","https://support.apple.com/HT209600"],"published_time":"2019-12-18T18:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8507","summary":"Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.4. Processing malicious data may lead to unexpected application termination.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209600","https://support.apple.com/HT209600"],"published_time":"2019-12-18T18:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-6207","summary":"An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00656,"ranking_epss":0.7104,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209599","https://support.apple.com/HT209600","https://support.apple.com/HT209601","https://support.apple.com/HT209602"],"published_time":"2019-12-18T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-6237","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00811,"ranking_epss":0.74274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212","https://support.apple.com/HT210118","https://support.apple.com/HT210119","https://support.apple.com/HT210120","https://support.apple.com/HT210123","https://support.apple.com/HT210124","https://support.apple.com/HT210125","https://support.apple.com/HT210212"],"published_time":"2019-12-18T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-6239","summary":"This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojave 10.14.4. A malicious application may bypass Gatekeeper checks.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15337,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209446","https://support.apple.com/HT209600","https://support.apple.com/HT209446","https://support.apple.com/HT209600"],"published_time":"2019-12-18T18:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14899","summary":"A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.","cvss":7.4,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":7.4,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15472,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Dec/32","http://seclists.org/fulldisclosure/2020/Jul/23","http://seclists.org/fulldisclosure/2020/Jul/24","http://seclists.org/fulldisclosure/2020/Jul/25","http://seclists.org/fulldisclosure/2020/Nov/20","http://www.openwall.com/lists/oss-security/2020/08/13/2","http://www.openwall.com/lists/oss-security/2020/10/07/3","http://www.openwall.com/lists/oss-security/2021/07/05/1","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899","https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211931","http://seclists.org/fulldisclosure/2020/Dec/32","http://seclists.org/fulldisclosure/2020/Jul/23","http://seclists.org/fulldisclosure/2020/Jul/24","http://seclists.org/fulldisclosure/2020/Jul/25","http://seclists.org/fulldisclosure/2020/Nov/20","http://www.openwall.com/lists/oss-security/2020/08/13/2","http://www.openwall.com/lists/oss-security/2020/10/07/3","http://www.openwall.com/lists/oss-security/2021/07/05/1","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899","https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/","https://support.apple.com/kb/HT211288","https://support.apple.com/kb/HT211289","https://support.apple.com/kb/HT211290","https://support.apple.com/kb/HT211850","https://support.apple.com/kb/HT211931"],"published_time":"2019-12-11T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5541","summary":"VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition on their own VM.","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00706,"ranking_epss":0.7217,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.vmware.com/security/advisories/VMSA-2019-0021.html","https://www.vmware.com/security/advisories/VMSA-2019-0021.html"],"published_time":"2019-11-20T16:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5540","summary":"VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process.","cvss":7.7,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":7.7,"cvss_v4":null,"epss":0.00222,"ranking_epss":0.44799,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.vmware.com/security/advisories/VMSA-2019-0021.html","https://www.vmware.com/security/advisories/VMSA-2019-0021.html"],"published_time":"2019-11-20T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8238","summary":"Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010.20099 and earlier versions; 2017.011.30140 and earlier version; 2017.011.30138 and earlier version; 2015.006.30495 and earlier versions; 2015.006.30493 and earlier versions have a Path Traversal vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.03212,"ranking_epss":0.87051,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-18.html","https://helpx.adobe.com/security/products/acrobat/apsb19-18.html"],"published_time":"2019-10-23T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8064","summary":"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"cvss_v4":null,"epss":0.01736,"ranking_epss":0.82517,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-49.html","https://helpx.adobe.com/security/products/acrobat/apsb19-49.html"],"published_time":"2019-10-17T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8160","summary":"Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to information disclosure.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"cvss_v4":null,"epss":0.01093,"ranking_epss":0.77993,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-49.html","https://helpx.adobe.com/security/products/acrobat/apsb19-49.html"],"published_time":"2019-10-17T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5527","summary":"ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.","cvss":8.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09582,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.vmware.com/security/advisories/VMSA-2019-0014.html","https://www.vmware.com/security/advisories/VMSA-2019-0014.html"],"published_time":"2019-10-10T17:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15165","summary":"sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.01031,"ranking_epss":0.7736,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES","https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab","https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6","https://lists.debian.org/debian-lts-announce/2019/10/msg00031.html","https://lists.debian.org/debian-lts-announce/2021/12/msg00014.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/","https://seclists.org/bugtraq/2019/Dec/23","https://support.apple.com/kb/HT210785","https://support.apple.com/kb/HT210788","https://support.apple.com/kb/HT210789","https://support.apple.com/kb/HT210790","https://usn.ubuntu.com/4221-1/","https://usn.ubuntu.com/4221-2/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.tcpdump.org/public-cve-list.txt","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES","https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab","https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6","https://lists.debian.org/debian-lts-announce/2019/10/msg00031.html","https://lists.debian.org/debian-lts-announce/2021/12/msg00014.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/","https://seclists.org/bugtraq/2019/Dec/23","https://support.apple.com/kb/HT210785","https://support.apple.com/kb/HT210788","https://support.apple.com/kb/HT210789","https://support.apple.com/kb/HT210790","https://usn.ubuntu.com/4221-1/","https://usn.ubuntu.com/4221-2/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.tcpdump.org/public-cve-list.txt"],"published_time":"2019-10-03T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15166","summary":"lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.","cvss":1.6,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":1.6,"cvss_v4":null,"epss":0.01018,"ranking_epss":0.77239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14470","summary":"The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02005,"ranking_epss":0.83715,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/12f66f69f7bf1ec1266ddbee90a7616cbf33696b","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/12f66f69f7bf1ec1266ddbee90a7616cbf33696b","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14879","summary":"The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().","cvss":7.0,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0052,"ranking_epss":0.66842,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://support.f5.com/csp/article/K51512510?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://support.f5.com/csp/article/K51512510?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14880","summary":"The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00986,"ranking_epss":0.76866,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://support.f5.com/csp/article/K56551263?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://support.f5.com/csp/article/K56551263?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14881","summary":"The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01518,"ranking_epss":0.81271,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/86326e880d31b328a151d45348c35220baa9a1ff","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/86326e880d31b328a151d45348c35220baa9a1ff","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14882","summary":"The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02378,"ranking_epss":0.85005,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/d7505276842e85bfd067fa21cdb32b8a2dc3c5e4","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/d7505276842e85bfd067fa21cdb32b8a2dc3c5e4","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16227","summary":"The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.03505,"ranking_epss":0.87636,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/4846b3c5d0a850e860baf4f07340495d29837d09","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/4846b3c5d0a850e860baf4f07340495d29837d09","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16228","summary":"The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02169,"ranking_epss":0.84336,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/83a412a5275cac973c5841eca3511c766bed778d","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/83a412a5275cac973c5841eca3511c766bed778d","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16229","summary":"The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0297,"ranking_epss":0.86523,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16230","summary":"The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00474,"ranking_epss":0.64802,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/13d52e9c0e7caf7e6325b0051bc90a49968be67f","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/13d52e9c0e7caf7e6325b0051bc90a49968be67f","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16451","summary":"The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00474,"ranking_epss":0.64802,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/96480ab95308cd9234b4f09b175ebf60e17792c6","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/96480ab95308cd9234b4f09b175ebf60e17792c6","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14461","summary":"The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00335,"ranking_epss":0.56368,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14462","summary":"The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00519,"ranking_epss":0.66835,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14463","summary":"The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00618,"ranking_epss":0.69993,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/3de07c772166b7e8e8bb4b9d1d078f1d901b570b","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/3de07c772166b7e8e8bb4b9d1d078f1d901b570b","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14464","summary":"The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02005,"ranking_epss":0.83715,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/d97e94223720684c6aa740ff219e0d19426c2220","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/d97e94223720684c6aa740ff219e0d19426c2220","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14465","summary":"The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01758,"ranking_epss":0.82629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14466","summary":"The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00455,"ranking_epss":0.63858,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/c24922e692a52121e853a84ead6b9337f4c08a94","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/c24922e692a52121e853a84ead6b9337f4c08a94","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14467","summary":"The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00455,"ranking_epss":0.63858,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/e3f3b445e2d20ac5d5b7fcb7559ce6beb55da0c9","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/e3f3b445e2d20ac5d5b7fcb7559ce6beb55da0c9","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14468","summary":"The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00678,"ranking_epss":0.71558,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://support.f5.com/csp/article/K04367730?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://support.f5.com/csp/article/K04367730?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14469","summary":"The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00986,"ranking_epss":0.76866,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/396e94ff55a80d554b1fe46bf107db1e91008d6c","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES","https://github.com/the-tcpdump-group/tcpdump/commit/396e94ff55a80d554b1fe46bf107db1e91008d6c","https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/","https://seclists.org/bugtraq/2019/Dec/23","https://seclists.org/bugtraq/2019/Oct/28","https://security.netapp.com/advisory/ntap-20200120-0001/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4252-1/","https://usn.ubuntu.com/4252-2/","https://www.debian.org/security/2019/dsa-4547"],"published_time":"2019-10-03T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8063","summary":"Creative Cloud Desktop Application 4.6.1 and earlier versions have an insecure transmission of sensitive data vulnerability. Successful exploitation could lead to information leakage.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.03454,"ranking_epss":0.87536,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html","https://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html"],"published_time":"2019-08-16T17:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7957","summary":"Creative Cloud Desktop Application versions 4.6.1 and earlier have a security bypass vulnerability. Successful exploitation could lead to denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01407,"ranking_epss":0.80498,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html","https://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html"],"published_time":"2019-08-16T17:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7958","summary":"Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. Successful exploitation could lead to privilege escalation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00782,"ranking_epss":0.7376,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html","https://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html"],"published_time":"2019-08-16T17:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7959","summary":"Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.1772,"ranking_epss":0.95128,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html","https://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html"],"published_time":"2019-08-16T17:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9506","summary":"The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.","cvss":7.6,"cvss_version":3.0,"cvss_v2":4.8,"cvss_v3":7.6,"cvss_v4":null,"epss":0.04458,"ranking_epss":0.89088,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html","http://seclists.org/fulldisclosure/2019/Aug/11","http://seclists.org/fulldisclosure/2019/Aug/13","http://seclists.org/fulldisclosure/2019/Aug/14","http://seclists.org/fulldisclosure/2019/Aug/15","http://www.cs.ox.ac.uk/publications/publication12404-abstract.html","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en","https://access.redhat.com/errata/RHSA-2019:2975","https://access.redhat.com/errata/RHSA-2019:3055","https://access.redhat.com/errata/RHSA-2019:3076","https://access.redhat.com/errata/RHSA-2019:3089","https://access.redhat.com/errata/RHSA-2019:3165","https://access.redhat.com/errata/RHSA-2019:3187","https://access.redhat.com/errata/RHSA-2019:3217","https://access.redhat.com/errata/RHSA-2019:3218","https://access.redhat.com/errata/RHSA-2019:3220","https://access.redhat.com/errata/RHSA-2019:3231","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://access.redhat.com/errata/RHSA-2020:0204","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4147-1/","https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/","https://www.kb.cert.org/vuls/id/918987/","https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html","http://seclists.org/fulldisclosure/2019/Aug/11","http://seclists.org/fulldisclosure/2019/Aug/13","http://seclists.org/fulldisclosure/2019/Aug/14","http://seclists.org/fulldisclosure/2019/Aug/15","http://www.cs.ox.ac.uk/publications/publication12404-abstract.html","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en","https://access.redhat.com/errata/RHSA-2019:2975","https://access.redhat.com/errata/RHSA-2019:3055","https://access.redhat.com/errata/RHSA-2019:3076","https://access.redhat.com/errata/RHSA-2019:3089","https://access.redhat.com/errata/RHSA-2019:3165","https://access.redhat.com/errata/RHSA-2019:3187","https://access.redhat.com/errata/RHSA-2019:3217","https://access.redhat.com/errata/RHSA-2019:3218","https://access.redhat.com/errata/RHSA-2019:3220","https://access.redhat.com/errata/RHSA-2019:3231","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://access.redhat.com/errata/RHSA-2020:0204","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4147-1/","https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/","https://www.kb.cert.org/vuls/id/918987/","https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"],"published_time":"2019-08-14T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9518","summary":"Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.03645,"ranking_epss":0.87872,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://seclists.org/fulldisclosure/2019/Aug/16","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:3892","https://access.redhat.com/errata/RHSA-2019:4352","https://access.redhat.com/errata/RHSA-2020:0727","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61%40%3Cusers.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d%40%3Cannounce.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107%40%3Cdev.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75%40%3Ccommits.cassandra.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/","https://seclists.org/bugtraq/2019/Aug/24","https://seclists.org/bugtraq/2019/Sep/18","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K46011592","https://support.f5.com/csp/article/K46011592?utm_source=f5support&amp%3Butm_medium=RSS","https://www.debian.org/security/2019/dsa-4520","https://www.synology.com/security/advisory/Synology_SA_19_33","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://seclists.org/fulldisclosure/2019/Aug/16","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:3892","https://access.redhat.com/errata/RHSA-2019:4352","https://access.redhat.com/errata/RHSA-2020:0727","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61%40%3Cusers.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d%40%3Cannounce.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107%40%3Cdev.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75%40%3Ccommits.cassandra.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/","https://seclists.org/bugtraq/2019/Aug/24","https://seclists.org/bugtraq/2019/Sep/18","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K46011592","https://support.f5.com/csp/article/K46011592?utm_source=f5support&amp%3Butm_medium=RSS","https://www.debian.org/security/2019/dsa-4520","https://www.synology.com/security/advisory/Synology_SA_19_33"],"published_time":"2019-08-13T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9511","summary":"Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.13948,"ranking_epss":0.94344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html","https://access.redhat.com/errata/RHSA-2019:2692","https://access.redhat.com/errata/RHSA-2019:2745","https://access.redhat.com/errata/RHSA-2019:2746","https://access.redhat.com/errata/RHSA-2019:2775","https://access.redhat.com/errata/RHSA-2019:2799","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2949","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:2966","https://access.redhat.com/errata/RHSA-2019:3041","https://access.redhat.com/errata/RHSA-2019:3932","https://access.redhat.com/errata/RHSA-2019:3933","https://access.redhat.com/errata/RHSA-2019:3935","https://access.redhat.com/errata/RHSA-2019:4018","https://access.redhat.com/errata/RHSA-2019:4019","https://access.redhat.com/errata/RHSA-2019:4020","https://access.redhat.com/errata/RHSA-2019:4021","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/","https://seclists.org/bugtraq/2019/Aug/40","https://seclists.org/bugtraq/2019/Sep/1","https://security.netapp.com/advisory/ntap-20190823-0002/","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K02591030","https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4099-1/","https://www.debian.org/security/2019/dsa-4505","https://www.debian.org/security/2019/dsa-4511","https://www.debian.org/security/2020/dsa-4669","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://www.synology.com/security/advisory/Synology_SA_19_33","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html","https://access.redhat.com/errata/RHSA-2019:2692","https://access.redhat.com/errata/RHSA-2019:2745","https://access.redhat.com/errata/RHSA-2019:2746","https://access.redhat.com/errata/RHSA-2019:2775","https://access.redhat.com/errata/RHSA-2019:2799","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2949","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:2966","https://access.redhat.com/errata/RHSA-2019:3041","https://access.redhat.com/errata/RHSA-2019:3932","https://access.redhat.com/errata/RHSA-2019:3933","https://access.redhat.com/errata/RHSA-2019:3935","https://access.redhat.com/errata/RHSA-2019:4018","https://access.redhat.com/errata/RHSA-2019:4019","https://access.redhat.com/errata/RHSA-2019:4020","https://access.redhat.com/errata/RHSA-2019:4021","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/","https://seclists.org/bugtraq/2019/Aug/40","https://seclists.org/bugtraq/2019/Sep/1","https://security.netapp.com/advisory/ntap-20190823-0002/","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K02591030","https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4099-1/","https://www.debian.org/security/2019/dsa-4505","https://www.debian.org/security/2019/dsa-4511","https://www.debian.org/security/2020/dsa-4669","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://www.synology.com/security/advisory/Synology_SA_19_33"],"published_time":"2019-08-13T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9512","summary":"Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.51232,"ranking_epss":0.97889,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html","http://seclists.org/fulldisclosure/2019/Aug/16","http://www.openwall.com/lists/oss-security/2019/08/20/1","https://access.redhat.com/errata/RHSA-2019:2594","https://access.redhat.com/errata/RHSA-2019:2661","https://access.redhat.com/errata/RHSA-2019:2682","https://access.redhat.com/errata/RHSA-2019:2690","https://access.redhat.com/errata/RHSA-2019:2726","https://access.redhat.com/errata/RHSA-2019:2766","https://access.redhat.com/errata/RHSA-2019:2769","https://access.redhat.com/errata/RHSA-2019:2796","https://access.redhat.com/errata/RHSA-2019:2861","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:2966","https://access.redhat.com/errata/RHSA-2019:3131","https://access.redhat.com/errata/RHSA-2019:3245","https://access.redhat.com/errata/RHSA-2019:3265","https://access.redhat.com/errata/RHSA-2019:3892","https://access.redhat.com/errata/RHSA-2019:3906","https://access.redhat.com/errata/RHSA-2019:4018","https://access.redhat.com/errata/RHSA-2019:4019","https://access.redhat.com/errata/RHSA-2019:4020","https://access.redhat.com/errata/RHSA-2019:4021","https://access.redhat.com/errata/RHSA-2019:4040","https://access.redhat.com/errata/RHSA-2019:4041","https://access.redhat.com/errata/RHSA-2019:4042","https://access.redhat.com/errata/RHSA-2019:4045","https://access.redhat.com/errata/RHSA-2019:4269","https://access.redhat.com/errata/RHSA-2019:4273","https://access.redhat.com/errata/RHSA-2019:4352","https://access.redhat.com/errata/RHSA-2020:0406","https://access.redhat.com/errata/RHSA-2020:0727","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/","https://seclists.org/bugtraq/2019/Aug/24","https://seclists.org/bugtraq/2019/Aug/31","https://seclists.org/bugtraq/2019/Aug/43","https://seclists.org/bugtraq/2019/Sep/18","https://security.netapp.com/advisory/ntap-20190823-0001/","https://security.netapp.com/advisory/ntap-20190823-0004/","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K98053339","https://support.f5.com/csp/article/K98053339?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4308-1/","https://www.debian.org/security/2019/dsa-4503","https://www.debian.org/security/2019/dsa-4508","https://www.debian.org/security/2019/dsa-4520","https://www.synology.com/security/advisory/Synology_SA_19_33","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html","http://seclists.org/fulldisclosure/2019/Aug/16","http://www.openwall.com/lists/oss-security/2019/08/20/1","https://access.redhat.com/errata/RHSA-2019:2594","https://access.redhat.com/errata/RHSA-2019:2661","https://access.redhat.com/errata/RHSA-2019:2682","https://access.redhat.com/errata/RHSA-2019:2690","https://access.redhat.com/errata/RHSA-2019:2726","https://access.redhat.com/errata/RHSA-2019:2766","https://access.redhat.com/errata/RHSA-2019:2769","https://access.redhat.com/errata/RHSA-2019:2796","https://access.redhat.com/errata/RHSA-2019:2861","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:2966","https://access.redhat.com/errata/RHSA-2019:3131","https://access.redhat.com/errata/RHSA-2019:3245","https://access.redhat.com/errata/RHSA-2019:3265","https://access.redhat.com/errata/RHSA-2019:3892","https://access.redhat.com/errata/RHSA-2019:3906","https://access.redhat.com/errata/RHSA-2019:4018","https://access.redhat.com/errata/RHSA-2019:4019","https://access.redhat.com/errata/RHSA-2019:4020","https://access.redhat.com/errata/RHSA-2019:4021","https://access.redhat.com/errata/RHSA-2019:4040","https://access.redhat.com/errata/RHSA-2019:4041","https://access.redhat.com/errata/RHSA-2019:4042","https://access.redhat.com/errata/RHSA-2019:4045","https://access.redhat.com/errata/RHSA-2019:4269","https://access.redhat.com/errata/RHSA-2019:4273","https://access.redhat.com/errata/RHSA-2019:4352","https://access.redhat.com/errata/RHSA-2020:0406","https://access.redhat.com/errata/RHSA-2020:0727","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/","https://seclists.org/bugtraq/2019/Aug/24","https://seclists.org/bugtraq/2019/Aug/31","https://seclists.org/bugtraq/2019/Aug/43","https://seclists.org/bugtraq/2019/Sep/18","https://security.netapp.com/advisory/ntap-20190823-0001/","https://security.netapp.com/advisory/ntap-20190823-0004/","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K98053339","https://support.f5.com/csp/article/K98053339?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4308-1/","https://www.debian.org/security/2019/dsa-4503","https://www.debian.org/security/2019/dsa-4508","https://www.debian.org/security/2019/dsa-4520","https://www.synology.com/security/advisory/Synology_SA_19_33"],"published_time":"2019-08-13T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9513","summary":"Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.06705,"ranking_epss":0.91275,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html","https://access.redhat.com/errata/RHSA-2019:2692","https://access.redhat.com/errata/RHSA-2019:2745","https://access.redhat.com/errata/RHSA-2019:2746","https://access.redhat.com/errata/RHSA-2019:2775","https://access.redhat.com/errata/RHSA-2019:2799","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2949","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:2966","https://access.redhat.com/errata/RHSA-2019:3041","https://access.redhat.com/errata/RHSA-2019:3932","https://access.redhat.com/errata/RHSA-2019:3933","https://access.redhat.com/errata/RHSA-2019:3935","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/","https://seclists.org/bugtraq/2019/Aug/40","https://seclists.org/bugtraq/2019/Sep/1","https://security.netapp.com/advisory/ntap-20190823-0002/","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K02591030","https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4099-1/","https://www.debian.org/security/2019/dsa-4505","https://www.debian.org/security/2019/dsa-4511","https://www.debian.org/security/2020/dsa-4669","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.synology.com/security/advisory/Synology_SA_19_33","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html","https://access.redhat.com/errata/RHSA-2019:2692","https://access.redhat.com/errata/RHSA-2019:2745","https://access.redhat.com/errata/RHSA-2019:2746","https://access.redhat.com/errata/RHSA-2019:2775","https://access.redhat.com/errata/RHSA-2019:2799","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2949","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:2966","https://access.redhat.com/errata/RHSA-2019:3041","https://access.redhat.com/errata/RHSA-2019:3932","https://access.redhat.com/errata/RHSA-2019:3933","https://access.redhat.com/errata/RHSA-2019:3935","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/","https://seclists.org/bugtraq/2019/Aug/40","https://seclists.org/bugtraq/2019/Sep/1","https://security.netapp.com/advisory/ntap-20190823-0002/","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K02591030","https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4099-1/","https://www.debian.org/security/2019/dsa-4505","https://www.debian.org/security/2019/dsa-4511","https://www.debian.org/security/2020/dsa-4669","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.synology.com/security/advisory/Synology_SA_19_33"],"published_time":"2019-08-13T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9514","summary":"Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.09483,"ranking_epss":0.9284,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html","http://seclists.org/fulldisclosure/2019/Aug/16","http://www.openwall.com/lists/oss-security/2019/08/20/1","http://www.openwall.com/lists/oss-security/2023/10/18/8","https://access.redhat.com/errata/RHSA-2019:2594","https://access.redhat.com/errata/RHSA-2019:2661","https://access.redhat.com/errata/RHSA-2019:2682","https://access.redhat.com/errata/RHSA-2019:2690","https://access.redhat.com/errata/RHSA-2019:2726","https://access.redhat.com/errata/RHSA-2019:2766","https://access.redhat.com/errata/RHSA-2019:2769","https://access.redhat.com/errata/RHSA-2019:2796","https://access.redhat.com/errata/RHSA-2019:2861","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:2966","https://access.redhat.com/errata/RHSA-2019:3131","https://access.redhat.com/errata/RHSA-2019:3245","https://access.redhat.com/errata/RHSA-2019:3265","https://access.redhat.com/errata/RHSA-2019:3892","https://access.redhat.com/errata/RHSA-2019:3906","https://access.redhat.com/errata/RHSA-2019:4018","https://access.redhat.com/errata/RHSA-2019:4019","https://access.redhat.com/errata/RHSA-2019:4020","https://access.redhat.com/errata/RHSA-2019:4021","https://access.redhat.com/errata/RHSA-2019:4040","https://access.redhat.com/errata/RHSA-2019:4041","https://access.redhat.com/errata/RHSA-2019:4042","https://access.redhat.com/errata/RHSA-2019:4045","https://access.redhat.com/errata/RHSA-2019:4269","https://access.redhat.com/errata/RHSA-2019:4273","https://access.redhat.com/errata/RHSA-2019:4352","https://access.redhat.com/errata/RHSA-2020:0406","https://access.redhat.com/errata/RHSA-2020:0727","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/","https://seclists.org/bugtraq/2019/Aug/24","https://seclists.org/bugtraq/2019/Aug/31","https://seclists.org/bugtraq/2019/Aug/43","https://seclists.org/bugtraq/2019/Sep/18","https://security.netapp.com/advisory/ntap-20190823-0001/","https://security.netapp.com/advisory/ntap-20190823-0004/","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K01988340","https://support.f5.com/csp/article/K01988340?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4308-1/","https://www.debian.org/security/2019/dsa-4503","https://www.debian.org/security/2019/dsa-4508","https://www.debian.org/security/2019/dsa-4520","https://www.debian.org/security/2020/dsa-4669","https://www.synology.com/security/advisory/Synology_SA_19_33","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html","http://seclists.org/fulldisclosure/2019/Aug/16","http://www.openwall.com/lists/oss-security/2019/08/20/1","http://www.openwall.com/lists/oss-security/2023/10/18/8","https://access.redhat.com/errata/RHSA-2019:2594","https://access.redhat.com/errata/RHSA-2019:2661","https://access.redhat.com/errata/RHSA-2019:2682","https://access.redhat.com/errata/RHSA-2019:2690","https://access.redhat.com/errata/RHSA-2019:2726","https://access.redhat.com/errata/RHSA-2019:2766","https://access.redhat.com/errata/RHSA-2019:2769","https://access.redhat.com/errata/RHSA-2019:2796","https://access.redhat.com/errata/RHSA-2019:2861","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:2966","https://access.redhat.com/errata/RHSA-2019:3131","https://access.redhat.com/errata/RHSA-2019:3245","https://access.redhat.com/errata/RHSA-2019:3265","https://access.redhat.com/errata/RHSA-2019:3892","https://access.redhat.com/errata/RHSA-2019:3906","https://access.redhat.com/errata/RHSA-2019:4018","https://access.redhat.com/errata/RHSA-2019:4019","https://access.redhat.com/errata/RHSA-2019:4020","https://access.redhat.com/errata/RHSA-2019:4021","https://access.redhat.com/errata/RHSA-2019:4040","https://access.redhat.com/errata/RHSA-2019:4041","https://access.redhat.com/errata/RHSA-2019:4042","https://access.redhat.com/errata/RHSA-2019:4045","https://access.redhat.com/errata/RHSA-2019:4269","https://access.redhat.com/errata/RHSA-2019:4273","https://access.redhat.com/errata/RHSA-2019:4352","https://access.redhat.com/errata/RHSA-2020:0406","https://access.redhat.com/errata/RHSA-2020:0727","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/","https://seclists.org/bugtraq/2019/Aug/24","https://seclists.org/bugtraq/2019/Aug/31","https://seclists.org/bugtraq/2019/Aug/43","https://seclists.org/bugtraq/2019/Sep/18","https://security.netapp.com/advisory/ntap-20190823-0001/","https://security.netapp.com/advisory/ntap-20190823-0004/","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K01988340","https://support.f5.com/csp/article/K01988340?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4308-1/","https://www.debian.org/security/2019/dsa-4503","https://www.debian.org/security/2019/dsa-4508","https://www.debian.org/security/2019/dsa-4520","https://www.debian.org/security/2020/dsa-4669","https://www.synology.com/security/advisory/Synology_SA_19_33"],"published_time":"2019-08-13T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9515","summary":"Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.09046,"ranking_epss":0.92654,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://seclists.org/fulldisclosure/2019/Aug/16","https://access.redhat.com/errata/RHSA-2019:2766","https://access.redhat.com/errata/RHSA-2019:2796","https://access.redhat.com/errata/RHSA-2019:2861","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:3892","https://access.redhat.com/errata/RHSA-2019:4018","https://access.redhat.com/errata/RHSA-2019:4019","https://access.redhat.com/errata/RHSA-2019:4020","https://access.redhat.com/errata/RHSA-2019:4021","https://access.redhat.com/errata/RHSA-2019:4040","https://access.redhat.com/errata/RHSA-2019:4041","https://access.redhat.com/errata/RHSA-2019:4042","https://access.redhat.com/errata/RHSA-2019:4045","https://access.redhat.com/errata/RHSA-2019:4352","https://access.redhat.com/errata/RHSA-2020:0727","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/","https://seclists.org/bugtraq/2019/Aug/24","https://seclists.org/bugtraq/2019/Aug/43","https://seclists.org/bugtraq/2019/Sep/18","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K50233772","https://support.f5.com/csp/article/K50233772?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4308-1/","https://www.debian.org/security/2019/dsa-4508","https://www.debian.org/security/2019/dsa-4520","https://www.synology.com/security/advisory/Synology_SA_19_33","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://seclists.org/fulldisclosure/2019/Aug/16","https://access.redhat.com/errata/RHSA-2019:2766","https://access.redhat.com/errata/RHSA-2019:2796","https://access.redhat.com/errata/RHSA-2019:2861","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:3892","https://access.redhat.com/errata/RHSA-2019:4018","https://access.redhat.com/errata/RHSA-2019:4019","https://access.redhat.com/errata/RHSA-2019:4020","https://access.redhat.com/errata/RHSA-2019:4021","https://access.redhat.com/errata/RHSA-2019:4040","https://access.redhat.com/errata/RHSA-2019:4041","https://access.redhat.com/errata/RHSA-2019:4042","https://access.redhat.com/errata/RHSA-2019:4045","https://access.redhat.com/errata/RHSA-2019:4352","https://access.redhat.com/errata/RHSA-2020:0727","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/","https://seclists.org/bugtraq/2019/Aug/24","https://seclists.org/bugtraq/2019/Aug/43","https://seclists.org/bugtraq/2019/Sep/18","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K50233772","https://support.f5.com/csp/article/K50233772?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4308-1/","https://www.debian.org/security/2019/dsa-4508","https://www.debian.org/security/2019/dsa-4520","https://www.synology.com/security/advisory/Synology_SA_19_33"],"published_time":"2019-08-13T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9516","summary":"Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.","cvss":7.5,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02173,"ranking_epss":0.84346,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html","http://seclists.org/fulldisclosure/2019/Aug/16","https://access.redhat.com/errata/RHSA-2019:2745","https://access.redhat.com/errata/RHSA-2019:2746","https://access.redhat.com/errata/RHSA-2019:2775","https://access.redhat.com/errata/RHSA-2019:2799","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2946","https://access.redhat.com/errata/RHSA-2019:2950","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:2966","https://access.redhat.com/errata/RHSA-2019:3932","https://access.redhat.com/errata/RHSA-2019:3933","https://access.redhat.com/errata/RHSA-2019:3935","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/","https://seclists.org/bugtraq/2019/Aug/24","https://seclists.org/bugtraq/2019/Aug/40","https://security.netapp.com/advisory/ntap-20190823-0002/","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K02591030","https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4099-1/","https://www.debian.org/security/2019/dsa-4505","https://www.synology.com/security/advisory/Synology_SA_19_33","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html","http://seclists.org/fulldisclosure/2019/Aug/16","https://access.redhat.com/errata/RHSA-2019:2745","https://access.redhat.com/errata/RHSA-2019:2746","https://access.redhat.com/errata/RHSA-2019:2775","https://access.redhat.com/errata/RHSA-2019:2799","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2946","https://access.redhat.com/errata/RHSA-2019:2950","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:2966","https://access.redhat.com/errata/RHSA-2019:3932","https://access.redhat.com/errata/RHSA-2019:3933","https://access.redhat.com/errata/RHSA-2019:3935","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/","https://seclists.org/bugtraq/2019/Aug/24","https://seclists.org/bugtraq/2019/Aug/40","https://security.netapp.com/advisory/ntap-20190823-0002/","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K02591030","https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4099-1/","https://www.debian.org/security/2019/dsa-4505","https://www.synology.com/security/advisory/Synology_SA_19_33"],"published_time":"2019-08-13T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9517","summary":"Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.05964,"ranking_epss":0.90667,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://www.openwall.com/lists/oss-security/2019/08/15/7","https://access.redhat.com/errata/RHSA-2019:2893","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2946","https://access.redhat.com/errata/RHSA-2019:2949","https://access.redhat.com/errata/RHSA-2019:2950","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:3932","https://access.redhat.com/errata/RHSA-2019:3933","https://access.redhat.com/errata/RHSA-2019:3935","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb%40%3Cannounce.httpd.apache.org%3E","https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/","https://seclists.org/bugtraq/2019/Aug/47","https://security.gentoo.org/glsa/201909-04","https://security.netapp.com/advisory/ntap-20190823-0003/","https://security.netapp.com/advisory/ntap-20190823-0005/","https://security.netapp.com/advisory/ntap-20190905-0003/","https://support.f5.com/csp/article/K02591030","https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4113-1/","https://www.debian.org/security/2019/dsa-4509","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://www.synology.com/security/advisory/Synology_SA_19_33","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://www.openwall.com/lists/oss-security/2019/08/15/7","https://access.redhat.com/errata/RHSA-2019:2893","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2946","https://access.redhat.com/errata/RHSA-2019:2949","https://access.redhat.com/errata/RHSA-2019:2950","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:3932","https://access.redhat.com/errata/RHSA-2019:3933","https://access.redhat.com/errata/RHSA-2019:3935","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb%40%3Cannounce.httpd.apache.org%3E","https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/","https://seclists.org/bugtraq/2019/Aug/47","https://security.gentoo.org/glsa/201909-04","https://security.netapp.com/advisory/ntap-20190823-0003/","https://security.netapp.com/advisory/ntap-20190823-0005/","https://security.netapp.com/advisory/ntap-20190905-0003/","https://support.f5.com/csp/article/K02591030","https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4113-1/","https://www.debian.org/security/2019/dsa-4509","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://www.synology.com/security/advisory/Synology_SA_19_33"],"published_time":"2019-08-13T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11041","summary":"When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.","cvss":4.8,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":4.8,"cvss_v4":null,"epss":0.03272,"ranking_epss":0.87183,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html","http://seclists.org/fulldisclosure/2019/Oct/15","http://seclists.org/fulldisclosure/2019/Oct/55","https://access.redhat.com/errata/RHSA-2019:3299","https://bugs.php.net/bug.php?id=78222","https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html","https://seclists.org/bugtraq/2019/Oct/9","https://seclists.org/bugtraq/2019/Sep/35","https://seclists.org/bugtraq/2019/Sep/38","https://security.netapp.com/advisory/ntap-20190822-0003/","https://support.apple.com/kb/HT210634","https://support.apple.com/kb/HT210722","https://usn.ubuntu.com/4097-1/","https://usn.ubuntu.com/4097-2/","https://www.debian.org/security/2019/dsa-4527","https://www.debian.org/security/2019/dsa-4529","https://www.tenable.com/security/tns-2021-14","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html","http://seclists.org/fulldisclosure/2019/Oct/15","http://seclists.org/fulldisclosure/2019/Oct/55","https://access.redhat.com/errata/RHSA-2019:3299","https://bugs.php.net/bug.php?id=78222","https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html","https://seclists.org/bugtraq/2019/Oct/9","https://seclists.org/bugtraq/2019/Sep/35","https://seclists.org/bugtraq/2019/Sep/38","https://security.netapp.com/advisory/ntap-20190822-0003/","https://support.apple.com/kb/HT210634","https://support.apple.com/kb/HT210722","https://usn.ubuntu.com/4097-1/","https://usn.ubuntu.com/4097-2/","https://www.debian.org/security/2019/dsa-4527","https://www.debian.org/security/2019/dsa-4529","https://www.tenable.com/security/tns-2021-14"],"published_time":"2019-08-09T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11042","summary":"When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.","cvss":4.8,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":4.8,"cvss_v4":null,"epss":0.03882,"ranking_epss":0.88263,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html","http://seclists.org/fulldisclosure/2019/Oct/15","http://seclists.org/fulldisclosure/2019/Oct/55","https://access.redhat.com/errata/RHSA-2019:3299","https://bugs.php.net/bug.php?id=78256","https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html","https://seclists.org/bugtraq/2019/Oct/9","https://seclists.org/bugtraq/2019/Sep/35","https://seclists.org/bugtraq/2019/Sep/38","https://security.netapp.com/advisory/ntap-20190822-0003/","https://support.apple.com/kb/HT210634","https://support.apple.com/kb/HT210722","https://usn.ubuntu.com/4097-1/","https://usn.ubuntu.com/4097-2/","https://www.debian.org/security/2019/dsa-4527","https://www.debian.org/security/2019/dsa-4529","https://www.tenable.com/security/tns-2021-14","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html","http://seclists.org/fulldisclosure/2019/Oct/15","http://seclists.org/fulldisclosure/2019/Oct/55","https://access.redhat.com/errata/RHSA-2019:3299","https://bugs.php.net/bug.php?id=78256","https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html","https://seclists.org/bugtraq/2019/Oct/9","https://seclists.org/bugtraq/2019/Sep/35","https://seclists.org/bugtraq/2019/Sep/38","https://security.netapp.com/advisory/ntap-20190822-0003/","https://support.apple.com/kb/HT210634","https://support.apple.com/kb/HT210722","https://usn.ubuntu.com/4097-1/","https://usn.ubuntu.com/4097-2/","https://www.debian.org/security/2019/dsa-4527","https://www.debian.org/security/2019/dsa-4529","https://www.tenable.com/security/tns-2021-14"],"published_time":"2019-08-09T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13057","summary":"An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)","cvss":4.9,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00582,"ranking_epss":0.68954,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://kc.mcafee.com/corporate/index?page=content&id=SB10365","https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html","https://seclists.org/bugtraq/2019/Dec/23","https://security.netapp.com/advisory/ntap-20190822-0004/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4078-1/","https://usn.ubuntu.com/4078-2/","https://www.openldap.org/its/?findid=9038","https://www.openldap.org/lists/openldap-announce/201907/msg00001.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpuapr2022.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://kc.mcafee.com/corporate/index?page=content&id=SB10365","https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html","https://seclists.org/bugtraq/2019/Dec/23","https://security.netapp.com/advisory/ntap-20190822-0004/","https://support.apple.com/kb/HT210788","https://usn.ubuntu.com/4078-1/","https://usn.ubuntu.com/4078-2/","https://www.openldap.org/its/?findid=9038","https://www.openldap.org/lists/openldap-announce/201907/msg00001.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"published_time":"2019-07-26T13:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13565","summary":"An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.03817,"ranking_epss":0.8813,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html","https://seclists.org/bugtraq/2019/Dec/23","https://support.apple.com/kb/HT210788","https://support.f5.com/csp/article/K98008862?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4078-1/","https://usn.ubuntu.com/4078-2/","https://www.openldap.org/its/index.cgi/?findid=9052","https://www.openldap.org/lists/openldap-announce/201907/msg00001.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpuapr2022.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html","http://seclists.org/fulldisclosure/2019/Dec/26","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html","https://seclists.org/bugtraq/2019/Dec/23","https://support.apple.com/kb/HT210788","https://support.f5.com/csp/article/K98008862?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4078-1/","https://usn.ubuntu.com/4078-2/","https://www.openldap.org/its/index.cgi/?findid=9052","https://www.openldap.org/lists/openldap-announce/201907/msg00001.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpuapr2022.html"],"published_time":"2019-07-26T13:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7963","summary":"Adobe Bridge CC version 9.0.2 and earlier versions have an out of bound read vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01906,"ranking_epss":0.83307,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/bridge/apsb19-37.html","https://helpx.adobe.com/security/products/bridge/apsb19-37.html"],"published_time":"2019-07-18T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13118","summary":"In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"cvss_v4":null,"epss":0.01008,"ranking_epss":0.77092,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html","http://seclists.org/fulldisclosure/2019/Aug/11","http://seclists.org/fulldisclosure/2019/Aug/13","http://seclists.org/fulldisclosure/2019/Aug/14","http://seclists.org/fulldisclosure/2019/Aug/15","http://seclists.org/fulldisclosure/2019/Jul/22","http://seclists.org/fulldisclosure/2019/Jul/23","http://seclists.org/fulldisclosure/2019/Jul/24","http://seclists.org/fulldisclosure/2019/Jul/26","http://seclists.org/fulldisclosure/2019/Jul/31","http://seclists.org/fulldisclosure/2019/Jul/37","http://seclists.org/fulldisclosure/2019/Jul/38","http://www.openwall.com/lists/oss-security/2019/11/17/2","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069","https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/","https://oss-fuzz.com/testcase-detail/5197371471822848","https://seclists.org/bugtraq/2019/Aug/21","https://seclists.org/bugtraq/2019/Aug/22","https://seclists.org/bugtraq/2019/Aug/23","https://seclists.org/bugtraq/2019/Aug/25","https://seclists.org/bugtraq/2019/Jul/35","https://seclists.org/bugtraq/2019/Jul/36","https://seclists.org/bugtraq/2019/Jul/37","https://seclists.org/bugtraq/2019/Jul/40","https://seclists.org/bugtraq/2019/Jul/41","https://seclists.org/bugtraq/2019/Jul/42","https://security.netapp.com/advisory/ntap-20190806-0004/","https://security.netapp.com/advisory/ntap-20200122-0003/","https://support.apple.com/kb/HT210346","https://support.apple.com/kb/HT210348","https://support.apple.com/kb/HT210351","https://support.apple.com/kb/HT210353","https://support.apple.com/kb/HT210356","https://support.apple.com/kb/HT210357","https://support.apple.com/kb/HT210358","https://usn.ubuntu.com/4164-1/","https://www.oracle.com/security-alerts/cpujan2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html","http://seclists.org/fulldisclosure/2019/Aug/11","http://seclists.org/fulldisclosure/2019/Aug/13","http://seclists.org/fulldisclosure/2019/Aug/14","http://seclists.org/fulldisclosure/2019/Aug/15","http://seclists.org/fulldisclosure/2019/Jul/22","http://seclists.org/fulldisclosure/2019/Jul/23","http://seclists.org/fulldisclosure/2019/Jul/24","http://seclists.org/fulldisclosure/2019/Jul/26","http://seclists.org/fulldisclosure/2019/Jul/31","http://seclists.org/fulldisclosure/2019/Jul/37","http://seclists.org/fulldisclosure/2019/Jul/38","http://www.openwall.com/lists/oss-security/2019/11/17/2","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069","https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b","https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/","https://oss-fuzz.com/testcase-detail/5197371471822848","https://seclists.org/bugtraq/2019/Aug/21","https://seclists.org/bugtraq/2019/Aug/22","https://seclists.org/bugtraq/2019/Aug/23","https://seclists.org/bugtraq/2019/Aug/25","https://seclists.org/bugtraq/2019/Jul/35","https://seclists.org/bugtraq/2019/Jul/36","https://seclists.org/bugtraq/2019/Jul/37","https://seclists.org/bugtraq/2019/Jul/40","https://seclists.org/bugtraq/2019/Jul/41","https://seclists.org/bugtraq/2019/Jul/42","https://security.netapp.com/advisory/ntap-20190806-0004/","https://security.netapp.com/advisory/ntap-20200122-0003/","https://support.apple.com/kb/HT210346","https://support.apple.com/kb/HT210348","https://support.apple.com/kb/HT210351","https://support.apple.com/kb/HT210353","https://support.apple.com/kb/HT210356","https://support.apple.com/kb/HT210357","https://support.apple.com/kb/HT210358","https://usn.ubuntu.com/4164-1/","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2019-07-01T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7069","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03324,"ranking_epss":0.87292,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://www.zerodayinitiative.com/advisories/ZDI-19-209/","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7070","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02438,"ranking_epss":0.85191,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://www.zerodayinitiative.com/advisories/ZDI-19-210/","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7071","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01906,"ranking_epss":0.83307,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7072","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02438,"ranking_epss":0.85191,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://www.zerodayinitiative.com/advisories/ZDI-19-215/","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7073","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01906,"ranking_epss":0.83307,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7074","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"cvss_v4":null,"epss":0.01906,"ranking_epss":0.83307,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7075","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":6.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":6.5,"cvss_v4":null,"epss":0.02548,"ranking_epss":0.85508,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7076","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02789,"ranking_epss":0.86102,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7077","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03517,"ranking_epss":0.87655,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7078","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03517,"ranking_epss":0.87655,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7079","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03501,"ranking_epss":0.87624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7080","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02789,"ranking_epss":0.86102,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7081","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01906,"ranking_epss":0.83307,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7082","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.04675,"ranking_epss":0.89346,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7083","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.04675,"ranking_epss":0.89346,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7084","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.04675,"ranking_epss":0.89346,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7085","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.05579,"ranking_epss":0.90313,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7086","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.03856,"ranking_epss":0.88226,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7087","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.03856,"ranking_epss":0.88226,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7089","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a data leakage (sensitive) vulnerability. Successful exploitation could lead to information disclosure.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02167,"ranking_epss":0.84331,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7018","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.04675,"ranking_epss":0.89346,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T18:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7019","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02761,"ranking_epss":0.8604,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T18:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7020","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.05579,"ranking_epss":0.90313,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T18:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7021","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02413,"ranking_epss":0.85124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T18:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7022","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02413,"ranking_epss":0.85124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T18:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7023","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02413,"ranking_epss":0.85124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T18:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7024","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02413,"ranking_epss":0.85124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T18:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7025","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.04675,"ranking_epss":0.89346,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T18:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7026","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.04675,"ranking_epss":0.89346,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T18:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7027","summary":"Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02761,"ranking_epss":0.8604,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-07.html","https://helpx.adobe.com/security/products/acrobat/apsb19-07.html"],"published_time":"2019-05-24T18:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7815","summary":"Adobe Acrobat and Reader versions 2019.010.20091 and earlier, 2019.010.20091 and earlier, 2017.011.30120 and earlier version, and 2015.006.30475 and earlier have a data leakage (sensitive) vulnerability. Successful exploitation could lead to information disclosure.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"cvss_v4":null,"epss":0.04063,"ranking_epss":0.88544,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-13.html","https://helpx.adobe.com/security/products/acrobat/apsb19-13.html"],"published_time":"2019-05-24T18:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7120","summary":"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"cvss_v4":null,"epss":0.04222,"ranking_epss":0.8878,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-17.html","https://helpx.adobe.com/security/products/acrobat/apsb19-17.html"],"published_time":"2019-05-23T18:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7121","summary":"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02399,"ranking_epss":0.85077,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-17.html","https://helpx.adobe.com/security/products/acrobat/apsb19-17.html"],"published_time":"2019-05-23T18:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7122","summary":"Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"cvss_v4":null,"epss":0.02399,"ranking_epss":0.85077,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb19-17.html","https://helpx.adobe.com/security/products/acrobat/apsb19-17.html"],"published_time":"2019-05-23T18:29:02","vendor":null,"product":null,"version":null}]}