Total
28651 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40520 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2024-09-24 | 3.3 Low |
| The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory. | ||||
| CVE-2023-40388 | 1 Apple | 1 Macos | 2024-09-24 | 4.3 Medium |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. Safari may save photos to an unprotected location. | ||||
| CVE-2023-37448 | 1 Apple | 1 Macos | 2024-09-24 | 3.3 Low |
| A lock screen issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. A user may be able to view restricted content from the lock screen. | ||||
| CVE-2023-40426 | 1 Apple | 1 Macos | 2024-09-24 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences. | ||||
| CVE-2023-42798 | 1 Hollowaykeanho | 1 Automataci | 2024-09-24 | 8.2 High |
| AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the `PROJECT_PATH_RELEASE` (e.g. `releases/`) directory is manually and actually `git cloned` properly, making it a different git repostiory from the root git repository. | ||||
| CVE-2022-39403 | 1 Oracle | 1 Mysql | 2024-09-24 | 3.9 Low |
| Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Shell accessible data as well as unauthorized read access to a subset of MySQL Shell accessible data. CVSS 3.1 Base Score 3.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N). | ||||
| CVE-2023-35990 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-09-24 | 3.3 Low |
| The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed. | ||||
| CVE-2023-39233 | 1 Apple | 1 Macos | 2024-09-24 | 6.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may disclose sensitive information. | ||||
| CVE-2023-40384 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-09-24 | 3.3 Low |
| A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information. | ||||
| CVE-2023-29497 | 1 Apple | 1 Macos | 2024-09-24 | 3.3 Low |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access calendar data saved to a temporary directory. | ||||
| CVE-2022-21430 | 1 Oracle | 1 Communications Billing And Revenue Management | 2024-09-24 | 8.5 High |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Difficult to exploit vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2021-35689 | 1 Oracle | 1 Talent Acquisition Cloud | 2024-09-24 | 9.8 Critical |
| A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. This high severity potential vulnerability allows attackers to perform remote code execution on Taleo Enterprise Edition system. Successful attacks of this vulnerability can result in unauthorized remote code execution within Taleo Enterprise Edition and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. All affected customers were notified of CVE-2021-35689 by Oracle. | ||||
| CVE-2022-21389 | 1 Oracle | 1 Communications Billing And Revenue Management | 2024-09-24 | 10 Critical |
| Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2023-40395 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-09-24 | 3.3 Low |
| The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access contacts. | ||||
| CVE-2023-41986 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-09-24 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to modify protected parts of the file system. | ||||
| CVE-2023-40456 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2024-09-24 | 3.3 Low |
| The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory. | ||||
| CVE-2023-32421 | 1 Apple | 1 Macos | 2024-09-24 | 5.5 Medium |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to observe unprotected user data. | ||||
| CVE-2023-41066 | 1 Apple | 1 Macos | 2024-09-24 | 5.5 Medium |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to unexpectedly leak a user's credentials from secure text fields. | ||||
| CVE-2023-41067 | 1 Apple | 1 Macos | 2024-09-24 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks. | ||||
| CVE-2023-40420 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-09-24 | 6.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service. | ||||