Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-35984

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-26 Sep, 2023 | 20:14
Updated At-04 Nov, 2025 | 19:17
Rejected At-
Credits

The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:26 Sep, 2023 | 20:14
Updated At:04 Nov, 2025 | 19:17
Rejected At:
▼CVE Numbering Authority (CNA)

The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write.

Affected Products
Vendor
Apple Inc.Apple
Product
iOS and iPadOS
Versions
Affected
  • From unspecified before 17 (custom)
Vendor
Apple Inc.Apple
Product
tvOS
Versions
Affected
  • From unspecified before 17 (custom)
Vendor
Apple Inc.Apple
Product
macOS
Versions
Affected
  • From unspecified before 14 (custom)
Vendor
Apple Inc.Apple
Product
watchOS
Versions
Affected
  • From unspecified before 10 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AAn attacker in physical proximity can cause a limited out of bounds write
Type: N/A
CWE ID: N/A
Description: An attacker in physical proximity can cause a limited out of bounds write
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/HT213938
N/A
https://support.apple.com/en-us/HT213936
N/A
https://support.apple.com/en-us/HT213940
N/A
https://support.apple.com/en-us/HT213937
N/A
http://seclists.org/fulldisclosure/2023/Oct/10
N/A
http://seclists.org/fulldisclosure/2023/Oct/8
N/A
http://seclists.org/fulldisclosure/2023/Oct/9
N/A
http://seclists.org/fulldisclosure/2023/Oct/3
N/A
Hyperlink: https://support.apple.com/en-us/HT213938
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT213936
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT213940
Resource: N/A
Hyperlink: https://support.apple.com/en-us/HT213937
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/10
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/8
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/9
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/3
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/HT213938
x_transferred
https://support.apple.com/en-us/HT213936
x_transferred
https://support.apple.com/en-us/HT213940
x_transferred
https://support.apple.com/en-us/HT213937
x_transferred
http://seclists.org/fulldisclosure/2023/Oct/10
x_transferred
http://seclists.org/fulldisclosure/2023/Oct/8
x_transferred
http://seclists.org/fulldisclosure/2023/Oct/9
x_transferred
http://seclists.org/fulldisclosure/2023/Oct/3
x_transferred
https://support.apple.com/kb/HT213940
N/A
https://support.apple.com/kb/HT213938
N/A
https://support.apple.com/kb/HT213937
N/A
https://support.apple.com/kb/HT213936
N/A
Hyperlink: https://support.apple.com/en-us/HT213938
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT213936
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT213940
Resource:
x_transferred
Hyperlink: https://support.apple.com/en-us/HT213937
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/10
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/8
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/9
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/3
Resource:
x_transferred
Hyperlink: https://support.apple.com/kb/HT213940
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213938
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213937
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213936
Resource: N/A
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:27 Sep, 2023 | 15:18
Updated At:04 Nov, 2025 | 20:16

The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CPE Matches
Apple Inc.
apple
>>ipados>>Versions before 17.0(exclusive)
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions before 17.0(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions before 14.0(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>tvos>>Versions before 17.0(exclusive)
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>watchos>>Versions before 10.0(exclusive)
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2023/Oct/10product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/3product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/8product-security@apple.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/9product-security@apple.com
Mailing List
Third Party Advisory
https://support.apple.com/en-us/HT213936product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213937product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213938product-security@apple.com
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213940product-security@apple.com
Release Notes
Vendor Advisory
http://seclists.org/fulldisclosure/2023/Oct/10af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/3af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/8af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2023/Oct/9af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://support.apple.com/en-us/HT213936af854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213937af854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213938af854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
https://support.apple.com/en-us/HT213940af854a3a-2127-422b-91ae-364da2661108
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT213936af854a3a-2127-422b-91ae-364da2661108
N/A
https://support.apple.com/kb/HT213937af854a3a-2127-422b-91ae-364da2661108
N/A
https://support.apple.com/kb/HT213938af854a3a-2127-422b-91ae-364da2661108
N/A
https://support.apple.com/kb/HT213940af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/10
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/3
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/8
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/9
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://support.apple.com/en-us/HT213936
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213937
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213938
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213940
Source: product-security@apple.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/10
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/8
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2023/Oct/9
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://support.apple.com/en-us/HT213936
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213937
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213938
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/HT213940
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://support.apple.com/kb/HT213936
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213937
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213938
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213940
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1360Records found
CVE-2019-7992
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-11.91% / 93.63%
||
7 Day CHG~0.00%
Published-26 Aug, 2019 | 18:47
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsphotoshop_ccmacosAdobe Photoshop CC
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7287
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-5.35% / 89.94%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-23 Oct, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-13||Apply updates per vendor instructions.

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osiOSiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7037
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.74% / 85.79%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:11
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7293
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.81%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to read kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchostvostvOSmacOSwatchOSiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7137
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-1.58% / 81.36%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 15:27
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Bridge CC versions 9.0.2 have a memory corruption vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsbridge_ccmac_os_xAdobe Bridge CC
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8042
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-39.72% / 97.26%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:56
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7985
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-33.76% / 96.88%
||
7 Day CHG~0.00%
Published-26 Aug, 2019 | 18:39
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsphotoshop_ccmacosAdobe Photoshop CC
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7827
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-5.04% / 89.61%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 17:37
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7118
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.22% / 88.59%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 17:12
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7132
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.56% / 87.53%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 15:34
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Bridge CC versions 9.0.2 have an out-of-bounds write vulnerability. Successful exploitation could lead to remote code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsbridge_ccmac_os_xAdobe Bridge CC
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6235
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-10||CRITICAL
EPSS-0.77% / 73.28%
||
7 Day CHG~0.00%
Published-04 Mar, 2019 | 20:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3, iTunes 12.9.3 for Windows. A sandboxed process may be able to circumvent sandbox restrictions.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_osmac_os_xtv_oswatch_osiTunes for WindowswatchOSmacOSiOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6225
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-68.45% / 98.59%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 16:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmac_os_xtvostvOSmacOSiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-48632
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.23%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 13:30
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-22172: Adobe After Effects AEP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosafter_effectsAfter Effects
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37434
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-92.54% / 99.74%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 00:00
Updated-30 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Action-Not Available
Vendor-stormshieldzlibn/aNetApp, Inc.Debian GNU/LinuxFedora ProjectApple Inc.
Product-active_iq_unified_managerwatchosh500shci_compute_nodeh700sstoragegriddebian_linuxh300s_firmwareh300smanagement_services_for_element_softwareh500s_firmwareoncommand_workflow_automationhcih700s_firmwareipadosstormshield_network_securityiphone_osfedorazlibontap_select_deploy_administration_utilitymacosn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6227
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.61% / 69.63%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 16:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvossafariwindowsicloudiTunes for WindowswatchOSSafariiCloud for WindowsiOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6205
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-8.73% / 92.37%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 16:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmac_os_xtvostvOSmacOSiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6234
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.61% / 69.62%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 16:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-webkitgtkApple Inc.Microsoft Corporation
Product-itunesiphone_ostvossafariwindowswebkitgtk\+icloudiTunes for WindowsiCloud for WindowsSafariiOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6212
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.51% / 66.25%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 16:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Canonical Ltd.Apple Inc.Microsoft Corporation
Product-itunesiphone_osubuntu_linuxtvossafariwindowsicloudiTunes for WindowsiCloud for WindowsSafariiOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6233
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.61% / 69.62%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 16:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft Corporation
Product-itunesiphone_ostvossafariwindowsicloudiTunes for WindowsiCloud for WindowsSafariiOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-4751
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.89%
||
7 Day CHG~0.00%
Published-03 Sep, 2023 | 18:54
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.

Action-Not Available
Vendor-VimApple Inc.
Product-macosvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-4738
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.30%
||
7 Day CHG~0.00%
Published-02 Sep, 2023 | 19:39
Updated-03 Nov, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.

Action-Not Available
Vendor-VimApple Inc.
Product-macosvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6226
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.61% / 69.53%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 16:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvossafariwindowsicloudiTunes for WindowswatchOSSafariiCloud for WindowsiOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6237
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.81% / 74.06%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_ostvossafarimac_os_xicloudiTunes for WindowsSafariiCloud for WindowsmacOSiOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6210
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.43% / 62.28%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 16:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchostv_ostvOSmacOSwatchOSiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-3062
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.03% / 7.61%
||
7 Day CHG~0.00%
Published-23 Feb, 2026 | 22:17
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncGoogle LLCMicrosoft Corporation
Product-chromemacoswindowslinux_kernelChrome
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-0879
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-2.11% / 83.90%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-linux_kernelchromewindowsiphone_osmac_os_xn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-3855
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-10.01% / 92.95%
||
7 Day CHG~0.00%
Published-21 Mar, 2019 | 20:13
Updated-17 Dec, 2025 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Action-Not Available
Vendor-libssh2The libssh2 ProjectDebian GNU/LinuxFedora ProjectOracle CorporationopenSUSERed Hat, Inc.NetApp, Inc.Apple Inc.
Product-enterprise_linux_serverpeoplesoft_enterprise_peopletoolsdebian_linuxenterprise_linux_server_eusontap_select_deploy_administration_utilityenterprise_linux_server_ausenterprise_linux_workstationfedoraenterprise_linuxxcodelibssh2enterprise_linux_server_tusenterprise_linux_desktopleaplibssh2
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-47063
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.80%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 09:30
Updated-02 Aug, 2024 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator 2023 CC 27.7 Memory Corruption Out-Of-Bounds-Write Vulnerability IV.

Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosillustratorIllustrator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-47056
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.88%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 16:16
Updated-02 Aug, 2024 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21763: Adobe Premiere Pro MP4 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowspremiere_promacosPremiere Pro
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-47041
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.23%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 14:42
Updated-25 Feb, 2026 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21697: Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-windowsmacosmedia_encoderMedia Encoder
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-47073
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.13%
||
7 Day CHG~0.00%
Published-17 Nov, 2023 | 10:55
Updated-16 Sep, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21709: Adobe After Effects MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosafter_effectsAfter Effectsafter_effects
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8844
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-2.98% / 86.34%
||
7 Day CHG-0.26%
Published-27 Oct, 2020 | 19:55
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-enterprise_linux_serveritunesiphone_osipadostvoswatchossafarienterprise_linux_workstationenterprise_linux_desktopicloudiTunes for WindowswatchOSSafariiCloud for WindowstvOSiOS and iPadOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8707
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-1.49% / 80.82%
||
7 Day CHG-0.04%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesicloudtvostvOSiTunes for WindowsiCloud for WindowsiCloud for Windows (Legacy)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8660
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.33% / 87.11%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchostvostvOSmacOSwatchOSiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8749
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.25% / 79.19%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:46
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_oswatchostvossafariicloudtvOSmacOSwatchOSiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8611
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-28.04% / 96.39%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_ossafarimac_os_xicloudiTunes for WindowsSafariiCloud for WindowsmacOSiOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8535
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-2.70% / 85.68%
||
7 Day CHG-0.07%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-enterprise_linux_serveritunesiphone_ostvossafarienterprise_linux_workstationenterprise_linux_desktopicloudiTunes for WindowsiCloud for WindowsSafariiOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8677
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.82% / 74.15%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_ostvossafarimac_os_xicloudiCloud for Windows (Microsoft Store)iTunes for WindowsSafariiCloud for WindowsmacOSiOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8666
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.82% / 74.15%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_ostvossafarimac_os_xicloudiCloud for Windows (Microsoft Store)iTunes for WindowsSafariiCloud for WindowsmacOSiOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8049
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-41.50% / 97.35%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 20:00
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8529
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.71%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. An application may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmac_os_xmacOSiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8170
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.07% / 90.62%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:15
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-32820
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.38%
||
7 Day CHG+0.05%
Published-23 Sep, 2022 | 18:59
Updated-22 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xtvosmacosiphone_osipadoswatchoswatchOStvOSmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8808
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.43% / 62.45%
||
7 Day CHG-0.01%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_oswatchosipadostvossafariiTunes for WindowswatchOSSafariiOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8544
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-2.04% / 83.63%
||
7 Day CHG-0.06%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Red Hat, Inc.Apple Inc.
Product-enterprise_linux_serveritunesiphone_oswatchostvossafarienterprise_linux_workstationenterprise_linux_desktopicloudiTunes for WindowswatchOSSafariiCloud for WindowsiOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-32792
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.78%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:59
Updated-22 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-tvosmacosiphone_osipadoswatchoswatchOStvOSmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8752
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.59% / 68.88%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:45
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_osipad_oswatchostvossafariicloudiTunes for WindowswatchOSSafariiCloud for WindowstvOSiOS and iPadOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8569
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.49%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:25
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An application may be able to execute arbitrary code with system privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-44366
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.23% / 79.02%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 09:52
Updated-16 Dec, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21928: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8807
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.48%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1. An application may be able to execute arbitrary code with system privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 27
  • 28
  • Next
Details not found