Skip to main content

Apple

8072 CVEs vendor

Monthly

CVE-2024-0213 HIGH PATCH This Month

A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apple Denial Of Service Agent macOS
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2023-50643 CRITICAL POC THREAT Emergency

An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.9%.

RCE Apple Evernote
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
26.9%
Threat
4.3
CVE-2023-7224 HIGH This Week

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Code Injection Connect macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-6998 HIGH This Week

Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.2.0. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Google Authentication Bypass Ewelink
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2023-49790 MEDIUM PATCH This Month

The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apple Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-29487 CRITICAL POC Act Now

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple Microsoft Thor
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-29485 CRITICAL POC Act Now

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Apple Authentication Bypass Thor
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-42940 MEDIUM This Month

A session rendering issue was addressed with improved session tracking. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.7
EPSS
0.7%
CVE-2023-6857 MEDIUM This Month

When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Race Condition Apple Mozilla Microsoft +5
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-42801 HIGH POC PATCH This Week

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Apple Google Moonlight Common C Moonlight +6
NVD GitHub
CVSS 3.1
7.6
EPSS
0.8%
CVE-2023-43585 MEDIUM This Month

Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Meeting Software Development Kit Video Software Development Kit Zoom
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-43583 MEDIUM This Month

Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Google Authentication Bypass Meeting Software Development Kit Video Software Development Kit +1
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-6593 CRITICAL Act Now

Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Remote Desktop Manager
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-42932 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42926 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42924 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42923 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-42922 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42919 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-42914 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2023-42912 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42911 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42910 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-42909 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42908 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42907 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42906 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-42905 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42904 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42903 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42902 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-42901 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42900 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42899 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-42898 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-42897 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-42894 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42891 MEDIUM This Month

An authentication issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42890 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple Safari Ipados +4
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2023-42886 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42884 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-42883 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os +4
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-42882 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42874 LOW Monitor

This issue was addressed with improved state management. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
2.4
EPSS
0.3%
CVE-2023-40446 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-6288 HIGH This Week

Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Apple Remote Desktop Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22524 CRITICAL Act Now

Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Atlassian Companion
NVD
CVSS 3.1
9.8
EPSS
24.7%
CVE-2023-49284 MEDIUM POC PATCH This Month

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

RCE Information Disclosure Denial Of Service Apple Fish
NVD GitHub
CVSS 3.1
6.6
EPSS
0.5%
CVE-2023-44402 npm HIGH PATCH This Week

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Apple Electron
NVD GitHub
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-42917 HIGH KEV THREAT This Week

A memory corruption vulnerability was addressed with improved locking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Safari +6
NVD
CVSS 3.1
8.8
EPSS
9.4%
CVE-2023-42916 MEDIUM KEV THREAT This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple Safari Ipados +5
NVD
CVSS 3.1
6.5
EPSS
17.8%
CVE-2023-49314 HIGH This Week

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Apple Desktop
NVD GitHub
CVSS 3.1
7.8
EPSS
4.3%
CVE-2023-43123 Maven MEDIUM PATCH This Month

On unix-like systems, the temporary directory is shared between all user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Oracle Apple Atlassian Java Apache +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-47393 MEDIUM This Month

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mercedes Me
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-47392 MEDIUM This Month

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mercedes Me
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-49061 MEDIUM This Month

An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Apple Open Redirect Firefox
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-49060 CRITICAL Act Now

An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Apple Information Disclosure Firefox
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-43591 HIGH This Week

Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-43590 HIGH This Week

Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41138 MEDIUM This Month

The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Appsanywhere Client
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-41036 HIGH POC PATCH This Week

Macvim is a text editor for MacOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Apple Macvim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3277 CRITICAL POC THREAT Emergency

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.2%.

Apple WordPress Privilege Escalation Mstore Api
NVD VulDB
CVSS 3.1
9.8
EPSS
38.2%
Threat
4.6
CVE-2023-5920 LOW Monitor

Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Mattermost Information Disclosure Apple Mattermost Desktop
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-42861 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-42857 LOW Monitor

A privacy issue was addressed with improved private data redaction for log entries. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2023-42856 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-42854 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-42852 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +5
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-42850 MEDIUM This Month

The issue was addressed with improved permissions logic. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42849 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Ipados Iphone Os +2
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-42847 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-42846 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Tvos +1
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-42845 MEDIUM This Month

An authentication issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-42844 HIGH This Week

This issue was addressed with improved handling of symlinks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-42842 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42841 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Ipados Iphone Os +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-42438 MEDIUM This Month

An inconsistent user interface issue was addressed with improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-41997 MEDIUM This Month

This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2023-41989 MEDIUM This Month

The issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-41988 MEDIUM This Month

This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-41983 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-41982 MEDIUM This Month

This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2023-41977 MEDIUM This Month

The issue was addressed with improved handling of caches. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-41976 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Safari +5
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-41975 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2023-41254 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-41077 MEDIUM This Month

An app may be able to access protected user data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-41072 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-40449 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-40447 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Safari Ipados +4
NVD
CVSS 3.1
8.8
EPSS
1.5%
EPSS 0% CVSS 8.2
HIGH PATCH This Month

A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apple Denial Of Service +2
NVD
EPSS 27% 4.3 CVSS 9.8
CRITICAL POC THREAT Emergency

An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.9%.

RCE Apple Evernote
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Code Injection +2
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.2.0. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Google Authentication Bypass +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apple Authentication Bypass Nextcloud
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple Microsoft +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Apple +2
NVD
EPSS 1% CVSS 5.7
MEDIUM This Month

A session rendering issue was addressed with improved session tracking. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Race Condition Apple +7
NVD
EPSS 1% CVSS 7.6
HIGH POC PATCH This Week

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Apple Google +8
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Meeting Software Development Kit +2
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Google Authentication Bypass +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Remote Desktop Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +2
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +4
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +4
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An authentication issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 3% CVSS 8.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple +6
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +3
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari +6
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 2.4
LOW Monitor

This issue was addressed with improved state management. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Apple +1
NVD
EPSS 25% CVSS 9.8
CRITICAL Act Now

Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Atlassian +1
NVD
EPSS 0% CVSS 6.6
MEDIUM POC PATCH This Month

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

RCE Information Disclosure Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Apple Electron
NVD GitHub
EPSS 9% CVSS 8.8
HIGH KEV THREAT This Week

A memory corruption vulnerability was addressed with improved locking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +8
NVD
EPSS 18% CVSS 6.5
MEDIUM KEV THREAT This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple +7
NVD
EPSS 4% CVSS 7.8
HIGH This Week

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Apple +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

On unix-like systems, the temporary directory is shared between all user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Oracle Apple Atlassian +4
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mercedes Me
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mercedes Me
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Apple Open Redirect +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Apple Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Rooms
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Rooms
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Appsanywhere Client
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Macvim is a text editor for MacOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Apple Macvim
NVD GitHub
EPSS 38% 4.6 CVSS 9.8
CRITICAL POC THREAT Emergency

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.2%.

Apple WordPress Privilege Escalation +1
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Mattermost Information Disclosure Apple +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A privacy issue was addressed with improved private data redaction for log entries. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +7
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved permissions logic. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +3
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An authentication issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

This issue was addressed with improved handling of symlinks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple +3
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

An inconsistent user interface issue was addressed with improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +3
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Safari +5
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +3
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The issue was addressed with improved handling of caches. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE +7
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An app may be able to access protected user data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Ipados +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple +6
NVD
Prev Page 27 of 90 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy