Filtered by vendor Apple
Subscriptions
Total
11471 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-2110 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-10-07 | 8.2 High |
Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian. | ||||
CVE-2023-2318 | 4 Apple, Linux, Marktext and 1 more | 4 Macos, Linux Kernel, Marktext and 1 more | 2024-10-07 | 8.6 High |
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText. | ||||
CVE-2024-44207 | 1 Apple | 2 Ipados, Iphone Os | 2024-10-04 | 4.3 Medium |
This issue was addressed with improved checks. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated. | ||||
CVE-2024-44204 | 1 Apple | 2 Ipados, Iphone Os | 2024-10-04 | 5.5 Medium |
A logic issue was addressed with improved validation. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. A user's saved passwords may be read aloud by VoiceOver. | ||||
CVE-2024-44193 | 1 Apple | 1 Itunes | 2024-10-04 | 8.4 High |
A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges. | ||||
CVE-2023-1409 | 3 Apple, Microsoft, Mongodb | 3 Macos, Windows, Mongodb | 2024-10-02 | 5.3 Medium |
If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to establish a TLS connection with the server that supplies any certificate. This issue affect all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions v5.0.0 to v5.0.14 and all MongoDB Server v4.4 versions. | ||||
CVE-2023-26512 | 4 Apache, Apple, Linux and 1 more | 4 Eventmesh, Macos, Linux Kernel and 1 more | 2024-10-02 | 9.8 Critical |
CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, we will release the new version as soon as possible. | ||||
CVE-2023-41744 | 2 Acronis, Apple | 3 Agent, Cyber Protect, Macos | 2024-10-01 | 7.8 High |
Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before build 35979. | ||||
CVE-2024-44170 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-09-30 | 5.5 Medium |
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, macOS Sequoia 15. An app may be able to access user-sensitive data. | ||||
CVE-2023-32370 | 4 Apple, Redhat, Webkitgtk and 1 more | 4 Macos, Enterprise Linux, Webkitgtk and 1 more | 2024-09-30 | 5.3 Medium |
A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail. | ||||
CVE-2023-32425 | 1 Apple | 3 Ipad Os, Iphone Os, Watchos | 2024-09-30 | 7.8 High |
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain elevated privileges. | ||||
CVE-2023-32428 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2024-09-30 | 7.8 High |
This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges. | ||||
CVE-2023-32432 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2024-09-30 | 5.5 Medium |
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data. | ||||
CVE-2023-34352 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2024-09-30 | 5.3 Medium |
A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails. | ||||
CVE-2022-32920 | 1 Apple | 1 Xcode | 2024-09-30 | 5.5 Medium |
The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information. | ||||
CVE-2024-43201 | 4 Apple, Google, Planet Fitness and 1 more | 4 Iphone Os, Android, Planet Fitness Workouts and 1 more | 2024-09-30 | 8.8 High |
The Planet Fitness Workouts iOS and Android mobile apps prior to version 9.8.12 (released on 2024-07-25) fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information. | ||||
CVE-2024-44162 | 1 Apple | 1 Xcode | 2024-09-29 | 7.8 High |
This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to a user's Keychain items. | ||||
CVE-2024-8258 | 2 Apple, Logitech | 3 Macos, Logi Options\+, Options Plus | 2024-09-27 | 7.8 High |
Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration. | ||||
CVE-2023-41742 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect, Macos and 2 more | 2024-09-27 | 7.5 High |
Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | ||||
CVE-2023-41745 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect, Macos and 2 more | 2024-09-27 | 5.5 Medium |
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. |