Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41075 | 2024-01-11 | N/A | N/A | ||
| A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-41069 | 2024-01-11 | N/A | N/A | ||
| This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID. | |||||
| CVE-2023-41060 | 2024-01-11 | N/A | N/A | ||
| A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. A remote user may be able to cause kernel code execution. | |||||
| CVE-2023-40529 | 2024-01-11 | N/A | N/A | ||
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information. | |||||
| CVE-2023-40439 | 2024-01-11 | N/A | N/A | ||
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information. | |||||
| CVE-2023-40438 | 2024-01-11 | N/A | N/A | ||
| An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary directory. | |||||
| CVE-2023-40437 | 2024-01-11 | N/A | N/A | ||
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information. | |||||
| CVE-2023-40433 | 2024-01-11 | N/A | N/A | ||
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks. | |||||
| CVE-2023-40414 | 2024-01-11 | N/A | N/A | ||
| A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-40394 | 2024-01-11 | N/A | N/A | ||
| The issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to access sensitive user data. | |||||
| CVE-2023-40393 | 2024-01-11 | N/A | N/A | ||
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication. | |||||
| CVE-2023-40385 | 2024-01-11 | N/A | N/A | ||
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on. | |||||
| CVE-2023-40383 | 2024-01-11 | N/A | N/A | ||
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data. | |||||
| CVE-2023-38612 | 2024-01-11 | N/A | N/A | ||
| The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. An app may be able to access protected user data. | |||||
| CVE-2023-38610 | 2024-01-11 | N/A | N/A | ||
| A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory. | |||||
| CVE-2023-38607 | 2024-01-11 | N/A | N/A | ||
| The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An app may be able to modify Printer settings. | |||||
| CVE-2023-32436 | 2024-01-11 | N/A | N/A | ||
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory. | |||||
| CVE-2023-32424 | 2024-01-11 | N/A | N/A | ||
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | |||||
| CVE-2023-32401 | 2024-01-11 | N/A | N/A | ||
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-32383 | 2024-01-11 | N/A | N/A | ||
| This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode. | |||||
| CVE-2023-32378 | 2024-01-11 | N/A | N/A | ||
| A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-32366 | 2024-01-11 | N/A | N/A | ||
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. Processing a font file may lead to arbitrary code execution. | |||||
| CVE-2023-28197 | 2024-01-11 | N/A | N/A | ||
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data. | |||||
| CVE-2023-28185 | 2024-01-11 | N/A | N/A | ||
| An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a denial-of-service. | |||||
| CVE-2022-48577 | 2024-01-11 | N/A | N/A | ||
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. | |||||
| CVE-2022-48504 | 2024-01-11 | N/A | N/A | ||
| The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. | |||||
| CVE-2022-47965 | 2024-01-11 | N/A | N/A | ||
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-47915 | 2024-01-11 | N/A | N/A | ||
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-46721 | 2024-01-11 | N/A | N/A | ||
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-46710 | 2024-01-11 | N/A | N/A | ||
| A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share Sheet. | |||||
| CVE-2022-42839 | 2024-01-11 | N/A | N/A | ||
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to read sensitive location information. | |||||
| CVE-2022-42816 | 2024-01-11 | N/A | N/A | ||
| A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system. | |||||
| CVE-2022-32931 | 2024-01-11 | N/A | N/A | ||
| This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information. | |||||
| CVE-2022-32919 | 2024-01-11 | N/A | N/A | ||
| The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing. | |||||
| CVE-2023-51127 | 2024-01-11 | N/A | N/A | ||
| FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file. | |||||
| CVE-2023-51126 | 2024-01-11 | N/A | N/A | ||
| Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. | |||||
| CVE-2023-29447 | 2024-01-11 | N/A | N/A | ||
| An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication. | |||||
| CVE-2023-29446 | 2024-01-11 | N/A | N/A | ||
| An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline. | |||||
| CVE-2023-29445 | 2024-01-11 | N/A | N/A | ||
| An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. | |||||
| CVE-2022-45793 | 2024-01-11 | N/A | N/A | ||
| [PROBLEMTYPE] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT]. | |||||
| CVE-2023-31488 | 2024-01-11 | N/A | N/A | ||
| Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fault and execute arbitrary code via a crafted document. | |||||
| CVE-2023-50916 | 2024-01-11 | N/A | N/A | ||
| Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path via the GUI is rejected due to the use of a \ (backslash) character, which is supposed to be disallowed in a pathname. Intercepting and modifying this request via a proxy, or sending the request directly to the application endpoint, allows UNC paths to be set for the backup location. Once such a location is set, Kyocera Device Manager attempts to confirm access and will try to authenticate to the UNC path; depending on the configuration of the environment, this may authenticate to the UNC with Windows NTLM hashes. This could allow NTLM credential relaying or cracking attacks. | |||||
| CVE-2023-48783 | 2024-01-11 | N/A | N/A | ||
| An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests. | |||||
| CVE-2023-46712 | 2024-01-11 | N/A | N/A | ||
| A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests. | |||||
| CVE-2023-44250 | 2024-01-11 | N/A | N/A | ||
| An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests. | |||||
| CVE-2023-37934 | 2024-01-11 | N/A | N/A | ||
| An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency. | |||||
| CVE-2023-37932 | 2024-01-11 | N/A | N/A | ||
| An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests | |||||
| CVE-2023-29444 | 2024-01-11 | N/A | N/A | ||
| An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution. | |||||
| CVE-2024-22165 | 2024-01-10 | N/A | N/A | ||
| In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.<br>The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users. | |||||
| CVE-2024-22164 | 2024-01-10 | N/A | N/A | ||
| In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible. | |||||