CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users (such as subscriber) to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption.
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper checks.
A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information.
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges.
This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI.
