Filtered by vendor Apple
Subscribe
Total
797 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38598 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-34752 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2023-12-10 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. | |||||
| CVE-2022-46709 | 1 Apple | 1 Iphone Os | 2023-12-10 | N/A | 9.8 CRITICAL |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16. An app may be able to execute arbitrary code with kernel privileges | |||||
| CVE-2023-32412 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-27958 | 1 Apple | 1 Macos | 2023-12-10 | N/A | 9.1 CRITICAL |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory. | |||||
| CVE-2023-34756 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2023-12-10 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit. | |||||
| CVE-2023-27953 | 1 Apple | 1 Macos | 2023-12-10 | N/A | 9.8 CRITICAL |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory. | |||||
| CVE-2023-32419 | 1 Apple | 2 Ipados, Iphone Os | 2023-12-10 | N/A | 9.8 CRITICAL |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution. | |||||
| CVE-2023-29531 | 2 Apple, Mozilla | 4 Macos, Firefox, Firefox Esr and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. | |||||
| CVE-2023-34750 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2023-12-10 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit. | |||||
| CVE-2023-34753 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2023-12-10 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. | |||||
| CVE-2022-22630 | 1 Apple | 2 Mac Os X, Macos | 2023-12-10 | N/A | 9.8 CRITICAL |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution | |||||
| CVE-2022-4126 | 4 Abb, Apple, Linux and 1 more | 4 Rccmd, Macos, Linux Kernel and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207. | |||||
| CVE-2023-0834 | 2 Apple, Hypr | 2 Macos, Workforce Access | 2023-12-10 | N/A | 9.8 CRITICAL |
| Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1. | |||||
| CVE-2023-23526 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-12-10 | N/A | 9.8 CRITICAL |
| This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper. | |||||
| CVE-2023-34460 | 3 Apple, Linux, Tauri | 3 Macos, Linux Kernel, Tauri | 2023-12-10 | N/A | 9.8 CRITICAL |
| Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. `$HOME/*`), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the `fs` endpoint are affected. The regression has been patched on version 1.4.1. | |||||
| CVE-2023-34754 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2023-12-10 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. | |||||
| CVE-2023-34755 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2023-12-10 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit. | |||||
| CVE-2023-28201 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-32387 | 1 Apple | 1 Macos | 2023-12-10 | N/A | 9.8 CRITICAL |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. | |||||