Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Watchos
(Apple)Repositories |
• https://github.com/madler/zlib
• https://github.com/file/file • https://github.com/WebKit/webkit |
#Vulnerabilities | 1103 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2015-04-24 | CVE-2015-3414 | SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. | Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Php, Sqlite | N/A | ||
2015-04-24 | CVE-2015-3415 | The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. | Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Php, Sqlite | N/A | ||
2015-04-24 | CVE-2015-3416 | The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. | Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Php, Sqlite | N/A | ||
2017-05-23 | CVE-2016-9841 | inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_management, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_storage_node, Oncommand_balance, Oncommand_insight, Oncommand_performance_manager, Oncommand_shift, Oncommand_unified_manager, Oncommand_workflow_automation, Snapmanager, Solidfire, Steelstore_cloud_integrated_storage, Storage_replication_adapter_for_clustered_data_ontap, Symantec_netbackup, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Node\.js, Leap, Opensuse, Database_server, Jdk, Jre, Mysql, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite, Zlib | 9.8 | ||
2017-05-23 | CVE-2016-9840 | inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Node\.js, Leap, Opensuse, Database_server, Jdk, Jre, Mysql, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite, Zlib | 8.8 | ||
2017-05-23 | CVE-2016-9842 | The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. | Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Zlib, Node\.js, Leap, Opensuse, Database_server, Jdk, Jre, Mysql, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite | 8.8 | ||
2017-05-23 | CVE-2016-9843 | The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. | Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Mariadb, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Node\.js, Leap, Opensuse, Database_server, Jdk, Jre, Mysql, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite, Zlib | 9.8 | ||
2021-07-20 | CVE-2021-36976 | libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). | Ipados, Iphone_os, Macos, Watchos, Fedora, Libarchive | 6.5 | ||
2022-02-26 | CVE-2022-23308 | valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | Ipados, Iphone_os, Macos, Tvos, Watchos, Debian_linux, Fedora, Active_iq_unified_manager, Bootstrap_os, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Manageability_software_development_kit, Ontap_select_deploy_administration_utility, Smi\-S_provider, Snapdrive, Snapmanager, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Libxml2 | 7.5 | ||
2020-10-16 | CVE-2020-9951 | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | Icloud, Ipados, Iphone_os, Itunes, Safari, Tvos, Watchos, Debian_linux, Webkitgtk\+ | 8.8 |