2024

2023

2022

2021

2020

CVE-2020-3884 (v3: 6.1) 1 Apr 2020
An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution.

2019

CVE-2019-6034 (v3: 6.1) 26 Dec 2019
a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors.

2018

CVE-2018-4153 (v3: 5.9) 3 Apr 2019
An injection issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.
CVE-2018-4235 (v3: 5.5) 8 Jun 2018
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows local users to perform impersonation attacks via an unspecified injection.

2017

2016

2015

CVE-2015-5841 (v2: 5) 18 Sep 2015
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.