Total
3589 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20711 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
| Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-20710 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
| Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-1149 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
| Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2. | |||||
| CVE-2023-6857 | 5 Apple, Debian, Google and 2 more | 7 Macos, Debian Linux, Android and 4 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | |||||
| CVE-2023-6336 | 2 Apple, Hypr | 2 Macos, Workforce Access | 2024-11-21 | N/A | 7.2 HIGH |
| Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7. | |||||
| CVE-2023-6288 | 2 Apple, Devolutions | 2 Macos, Remote Desktop Manager | 2024-11-21 | N/A | 7.8 HIGH |
| Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable. | |||||
| CVE-2023-5920 | 2 Apple, Mattermost | 2 Macos, Mattermost Desktop | 2024-11-21 | N/A | 2.9 LOW |
| Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input. | |||||
| CVE-2023-5726 | 2 Apple, Mozilla | 4 Macos, Firefox, Firefox Esr and 1 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | |||||
| CVE-2023-5450 | 2 Apple, F5 | 2 Macos, Big-ip Access Policy Manager | 2024-11-21 | N/A | 7.3 HIGH |
| An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-4781 | 3 Apple, Debian, Vim | 3 Macos, Debian Linux, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. | |||||
| CVE-2023-4759 | 3 Apple, Eclipse, Microsoft | 3 Macos, Jgit, Windows | 2024-11-21 | N/A | 8.8 HIGH |
| Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem. This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command. The issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration. Setting git configuration option core.symlinks = false before checking out avoids the problem. The issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/ and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from 5.13.3.202401111512-r. The JGit maintainers would like to thank RyotaK for finding and reporting this issue. | |||||
| CVE-2023-4752 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.1858. | |||||
| CVE-2023-4751 | 2 Apple, Vim | 2 Macos, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331. | |||||
| CVE-2023-4750 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.1857. | |||||
| CVE-2023-4738 | 2 Apple, Vim | 2 Macos, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. | |||||
| CVE-2023-4736 | 2 Apple, Vim | 2 Macos, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. | |||||
| CVE-2023-4735 | 2 Apple, Vim | 2 Macos, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. | |||||
| CVE-2023-4734 | 2 Apple, Vim | 2 Macos, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. | |||||
| CVE-2023-4733 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.1840. | |||||
| CVE-2023-4688 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433. | |||||