Skip to main content

Apple

8071 CVEs vendor

Monthly

CVE-2023-23504 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Ipados +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-23503 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23502 MEDIUM This Month

An information disclosure issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple Ipados Iphone Os +3
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23501 MEDIUM This Month

The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23500 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23499 MEDIUM This Month

This issue was addressed by enabling hardened runtime. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-23498 LOW Monitor

A logic issue was addressed with improved state management. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Ipados Iphone Os +1
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-23497 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-23496 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple Safari Ipados +4
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-23493 LOW Monitor

A logic issue was addressed with improved state management. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-26020 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.0 from 4.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Apple SQLi Crafter Cms
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-22367 MEDIUM This Month

Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Google Ichiran
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-0575 CRITICAL Act Now

External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple Microsoft Yugabytedb
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-23132 HIGH This Week

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Selfwealth
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-23131 HIGH This Week

Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Selfwealth
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-24069 LOW POC Monitor

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Microsoft Signal Desktop
NVD
CVSS 3.1
3.3
EPSS
0.9%
CVE-2023-24068 HIGH POC This Week

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Microsoft Signal Desktop
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-45412 HIGH This Week

When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google Mozilla Microsoft Information Disclosure +3
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-3155 HIGH This Week

When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Mozilla Thunderbird
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-31746 MEDIUM This Month

Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mozilla Firefox
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-26386 MEDIUM POC This Month

Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Mozilla Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-22750 MEDIUM POC This Month

By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Microsoft Mozilla Firefox
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-1887 CRITICAL Act Now

The search term could have been specified externally to trigger SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple SQLi Mozilla Firefox
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-43543 MEDIUM This Month

KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Google Message
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-46702 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-46701 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-46700 HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Safari +5
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-46699 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Safari +5
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-46698 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Icloud Safari +5
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-46697 HIGH This Week

An out-of-bounds access issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow macOS
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-46696 HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Safari +5
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-46695 MEDIUM This Month

A spoofing issue existed in the handling of URLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Ipados Iphone Os macOS +2
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-46694 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Ipados +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-46693 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Microsoft RCE Memory Corruption +6
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-46692 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Microsoft Authentication Bypass Icloud Safari +5
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-46691 HIGH This Week

A memory consumption issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Safari +5
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-46690 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Ipados +4
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-46689 HIGH POC THREAT Act Now

A race condition was addressed with additional validation. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple Safari Ipados +4
NVD
CVSS 3.1
7.0
EPSS
44.7%
CVE-2022-42867 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple RCE Use After Free Memory Corruption +6
NVD
CVSS 3.1
8.8
EPSS
34.6%
CVE-2022-42866 MEDIUM This Month

The issue was addressed with improved handling of caches. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42865 MEDIUM This Month

This issue was addressed by enabling hardened runtime. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42864 HIGH This Week

A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple Ipados Iphone Os +3
NVD
CVSS 3.1
7.0
EPSS
0.9%
CVE-2022-42863 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Safari +5
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-42862 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42861 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-42859 MEDIUM This Month

Multiple issues were addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42856 HIGH KEV THREAT This Week

A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Memory Corruption Safari Ipados +3
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2022-42855 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os macOS +1
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2022-42854 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42853 MEDIUM This Month

An access issue was addressed with improved access restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-42852 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-42851 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Buffer Overflow Ipados Iphone Os +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42850 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Ipados +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-42849 HIGH This Week

An access issue existed with privileged API calls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os Tvos +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-42848 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os Tvos
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-42847 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow macOS
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-42846 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados Iphone Os
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42845 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Ipados +4
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2022-42844 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados Iphone Os
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2022-42843 MEDIUM This Month

This issue was addressed with improved data protection. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-42842 CRITICAL Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Ipados +4
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-42841 HIGH This Week

A type confusion issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Memory Corruption macOS
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-42840 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Ipados +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-42837 CRITICAL Act Now

An issue existed in the parsing of URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-42821 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
5.5
EPSS
3.9%
CVE-2022-42805 HIGH This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Apple Ipados Iphone Os +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-32948 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple RCE Buffer Overflow Ipados +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-32945 MEDIUM This Month

An access issue was addressed with additional sandbox restrictions on third-party apps. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-32943 MEDIUM This Month

The issue was addressed with improved bounds checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Buffer Overflow Ipados Iphone Os +1
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-32942 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple RCE Buffer Overflow macOS
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-32916 MEDIUM This Month

An out-of-bounds read issue existed that led to the disclosure of kernel memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Buffer Overflow Iphone Os
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-32860 HIGH This Week

An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Buffer Overflow Ipados +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-32833 MEDIUM This Month

An issue existed with the file paths used to store website data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari Iphone Os macOS
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-23511 Go MEDIUM PATCH This Month

A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Apple Microsoft Privilege Escalation Cloudwatch Agent
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2022-46828 HIGH This Week

In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Code Injection Intellij Idea
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-46824 HIGH This Week

In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow Intellij Idea
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-4185 MEDIUM This Month

Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-41568 HIGH This Week

LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Line
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-41954 LIB LOW PATCH Monitor

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Mpxj
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-39338 MEDIUM PATCH This Month

user_oidc is an OpenID Connect user backend for Nextcloud. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Apple XSS Openid Connect User Backend
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-38166 HIGH This Week

In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Microsoft Denial Of Service Elements Endpoint Protection
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41946 Maven MEDIUM POC PATCH This Month

pgjdbc is an open source postgresql JDBC Driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Apple Java PostgreSQL Postgresql Jdbc Driver +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-28768 HIGH This Week

The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Meetings
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-28764 LOW Monitor

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Google Meetings +2
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2022-41904 MEDIUM This Month

Element iOS is an iOS Matrix client provided by Element. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Code Injection Element
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-41874 Cargo MEDIUM PATCH This Month

Tauri is a framework for building binaries for all major desktop platforms. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Apple Microsoft Tauri
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2022-38164 MEDIUM This Month

A vulnerability affecting F-Secure SAFE browser for Android and iOS was discovered. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Google Safe
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-38163 LOW Monitor

A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Google Safe
NVD
CVSS 3.1
3.5
EPSS
0.5%
CVE-2022-42832 MEDIUM This Month

A race condition was addressed with improved locking. Rated medium severity (CVSS 6.4). No vendor patch available.

RCE Race Condition Apple Ipados Iphone Os +1
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-42831 MEDIUM This Month

A race condition was addressed with improved locking. Rated medium severity (CVSS 6.4). No vendor patch available.

RCE Race Condition Apple Ipados Iphone Os +1
NVD
CVSS 3.1
6.4
EPSS
0.2%
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +6
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +4
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An information disclosure issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple +5
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +4
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed by enabling hardened runtime. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +4
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A logic issue was addressed with improved state management. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple macOS
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple +6
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A logic issue was addressed with improved state management. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.0 from 4.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Apple SQLi +1
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Google +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Selfwealth
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Selfwealth
NVD GitHub
EPSS 1% CVSS 3.3
LOW POC Monitor

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Microsoft +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Microsoft +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google Mozilla +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Mozilla +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mozilla +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Mozilla +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Microsoft +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The search term could have been specified externally to trigger SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple SQLi Mozilla +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Google +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Apple Ipados +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE +7
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE +7
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft +7
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An out-of-bounds access issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE +7
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A spoofing issue existed in the handling of URLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Ipados +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Microsoft Authentication Bypass +7
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A memory consumption issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE +7
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE +6
NVD
EPSS 45% CVSS 7.0
HIGH POC THREAT Act Now

A race condition was addressed with additional validation. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple +6
NVD
EPSS 35% CVSS 8.8
HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple RCE +8
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved handling of caches. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +4
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed by enabling hardened runtime. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +4
NVD
EPSS 1% CVSS 7.0
HIGH This Week

A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE +7
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Multiple issues were addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +3
NVD
EPSS 9% CVSS 8.8
HIGH KEV THREAT This Week

A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Memory Corruption +5
NVD
EPSS 1% CVSS 7.1
HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An access issue was addressed with improved access restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari +5
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Buffer Overflow +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An access issue existed with privileged API calls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE +6
NVD
EPSS 0% CVSS 8.6
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved data protection. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados +4
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE +6
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A type confusion issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE +4
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue existed in the parsing of URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +3
NVD
EPSS 4% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Apple +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple RCE +4
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An access issue was addressed with additional sandbox restrictions on third-party apps. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

The issue was addressed with improved bounds checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Buffer Overflow +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds read issue existed that led to the disclosure of kernel memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE +4
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An issue existed with the file paths used to store website data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari +2
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Apple Microsoft Privilege Escalation +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Code Injection Intellij Idea
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow Intellij Idea
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Google +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Line
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

user_oidc is an OpenID Connect user backend for Nextcloud. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Apple XSS +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Microsoft Denial Of Service +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

pgjdbc is an open source postgresql JDBC Driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Apple Java +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Meetings
NVD
EPSS 0% CVSS 3.3
LOW Monitor

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Element iOS is an iOS Matrix client provided by Element. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Code Injection Element
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Tauri is a framework for building binaries for all major desktop platforms. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Apple Microsoft +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability affecting F-Secure SAFE browser for Android and iOS was discovered. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Google +1
NVD
EPSS 1% CVSS 3.5
LOW Monitor

A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Google +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

A race condition was addressed with improved locking. Rated medium severity (CVSS 6.4). No vendor patch available.

RCE Race Condition Apple +3
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

A race condition was addressed with improved locking. Rated medium severity (CVSS 6.4). No vendor patch available.

RCE Race Condition Apple +3
NVD
Prev Page 33 of 90 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy