Vulnerabilities > Apple

DATE CVE VULNERABILITY TITLE RISK
2022-05-09 CVE-2022-28739 Out-of-bounds Read vulnerability in multiple products
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2.
network
low complexity
ruby-lang debian apple CWE-125
7.5
7.5
2022-05-08 CVE-2022-1620 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901.
network
low complexity
vim fedoraproject apple
7.5
7.5
2022-05-08 CVE-2022-1619 Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899.
local
low complexity
vim fedoraproject debian netapp apple
7.8
7.8
2022-05-07 CVE-2022-1616 Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895.
local
low complexity
vim fedoraproject debian apple
7.8
7.8
2022-04-21 CVE-2022-1420 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
local
low complexity
vim fedoraproject apple
5.5
5.5
2022-04-18 CVE-2022-29458 Out-of-bounds Read vulnerability in multiple products
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
local
low complexity
gnu apple debian CWE-125
7.1
7.1
2022-04-18 CVE-2022-1381 global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763.
local
low complexity
vim fedoraproject apple
7.8
7.8
2022-04-12 CVE-2022-29046 Cross-site Scripting vulnerability in multiple products
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins apple CWE-79
5.4
5.4
2022-04-12 CVE-2022-29048 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.
network
low complexity
jenkins apple CWE-352
4.3
4.3
2022-04-12 CVE-2021-28544 Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules.
network
low complexity
apache debian fedoraproject apple
4.3
4.3