CVSS: 10.0EPSS: 94%CPEs: 398EXPL: 413CVE-2021-44228 – Apache Log4j2 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44228
10 Dec 2021 — Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.... • https://packetstorm.news/files/id/171626 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 8.0EPSS: 79%CPEs: 21EXPL: 15CVE-2021-21300 – malicious repositories can execute remote code while cloning
https://notcve.org/view.php?id=CVE-2021-21300
09 Mar 2021 — Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is theref... • https://packetstorm.news/files/id/163978 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1800 – Apple Security Advisory 2021-01-26-4
https://notcve.org/view.php?id=CVE-2021-1800
27 Jan 2021 — A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode. Se abordó un problema de manejo de rutas con una comprobación mejorada. Este problema es corregido en Xcode versión 12.4. • https://support.apple.com/en-us/HT212153 •
CVSS: 9.3EPSS: 15%CPEs: 3EXPL: 1CVE-2020-9992 – Apple Security Advisory 2020-11-13-3
https://notcve.org/view.php?id=CVE-2020-9992
18 Sep 2020 — This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network. Este problema es corregido cifrando las comunicaciones a través de la red para los dispositivos que ejecutan iOS versión 14, iPadOS versión 14, tvOS versión 14 y watchOS versi... • https://github.com/c0ntextomy/c0ntextomy •
CVSS: 5.3EPSS: 65%CPEs: 5EXPL: 4CVE-2019-20372 – nginx: HTTP request smuggling in configurations with URL redirect used as error_page
https://notcve.org/view.php?id=CVE-2019-20372
09 Jan 2020 — NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. NGINX versiones anteriores a 1.17.7, con ciertas configuraciones de error_page, permite el trafico no autorizado de peticiones HTTP, como es demostrado por la capacidad de un atacante para leer páginas web no autorizadas en entornos donde NGINX está al frente de un equilibrador... • https://github.com/0xleft/CVE-2019-20372 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-8840 – Apple Security Advisory 2019-12-10-7
https://notcve.org/view.php?id=CVE-2019-8840
11 Dec 2019 — An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 11.3. Compiling with untrusted sources may lead to arbitrary code execution with user privileges. Se abordó una lectura fuera de límites con una comprobación de límites mejorada. Este problema se corrigió en Xcode versión 11.3. • https://support.apple.com/en-us/HT210796 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8800 – Apple Security Advisory 2019-11-01-1
https://notcve.org/view.php?id=CVE-2019-8800
04 Nov 2019 — A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution. Un problema de corrupción de memoria fue abordado con una comprobación mejorada. Este problema es corregido en Xcode versión 11.2. • https://support.apple.com/HT210729 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8806 – Apple Security Advisory 2019-11-01-1
https://notcve.org/view.php?id=CVE-2019-8806
04 Nov 2019 — A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution. Un problema de corrupción de memoria fue abordado con una comprobación mejorada. Este problema es corregido en Xcode 11.2. • https://support.apple.com/HT210729 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8721 – Apple Security Advisory 2019-9-26-7
https://notcve.org/view.php?id=CVE-2019-8721
29 Sep 2019 — Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege. Varios problemas en ld64 en las cadenas de herramientas Xcode fueron abordados mediante la actualización de la versión ld64-507.4. Este problema es corregido en Xcode versión 11.0. • https://support.apple.com/HT210609 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8722 – Apple Security Advisory 2019-9-26-7
https://notcve.org/view.php?id=CVE-2019-8722
29 Sep 2019 — Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege. Varios problemas en ld64 en las cadenas de herramientas Xcode fueron abordados mediante la actualización de la versión ld64-507.4. Este problema es corregido en Xcode versión 11.0. • https://support.apple.com/HT210609 • CWE-20: Improper Input Validation •