Total
3589 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37285 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-11-21 | N/A | 9.8 CRITICAL |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-36862 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 5.5 MEDIUM |
| A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location. | |||||
| CVE-2023-36858 | 3 Apple, F5, Microsoft | 4 Macos, Access Policy Manager Clients, Big-ip Access Policy Manager and 1 more | 2024-11-21 | N/A | 7.1 HIGH |
| An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-36854 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 7.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-36495 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-36000 | 2 Apple, Proofpoint | 2 Macos, Insider Threat Management Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected. | |||||
| CVE-2023-35993 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-35990 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | N/A | 3.3 LOW |
| The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed. | |||||
| CVE-2023-35984 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write. | |||||
| CVE-2023-35983 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system. | |||||
| CVE-2023-35074 | 2 Apple, Fedoraproject | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-34756 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2024-11-21 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit. | |||||
| CVE-2023-34755 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2024-11-21 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit. | |||||
| CVE-2023-34754 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2024-11-21 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. | |||||
| CVE-2023-34753 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2024-11-21 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. | |||||
| CVE-2023-34752 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2024-11-21 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. | |||||
| CVE-2023-34751 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2024-11-21 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit. | |||||
| CVE-2023-34750 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2024-11-21 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit. | |||||
| CVE-2023-34460 | 3 Apple, Linux, Tauri | 3 Macos, Linux Kernel, Tauri | 2024-11-21 | N/A | 4.8 MEDIUM |
| Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. `$HOME/*`), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the `fs` endpoint are affected. The regression has been patched on version 1.4.1. | |||||
| CVE-2023-34425 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | |||||