Search
Total
665 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41991 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-01-10 | N/A | 5.5 MEDIUM |
| A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. | |||||
| CVE-2023-28204 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-01-05 | N/A | 6.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. | |||||
| CVE-2023-38133 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-01-05 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information. | |||||
| CVE-2023-42916 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-01-05 | N/A | 6.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. | |||||
| CVE-2023-38599 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-01-05 | N/A | 6.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information. | |||||
| CVE-2023-45866 | 6 Apple, Bluproducts, Canonical and 3 more | 16 Ipad Os, Iphone Os, Iphone Se and 13 more | 2024-01-05 | N/A | 6.3 MEDIUM |
| Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. | |||||
| CVE-2021-38642 | 2 Apple, Microsoft | 2 Iphone Os, Edge | 2023-12-28 | 4.0 MEDIUM | 6.1 MEDIUM |
| Microsoft Edge for iOS Spoofing Vulnerability | |||||
| CVE-2022-46705 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2023-12-28 | N/A | 4.3 MEDIUM |
| A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2022-46725 | 1 Apple | 2 Ipados, Iphone Os | 2023-12-27 | N/A | 4.3 MEDIUM |
| A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2023-42883 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2023-12-19 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service. | |||||
| CVE-2023-42914 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-14 | N/A | 6.3 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to break out of its sandbox. | |||||
| CVE-2023-42919 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-12-14 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to access sensitive user data. | |||||
| CVE-2023-42922 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-12-14 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to read sensitive location information. | |||||
| CVE-2023-42898 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-13 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing an image may lead to arbitrary code execution. | |||||
| CVE-2023-42923 | 1 Apple | 2 Ipados, Iphone Os | 2023-12-13 | N/A | 5.3 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in iOS 17.2 and iPadOS 17.2. Private Browsing tabs may be accessed without authentication. | |||||
| CVE-2023-42897 | 1 Apple | 2 Ipados, Iphone Os | 2023-12-13 | N/A | 4.6 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker with physical access may be able to use Siri to access sensitive user data. | |||||
| CVE-2023-42884 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2023-12-13 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. An app may be able to disclose kernel memory. | |||||
| CVE-2023-41983 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2023-12-07 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service. | |||||
| CVE-2022-4185 | 2 Apple, Google | 2 Iphone Os, Chrome | 2023-11-25 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-28200 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-11-17 | N/A | 5.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory. | |||||
| CVE-2023-38131 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 6.5 MEDIUM |
| Improper input validationation for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access. | |||||
| CVE-2023-39411 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 4.4 MEDIUM |
| Improper input validationation for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2023-22290 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 6.5 MEDIUM |
| Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access. | |||||
| CVE-2022-46299 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 5.5 MEDIUM |
| Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-46301 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 4.4 MEDIUM |
| Improper Initialization for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-46647 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 5.5 MEDIUM |
| Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-46646 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 5.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-46298 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 4.4 MEDIUM |
| Incomplete cleanup for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-43477 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 5.5 MEDIUM |
| Incomplete cleanup for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-43666 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 5.5 MEDIUM |
| Exposure of sensitive system information due to uncleared debug information for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-45109 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2023-11-17 | N/A | 5.5 MEDIUM |
| Improper initialization for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-4359 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Iphone Os, Debian Linux, Fedora and 1 more | 2023-08-24 | N/A | 5.3 MEDIUM |
| Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-22655 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-08-18 | N/A | 5.5 MEDIUM |
| An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4. An app may be able to leak sensitive user information. | |||||
| CVE-2021-30947 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-08-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user's files. | |||||
| CVE-2021-30988 | 1 Apple | 2 Ipados, Iphone Os | 2023-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to identify what other applications a user has installed. | |||||
| CVE-2022-22588 | 1 Apple | 2 Ipados, Iphone Os | 2023-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a denial of service. | |||||
| CVE-2021-30944 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Description: A logic issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious app may be able to access data from other apps by enabling additional logging. | |||||
| CVE-2022-32883 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information. | |||||
| CVE-2022-22652 | 1 Apple | 2 Ipados, Iphone Os | 2023-08-08 | 3.6 LOW | 6.1 MEDIUM |
| The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen. | |||||
| CVE-2022-22622 | 1 Apple | 2 Ipados, Iphone Os | 2023-08-08 | 2.1 LOW | 4.6 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. | |||||
| CVE-2022-42793 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-08-08 | N/A | 5.5 MEDIUM |
| An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. An app may be able to bypass code signing checks. | |||||
| CVE-2022-32854 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences. | |||||
| CVE-2021-30898 | 1 Apple | 2 Ipados, Iphone Os | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions on third party applications. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to access some of the user's Apple ID information, or recent in-app search terms. | |||||
| CVE-2022-22621 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-08-08 | 2.1 LOW | 4.6 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. | |||||
| CVE-2021-31001 | 1 Apple | 2 Ipados, Iphone Os | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| An access issue was addressed with improved access restrictions. This issue is fixed in iOS 15 and iPadOS 15. An attacker in a privileged network position may be able to leak sensitive user information. | |||||
| CVE-2021-30998 | 1 Apple | 2 Ipados, Iphone Os | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A S/MIME issue existed in the handling of encrypted email. This issue was addressed with improved selection of the encryption certificate. This issue is fixed in iOS 15.2 and iPadOS 15.2. A sender's email address may be leaked when sending an S/MIME encrypted email using a certificate with more than one email address. | |||||
| CVE-2022-32844 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2023-08-08 | N/A | 6.3 MEDIUM |
| A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication. | |||||
| CVE-2022-42843 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. A user may be able to view sensitive user information. | |||||
| CVE-2022-32945 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-08-08 | N/A | 4.3 MEDIUM |
| An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods. | |||||
| CVE-2022-22589 | 1 Apple | 7 Ipados, Iphone Os, Mac Os X and 4 more | 2023-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. | |||||