Filtered by vendor Apple
Subscriptions
Total
11391 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-4136 | 4 Apple, Craftercms, Linux and 1 more | 4 Macos, Craftercms, Linux Kernel and 1 more | 2024-08-02 | 7.4 High |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27. | ||||
CVE-2023-3079 | 7 Apple, Couchbase, Debian and 4 more | 7 Macos, Couchbase Server, Debian Linux and 4 more | 2024-08-02 | 8.8 High |
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2023-2953 | 4 Apple, Netapp, Openldap and 1 more | 17 Macos, Active Iq Unified Manager, Clustered Data Ontap and 14 more | 2024-08-02 | 7.5 High |
A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. | ||||
CVE-2023-2508 | 2 Apple, Papercut | 2 Macos, Mobility Print Server | 2024-08-02 | 5.3 Medium |
The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure printer discovery" section). This is possible because the application has no protections against CSRF attacks, like Anti-CSRF tokens, header origin validation, samesite cookies, etc. | ||||
CVE-2023-2318 | 4 Apple, Linux, Marktext and 1 more | 4 Macos, Linux Kernel, Marktext and 1 more | 2024-08-02 | 8.6 High |
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText. | ||||
CVE-2023-2257 | 3 Apple, Devolutions, Microsoft | 3 Macos, Workspace, Windows | 2024-08-02 | 7.8 High |
Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login" security feature. This vulnerability occurs only if "Force Login" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space. | ||||
CVE-2023-2110 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-08-02 | 8.2 High |
Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian. | ||||
CVE-2023-1763 | 2 Apple, Canon | 3 Mac Os X, Macos, Ij Network Tool | 2024-08-02 | 6.5 Medium |
Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software. | ||||
CVE-2023-1764 | 2 Apple, Canon | 3 Mac Os X, Macos, Ij Network Tool | 2024-08-02 | 6.5 Medium |
Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software. | ||||
CVE-2023-1409 | 3 Apple, Microsoft, Mongodb | 3 Macos, Windows, Mongodb | 2024-08-02 | 5.3 Medium |
If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to establish a TLS connection with the server that supplies any certificate. This issue affect all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions v5.0.0 to v5.0.14 and all MongoDB Server v4.4 versions. | ||||
CVE-2023-1225 | 2 Apple, Google | 2 Iphone Os, Chrome | 2024-08-02 | 4.3 Medium |
Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2023-1174 | 2 Apple, Kubernetes | 2 Macos, Minikube | 2024-08-02 | 9.8 Critical |
This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container. | ||||
CVE-2023-0976 | 2 Apple, Trellix | 2 Macos, Agent | 2024-08-02 | 6.3 Medium |
A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by running the TA deployment feature located in the System Tree. | ||||
CVE-2023-0834 | 2 Apple, Hypr | 2 Macos, Workforce Access | 2024-08-02 | 7 High |
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1. | ||||
CVE-2023-0837 | 3 Apple, Microsoft, Teamviewer | 3 Macos, Windows, Remote | 2024-08-02 | 6.6 Medium |
An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration. | ||||
CVE-2023-0575 | 4 Apple, Linux, Microsoft and 1 more | 5 Iphone Os, Macos, Linux Kernel and 2 more | 2024-08-02 | 7.2 High |
External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0 | ||||
CVE-2024-40802 | 1 Apple | 1 Macos | 2024-08-02 | 7.8 High |
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges. | ||||
CVE-2024-27840 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-08-02 | 6.3 Medium |
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections. | ||||
CVE-2024-27806 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-08-02 | 5.5 Medium |
This issue was addressed with improved environment sanitization. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data. | ||||
CVE-2024-27805 | 1 Apple | 6 Ios, Ipados, Iphone Os and 3 more | 2024-08-02 | 5.5 Medium |
An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data. |