Apple Security Vulnerabilities (CVEs)

This CVE describes a privilege escalation vulnerability in Apple operating systems where a malicious application could exploit a logic issue in state ...

CVE-2022-22643 is a FaceTime vulnerability that allows an attacker to initiate audio/video transmission without the user's consent or awareness. This ...

This is a kernel memory corruption vulnerability in macOS that allows remote attackers to trigger out-of-bounds writes. Successful exploitation could ...

This vulnerability allows malicious websites to bypass security restrictions in iOS/iPadOS WebKit, potentially accessing sensitive user and device inf...

CVE-2022-22657 is a memory initialization vulnerability in Apple's Logic Pro, GarageBand, and macOS Monterey that could allow arbitrary code execution...

CVE-2022-22601 is an out-of-bounds read vulnerability in Xcode that could allow arbitrary code execution when opening malicious files. This affects de...

CVE-2022-22603 is an out-of-bounds read vulnerability in Apple's Xcode development environment that could allow arbitrary code execution when opening ...

CVE-2022-22605 is an out-of-bounds read vulnerability in Xcode that could allow arbitrary code execution when opening malicious files. This affects de...

CVE-2022-22607 is an out-of-bounds read vulnerability in Xcode that could allow arbitrary code execution when opening malicious files. This affects de...

This vulnerability allows a malicious application to read settings from other applications on affected Apple devices. It affects iOS, iPadOS, tvOS, wa...

This vulnerability allows an attacker to cause heap corruption by tricking a user into processing a maliciously crafted image. It affects Apple device...

This is a use-after-free vulnerability in Apple operating systems that allows malicious applications to execute arbitrary code with kernel privileges....

CVE-2022-22617 is a logic issue in macOS that allows an application to gain elevated privileges, potentially leading to unauthorized system access. It...

This CVE describes a use-after-free vulnerability in Apple's WebKit browser engine that could allow arbitrary code execution when processing malicious...

This vulnerability allows attackers to read memory outside intended boundaries when processing malicious AppleScript binaries. It affects macOS Catali...

CVE-2022-22579 is a memory corruption vulnerability in Apple's STL file processing that could allow arbitrary code execution or application crashes. A...

CVE-2022-22584 is a memory corruption vulnerability in Apple operating systems that allows arbitrary code execution when processing malicious files. A...

CVE-2022-22590 is a use-after-free vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web c...

This CVE describes a buffer overflow vulnerability in Apple operating systems that allows a malicious application to execute arbitrary code with kerne...

This is a memory corruption vulnerability in Apple's iOS, iPadOS, and watchOS that allows an application to execute arbitrary code with kernel privile...

This vulnerability allows arbitrary code execution via malicious font files due to an out-of-bounds write in Apple's font processing. It affects macOS...

CVE-2022-0943 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2.4563. Attackers can exploit this by tricking user...

CVE-2022-22719 is a memory corruption vulnerability in Apache HTTP Server where a specially crafted request body can cause the server to read from ran...

CVE-2022-26981 is a buffer overflow vulnerability in Liblouis's compilePassOpcode function that can be triggered when processing translation tables. T...

CVE-2022-23308 is a use-after-free vulnerability in libxml2's validation component that allows attackers to potentially execute arbitrary code or caus...

CVE-2022-0729 is a use-after-free vulnerability in Vim's memory handling that allows an attacker to execute arbitrary code by tricking a user into ope...

CVE-2022-0685 is a memory corruption vulnerability in Vim text editor caused by an out-of-range pointer offset. Attackers can exploit this by tricking...

CVE-2022-0629 is a stack-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code...

CVE-2022-24667 is a denial-of-service vulnerability in swift-nio-http2 where a malicious HTTP/2 peer can send specially crafted HPACK-encoded header b...

CVE-2022-0392 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This vulnerability allows attackers to execute a...

CVE-2022-0361 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This vulnerability allows attackers to execute a...

CVE-2022-0359 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This vulnerability allows attackers to execute a...

CVE-2021-4166 is an out-of-bounds read vulnerability in Vim text editor that allows attackers to read memory contents beyond allocated buffers. This a...

CVE-2017-13880 is a memory corruption vulnerability in Apple iOS and watchOS that allows an application to execute arbitrary code with kernel privileg...

This CVE describes a race condition vulnerability in Apple operating systems that could allow an application to gain elevated privileges. The vulnerab...

This vulnerability allows a local attacker to execute non-executable text files via an SMB share on macOS systems. The issue involves improper file pe...

CVE-2017-2488 is a cryptographic weakness in Apple Remote Desktop's authentication protocol that allowed attackers to capture cleartext passwords duri...

This vulnerability in Apache HTTP Server allows attackers to crash the server via NULL pointer dereference or perform Server-Side Request Forgery (SSR...

CVE-2021-4136 is a heap-based buffer overflow vulnerability in Vim that allows attackers to execute arbitrary code by tricking users into opening spec...

This is a macOS kernel memory corruption vulnerability that allows malicious applications to execute arbitrary code with kernel privileges. It affects...

CVE-2021-30834 is a logic vulnerability in Apple's audio file processing that could allow attackers to crash applications or execute arbitrary code by...

This vulnerability allows arbitrary code execution by processing a maliciously crafted dfont file. It affects Apple devices running older versions of ...

This vulnerability allows arbitrary code execution through malicious PDF files due to an out-of-bounds write in Apple's PDF processing. It affects iOS...