Skip to main content

Apple

8071 CVEs vendor

Monthly

CVE-2023-28199 MEDIUM This Month

An out-of-bounds read issue existed that led to the disclosure of kernel memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28198 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Ipados +4
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-28179 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-27948 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27947 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27939 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-36673 HIGH POC This Week

An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Phantom Vpn
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2023-36672 MEDIUM POC This Month

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Vpn
NVD
CVSS 3.1
5.7
EPSS
0.7%
CVE-2023-36671 MEDIUM POC This Month

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Apple Vpn
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2023-39107 CRITICAL POC Act Now

An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Nomachine
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-4136 Maven MEDIUM POC PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.0.0 through. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Microsoft Craftercms
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2023-38418 HIGH This Week

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Jwt Attack Access Policy Manager Clients Big Ip Access Policy Manager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-36858 MEDIUM This Month

An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Access Policy Manager Clients Big Ip Access Policy Manager
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-38609 HIGH This Week

An injection issue was addressed with improved input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-38604 CRITICAL Act Now

An out-of-bounds write issue was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Ipados +4
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-38601 HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-38599 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-38598 CRITICAL Act Now

A use-after-free issue was addressed with improved memory management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Ipados +4
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-38592 HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-38590 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-38571 HIGH This Week

This issue was addressed with improved validation of symlinks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-37285 CRITICAL Act Now

An out-of-bounds read was addressed with improved bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Apple Ipados +2
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-36495 CRITICAL Act Now

An integer overflow was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Apple Ipados Iphone Os +3
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-34425 CRITICAL Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-32654 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-32445 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari Ipados Iphone Os +3
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-32444 HIGH This Week

A logic issue was addressed with improved validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-32427 MEDIUM This Month

This issue was addressed by using HTTPS when sending information over the network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Google Music
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-28203 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Google Music
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-38611 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-38608 MEDIUM This Month

The issue was addressed with additional permissions checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-38603 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-38602 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-38600 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-38595 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-38593 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-38580 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-38572 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +3
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-38565 HIGH This Week

A path handling issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-38564 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-38425 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-38424 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-38421 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38261 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-38259 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-38258 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38136 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os Watchos
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-35993 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Ipados +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32734 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32443 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple macOS
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-32442 MEDIUM This Month

An access issue was addressed with improved access restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32441 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32429 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32418 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-32416 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32393 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-32364 HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
8.6
EPSS
0.8%
CVE-2023-38606 MEDIUM KEV THREAT This Month

This issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2023-38597 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-38594 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-38410 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-38133 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-37450 HIGH KEV THREAT This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +4
NVD
CVSS 3.1
8.8
EPSS
18.9%
CVE-2023-36862 MEDIUM This Month

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Intel macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-36854 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-35983 MEDIUM This Month

This issue was addressed with improved data protection. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32437 HIGH This Week

The issue was addressed with improvements to the file handling protocol. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2023-32433 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Ipados +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32381 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Ipados +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3615 HIGH This Week

Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mattermost Information Disclosure Apple
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2023-36883 MEDIUM PATCH This Month

Microsoft Edge for iOS Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Apple Authentication Bypass Edge
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-37456 MEDIUM This Month

The session restore helper crashed whenever there was no parameter sent to the message handler. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Null Pointer Dereference Apple Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37455 MEDIUM This Month

The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Apple XSS Firefox
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-37277 Maven CRITICAL PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

RCE Mozilla Apple CSRF Xwiki
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2023-33298 HIGH POC This Week

com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Command Injection Xpc Helpertool
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-28387 MEDIUM This Month

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Google Authentication Bypass Newspicks
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-34658 MEDIUM This Month

Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Telegram
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-20199 MEDIUM This Month

A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Authentication Bypass Duo
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2023-36000 MEDIUM This Month

A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Insider Threat Management Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-2818 MEDIUM This Month

An insecure filesystem permission in the Insider Threat Management Agent for Windows enables local unprivileged users to disrupt agent monitoring. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Insider Threat Management
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32439 HIGH KEV THREAT This Week

A type confusion issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Safari Ipados +3
NVD
CVSS 3.1
8.8
EPSS
23.8%
CVE-2023-32435 HIGH KEV THREAT This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Safari +3
NVD
CVSS 3.1
8.8
EPSS
23.0%
CVE-2023-32434 HIGH KEV THREAT This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Apple Ipados Iphone Os +2
NVD
CVSS 3.1
7.8
EPSS
51.5%
CVE-2023-32423 MEDIUM This Month

A buffer overflow issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-32422 MEDIUM This Month

This issue was addressed by adding additional SQLite logging restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-32420 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple Ipados Iphone Os +3
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-32419 CRITICAL Act Now

The issue was addressed with improved bounds checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-32417 LOW Monitor

This issue was addressed by restricting options offered on a locked device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Watchos
NVD
CVSS 3.1
2.4
EPSS
0.3%
CVE-2023-32415 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-32414 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
8.6
EPSS
0.2%
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds read issue existed that led to the disclosure of kernel memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE +6
NVD
EPSS 0% CVSS 7.1
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple +1
NVD
EPSS 1% CVSS 7.3
HIGH POC This Week

An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Phantom Vpn
NVD
EPSS 1% CVSS 5.7
MEDIUM POC This Month

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Vpn
NVD
EPSS 0% CVSS 6.3
MEDIUM POC This Month

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Apple Vpn
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Nomachine
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.0.0 through. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Microsoft +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Jwt Attack +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An injection issue was addressed with improved input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An out-of-bounds write issue was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +6
NVD
EPSS 1% CVSS 7.5
HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari +5
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A use-after-free issue was addressed with improved memory management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE +6
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Ipados +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

This issue was addressed with improved validation of symlinks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An out-of-bounds read was addressed with improved bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +4
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An integer overflow was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Apple +5
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +3
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari +5
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A logic issue was addressed with improved validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

This issue was addressed by using HTTPS when sending information over the network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Google +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Google +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +5
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with additional permissions checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +5
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A path handling issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +4
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apple Ipados +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE +6
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +4
NVD
EPSS 1% CVSS 8.1
HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An access issue was addressed with improved access restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +4
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +4
NVD
EPSS 1% CVSS 8.6
HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 1% CVSS 5.5
MEDIUM KEV THREAT This Month

This issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Ipados +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari +5
NVD
EPSS 19% CVSS 8.8
HIGH KEV THREAT This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +6
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Intel +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved data protection. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 0% CVSS 8.6
HIGH This Week

The issue was addressed with improvements to the file handling protocol. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE +6
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE +6
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mattermost Information Disclosure Apple
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Microsoft Edge for iOS Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Apple Authentication Bypass +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The session restore helper crashed whenever there was no parameter sent to the message handler. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Null Pointer Dereference +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Apple XSS +1
NVD
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

RCE Mozilla Apple +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Command Injection +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Google Authentication Bypass +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Telegram
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Authentication Bypass +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Insider Threat Management Server
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An insecure filesystem permission in the Insider Threat Management Agent for Windows enables local unprivileged users to disrupt agent monitoring. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft +1
NVD
EPSS 24% CVSS 8.8
HIGH KEV THREAT This Week

A type confusion issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple +5
NVD
EPSS 23% CVSS 8.8
HIGH KEV THREAT This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +5
NVD
EPSS 52% CVSS 7.8
HIGH KEV THREAT This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Apple +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A buffer overflow issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Safari +5
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

This issue was addressed by adding additional SQLite logging restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +3
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple +5
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The issue was addressed with improved bounds checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +1
NVD
EPSS 0% CVSS 2.4
LOW Monitor

This issue was addressed by restricting options offered on a locked device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Watchos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +3
NVD
EPSS 0% CVSS 8.6
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
Prev Page 30 of 90 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy