Total
28651 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38596 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-09-24 | 5.5 Medium |
| The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may fail to enforce App Transport Security. | ||||
| CVE-2023-41981 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-09-24 | 4.4 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | ||||
| CVE-2023-40386 | 1 Apple | 1 Macos | 2024-09-24 | 3.3 Low |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access Notes attachments. | ||||
| CVE-2023-40435 | 1 Apple | 1 Xcode | 2024-09-24 | 5.5 Medium |
| This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials. | ||||
| CVE-2023-40434 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-09-24 | 3.3 Low |
| A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user's Photos Library. | ||||
| CVE-2023-41065 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-09-24 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to read sensitive location information. | ||||
| CVE-2023-41073 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-09-24 | 5.5 Medium |
| An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access protected user data. | ||||
| CVE-2023-32361 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-09-24 | 5.5 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data. | ||||
| CVE-2023-40402 | 1 Apple | 1 Macos | 2024-09-24 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data. | ||||
| CVE-2023-43775 | 1 Eaton | 8 Smp 16, Smp 16 Firmware, Smp 4\/dp and 5 more | 2024-09-24 | 4.7 Medium |
| Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause the SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is not vulnerable anymore. | ||||
| CVE-2024-38016 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-09-24 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2024-40790 | 1 Apple | 1 Visionos | 2024-09-23 | 5.5 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in visionOS 2. An app may be able to read sensitive data from the GPU memory. | ||||
| CVE-2024-37139 | 1 Dell | 1 Data Domain Operating System | 2024-09-23 | 6.5 Medium |
| Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource constraint of system application. Exploitation may lead to denial of service of the application. | ||||
| CVE-2023-41444 | 2 Binalyze, Microsoft | 2 Irec, Windows | 2024-09-23 | 7.8 High |
| An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver. | ||||
| CVE-2023-21855 | 1 Oracle | 1 Sales For Handhelds | 2024-09-23 | 7.5 High |
| Vulnerability in the Oracle Sales for Handhelds product of Oracle E-Business Suite (component: Pocket Outlook Sync(PocketPC)). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Sales for Handhelds. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Sales for Handhelds accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). | ||||
| CVE-2023-42820 | 1 Fit2cloud | 1 Jumpserver | 2024-09-23 | 7 High |
| JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users not using local authentication are also not affected. Users are advised to upgrade to either version 2.28.19 or to 3.6.5. There are no known workarounds or this issue. | ||||
| CVE-2023-41321 | 1 Glpi-project | 1 Glpi | 2024-09-23 | 4.9 Medium |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-23958 | 1 Symantec | 1 Protection Engine | 2024-09-23 | 6.8 Medium |
| Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability. | ||||
| CVE-2023-41322 | 1 Glpi-project | 1 Glpi | 2024-09-23 | 4.9 Medium |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to change the latter's password and then take control of their account. Users are advised to upgrade to version 10.0.10. There are no known work around for this vulnerability. | ||||
| CVE-2023-41323 | 1 Glpi-project | 1 Glpi | 2024-09-23 | 5.3 Medium |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | ||||