Total
1453 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-42950 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-04-08 | N/A | 8.8 HIGH |
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
CVE-2023-42956 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-04-08 | N/A | 6.5 MEDIUM |
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. | |||||
CVE-2024-23273 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2024-03-14 | N/A | 4.3 MEDIUM |
This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication. | |||||
CVE-2024-23222 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-03-08 | N/A | 8.8 HIGH |
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited. | |||||
CVE-2024-23211 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-02-26 | N/A | 3.3 LOW |
A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings. | |||||
CVE-2024-23213 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-02-26 | N/A | 8.8 HIGH |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution. | |||||
CVE-2024-23206 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-02-26 | N/A | 6.5 MEDIUM |
An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user. | |||||
CVE-2023-42852 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2024-02-16 | N/A | 8.8 HIGH |
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution. | |||||
CVE-2009-1699 | 3 Apple, Canonical, Opensuse | 4 Iphone Os, Safari, Ubuntu Linux and 1 more | 2024-02-10 | 7.1 HIGH | 7.5 HIGH |
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack." | |||||
CVE-2023-42833 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-02-06 | N/A | 8.8 HIGH |
A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution. | |||||
CVE-2023-40414 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-02-06 | N/A | 9.8 CRITICAL |
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution. | |||||
CVE-2010-0050 | 4 Apple, Canonical, Fedoraproject and 1 more | 5 Iphone Os, Safari, Ubuntu Linux and 2 more | 2024-02-03 | 9.3 HIGH | 8.8 HIGH |
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. | |||||
CVE-2009-2416 | 11 Apple, Canonical, Debian and 8 more | 19 Iphone Os, Mac Os X, Mac Os X Server and 16 more | 2024-02-02 | 4.3 MEDIUM | 6.5 MEDIUM |
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | |||||
CVE-2008-3281 | 7 Apple, Canonical, Debian and 4 more | 11 Iphone Os, Safari, Ubuntu Linux and 8 more | 2024-02-02 | 4.3 MEDIUM | 6.5 MEDIUM |
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | |||||
CVE-2023-42890 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-02-02 | N/A | 8.8 HIGH |
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution. | |||||
CVE-2023-42883 | 2 Apple, Debian | 7 Ipados, Iphone Os, Macos and 4 more | 2024-02-02 | N/A | 5.5 MEDIUM |
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service. | |||||
CVE-2021-30663 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-02-02 | 6.8 MEDIUM | 8.8 HIGH |
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
CVE-2023-41993 | 3 Apple, Debian, Fedoraproject | 6 Ipados, Iphone Os, Macos and 3 more | 2024-01-31 | N/A | 9.8 CRITICAL |
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. | |||||
CVE-2023-41983 | 3 Apple, Debian, Fedoraproject | 6 Ipados, Iphone Os, Macos and 3 more | 2024-01-31 | N/A | 6.5 MEDIUM |
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service. | |||||
CVE-2023-41074 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2024-01-31 | N/A | 8.8 HIGH |
The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. |