Filtered by vendor Apple
Subscriptions
Total
11199 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32933 | 1 Apple | 1 Macos | 2024-06-12 | 5.3 Medium |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode. | ||||
| CVE-2022-48683 | 1 Apple | 1 Macos | 2024-06-12 | 7.8 High |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13. An app may be able to break out of its sandbox. | ||||
| CVE-2023-40389 | 1 Apple | 1 Macos | 2024-06-12 | 5.5 Medium |
| The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to access sensitive user data. | ||||
| CVE-2024-23299 | 1 Apple | 1 Macos | 2024-06-12 | 8.6 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to break out of its sandbox. | ||||
| CVE-2024-27792 | 1 Apple | 1 Macos | 2024-06-12 | 5.5 Medium |
| This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data. | ||||
| CVE-2024-23222 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-06-12 | 8.8 High |
| A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited. | ||||
| CVE-2024-23214 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-06-12 | 8.8 High |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2024-23213 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-06-12 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution. | ||||
| CVE-2024-23206 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-06-12 | 6.5 Medium |
| An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user. | ||||
| CVE-2023-42956 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-06-12 | 6.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. | ||||
| CVE-2023-42950 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-06-12 | 8.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2023-42890 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-06-12 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution. | ||||
| CVE-2023-42883 | 2 Apple, Debian | 7 Ipados, Iphone Os, Macos and 4 more | 2024-06-12 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service. | ||||
| CVE-2024-23296 | 1 Apple | 6 Ipad Os, Iphone Os, Macos and 3 more | 2024-06-10 | 7.8 High |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. | ||||
| CVE-2023-42893 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-06-10 | 5.5 Medium |
| A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected user data. | ||||
| CVE-2022-39253 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Xcode, Debian Linux, Fedora and 1 more | 2024-06-10 | 5.5 Medium |
| Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`. | ||||
| CVE-2023-42861 | 1 Apple | 1 Macos | 2024-06-10 | 6.5 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac. | ||||
| CVE-2023-47074 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-06-06 | 7.8 High |
| Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-47044 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2024-06-06 | 5.5 Medium |
| Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-48618 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-06-05 | 7.0 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1. | ||||