Skip to main content

Apple

8072 CVEs vendor

Monthly

CVE-2024-27805 MEDIUM This Month

An issue was addressed with improved validation of environment variables. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27802 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Information Disclosure Ipados +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27801 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27800 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-27799 LOW Monitor

This issue was addressed with additional entitlement checks. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-23282 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple Information Disclosure Ipados Iphone Os +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-23251 MEDIUM This Month

An authentication issue was addressed with improved state management. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2024-27792 MEDIUM This Month

This issue was addressed by adding an additional prompt for user consent. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-23299 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2024-36969 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Lenovo Denial Of Service Amd Apple +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-1880 HIGH POC PATCH This Week

An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Apple Command Injection RCE Autogpt Classic
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2024-30165 HIGH This Week

Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-30164 MEDIUM This Month

Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Microsoft
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-2451 MEDIUM This Month

Improper fingerprint validation in the TeamViewer Client (Full & Host) prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via. Rated medium severity (CVSS 6.4). No vendor patch available.

Apple Jwt Attack Information Disclosure Microsoft
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-32988 HIGH This Week

'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Google
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-5022 MEDIUM This Month

The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS < 126. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Firefox Focus
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-1417 HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Watchguard Command Injection
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-31953 MEDIUM This Month

An issue was discovered in Samsung Magician 8.0.0 on macOS. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Apple RCE Samsung Magician
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-31952 MEDIUM This Month

An issue was discovered in Samsung Magician 8.0.0 on macOS. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Apple Samsung Magician
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-27852 MEDIUM This Month

A privacy issue was addressed with improved client ID handling for alternative app marketplaces. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-27847 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27843 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27842 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27841 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-27839 LOW Monitor

A privacy issue was addressed by moving sensitive data to a more secure location. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-27837 LOW Monitor

A downgrade issue was addressed with additional code-signing restrictions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-27835 LOW Monitor

This issue was addressed through improved state management. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os
NVD VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2024-27834 MEDIUM POC This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +6
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27829 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-27827 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-27825 HIGH This Week

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Intel Authentication Bypass macOS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-27824 HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-27822 HIGH POC Act Now

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27821 MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Path Traversal Apple Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
4.7
EPSS
2.4%
CVE-2024-27818 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Command Injection Ipados Iphone Os +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27816 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27813 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2024-27810 MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-27804 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
5.5
EPSS
4.0%
CVE-2024-27803 LOW Monitor

A permissions issue was addressed with improved validation. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os
NVD VulDB
CVSS 3.1
2.4
EPSS
0.0%
CVE-2024-27798 HIGH This Week

An authorization issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-27796 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-27789 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-23236 MEDIUM This Month

A correctness issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-23229 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-28883 HIGH This Week

An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Apple Microsoft Big Ip Access Policy Manager Big Ip Access Policy Manager Client
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-32986 CRITICAL Act Now

PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Mozilla Microsoft
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-23462 HIGH This Week

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Client Connector
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-23461 MEDIUM This Month

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Client Connector
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-23480 CRITICAL Act Now

A fallback mechanism in code sign checking on macOS may allow arbitrary code execution.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Jwt Attack RCE Client Connector
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-32970 Ruby HIGH PATCH This Week

Phlex is a framework for building object-oriented views in Ruby. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Google Mozilla
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2024-33309 HIGH This Week

An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-33308 CRITICAL Act Now

An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple Google
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-22405 MEDIUM This Month

XADMaster is an objective-C library for archive and file unarchiving and extraction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20313 HIGH This Week

A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-27791 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-23271 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-23228 LOW Monitor

This issue was addressed through improved state management. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-27247 MEDIUM This Month

Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Jwt Attack Zoom
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-31215 PyPI MEDIUM PATCH This Month

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Apple Google Microsoft Mobile Security Framework
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-31393 MEDIUM This Month

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apple Mozilla Firefox
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-31392 HIGH This Week

If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-3130 MEDIUM This Month

Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after. Rated medium severity (CVSS 5.7). No vendor patch available.

Authentication Bypass Apple Information Disclosure Google
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2024-28895 MEDIUM This Month

'Yahoo!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Google
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-29891 Go HIGH PATCH This Week

ZITADEL users can upload their own avatar image and various image types are allowed. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Google Mozilla File Upload Zitadel
NVD GitHub
CVSS 3.1
8.7
EPSS
0.8%
CVE-2024-20308 HIGH This Week

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Cisco Denial Of Service Apple +2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-20307 HIGH This Week

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow Apple iOS +1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-20324 MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure Ios Xe
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-20316 MEDIUM This Month

A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure Ios Xe
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-20314 HIGH This Week

A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-20312 HIGH This Week

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Cisco Apple Denial Of Service iOS +1
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-20311 HIGH This Week

A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-20309 MEDIUM This Month

A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-20306 MEDIUM This Month

A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-20303 HIGH This Week

A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-20278 MEDIUM This Month

A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure Ios Xe
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-20276 HIGH This Week

A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-20259 HIGH This Week

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cisco Denial Of Service Apple +1
NVD
CVSS 3.1
8.6
EPSS
0.8%
CVE-2024-1933 HIGH This Week

Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-28183 MEDIUM PATCH This Month

ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required.

Authentication Bypass Apple Microsoft Esp Idf
NVD GitHub
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-23755 HIGH This Week

ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Apple Microsoft Clickup
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-2631 MEDIUM This Month

Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-2630 MEDIUM This Month

Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Google Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-2629 MEDIUM This Month

Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-2537 CRITICAL Act Now

Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Logi Tune
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-27301 HIGH POC PATCH This Week

Support App is an opensource application specialized in managing Apple devices. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Apple RCE Support App
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-1221 LOW Monitor

This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Papercut Mf Papercut Ng
NVD
CVSS 3.1
3.1
EPSS
0.5%
CVE-2024-20327 HIGH This Week

A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-20322 MEDIUM This Month

A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Cisco Ios Xr
NVD
CVSS 3.1
5.8
EPSS
0.5%
CVE-2024-20320 HIGH This Week

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure Ios Xr
NVD
CVSS 3.1
7.8
EPSS
0.2%
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was addressed with improved validation of environment variables. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow +6
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +5
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados +5
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

This issue was addressed with additional entitlement checks. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple Information Disclosure +4
NVD VulDB
EPSS 0% CVSS 4.6
MEDIUM This Month

An authentication issue was addressed with improved state management. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed by adding an additional prompt for user consent. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Lenovo Denial Of Service +3
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Apple Command Injection RCE +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Microsoft
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Improper fingerprint validation in the TeamViewer Client (Full & Host) prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via. Rated medium severity (CVSS 6.4). No vendor patch available.

Apple Jwt Attack Information Disclosure +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Google
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS < 126. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Firefox Focus
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Watchguard Command Injection
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An issue was discovered in Samsung Magician 8.0.0 on macOS. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Apple RCE +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An issue was discovered in Samsung Magician 8.0.0 on macOS. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Apple Samsung +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A privacy issue was addressed with improved client ID handling for alternative app marketplaces. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +2
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

A privacy issue was addressed by moving sensitive data to a more secure location. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +1
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

A downgrade issue was addressed with additional code-signing restrictions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 2.4
LOW Monitor

This issue was addressed through improved state management. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Safari +8
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple macOS
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Intel Authentication Bypass +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 7.8
HIGH POC Act Now

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 2% CVSS 4.7
MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Path Traversal Apple Ipados +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Command Injection +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +4
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple Ipados +4
NVD VulDB
EPSS 4% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados +5
NVD VulDB
EPSS 0% CVSS 2.4
LOW Monitor

A permissions issue was addressed with improved validation. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

An authorization issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A correctness issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
EPSS 0% CVSS 7.4
HIGH This Week

An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Apple Microsoft +2
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Mozilla +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Client Connector
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Client Connector
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

A fallback mechanism in code sign checking on macOS may allow arbitrary code execution.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Jwt Attack RCE +1
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Phlex is a framework for building object-oriented views in Ruby. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Google +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple Google
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

XADMaster is an objective-C library for archive and file unarchiving and extraction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD GitHub
EPSS 0% CVSS 7.4
HIGH This Week

A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Apple +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados +3
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari +5
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

This issue was addressed through improved state management. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +1
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM This Month

Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Jwt Attack +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Apple Google +2
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apple Mozilla +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mozilla +1
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after. Rated medium severity (CVSS 5.7). No vendor patch available.

Authentication Bypass Apple Information Disclosure +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

'Yahoo!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Google
NVD
EPSS 1% CVSS 8.7
HIGH PATCH This Week

ZITADEL users can upload their own avatar image and various image types are allowed. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Google Mozilla +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Cisco +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 7.4
HIGH This Week

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Cisco Apple +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 7.4
HIGH This Week

A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 7.4
HIGH This Week

A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 1% CVSS 8.6
HIGH This Week

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cisco +3
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required.

Authentication Bypass Apple Microsoft +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Apple +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Google +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Logi Tune
NVD
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

Support App is an opensource application specialized in managing Apple devices. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Apple RCE +1
NVD GitHub
EPSS 1% CVSS 3.1
LOW Monitor

This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Apple Information Disclosure Papercut Mf +1
NVD
EPSS 0% CVSS 7.4
HIGH This Week

A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +1
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Cisco +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +1
NVD
Prev Page 24 of 90 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy