Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44191 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-03-25 | N/A | 5.5 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. An app may gain unauthorized access to Bluetooth. | |||||
| CVE-2024-44125 | 1 Apple | 1 Macos | 2025-03-25 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to leak sensitive user information. | |||||
| CVE-2024-40844 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-25 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to observe data displayed to the user by Shortcuts. | |||||
| CVE-2024-40801 | 1 Apple | 1 Macos | 2025-03-25 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected user data. | |||||
| CVE-2024-40797 | 1 Apple | 1 Macos | 2025-03-25 | N/A | 6.1 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Visiting a malicious website may lead to user interface spoofing. | |||||
| CVE-2024-27882 | 1 Apple | 1 Macos | 2025-03-25 | N/A | 4.4 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system. | |||||
| CVE-2024-40790 | 1 Apple | 1 Visionos | 2025-03-25 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved handling of caches. This issue is fixed in visionOS 2. An app may be able to read sensitive data from the GPU memory. | |||||
| CVE-2018-20072 | 1 Google | 1 Chrome | 2025-03-25 | N/A | 7.8 HIGH |
| Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low) | |||||
| CVE-2024-36066 | 1 Keyfactor | 1 Ejbca | 2025-03-25 | N/A | 3.1 LOW |
| The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for message integrity and authentication (the other option is certificate-based). RFC 4211 section 4.4 requires that password-based MAC parameters use a salt with a random value of at least 8 octets. This helps to inhibit dictionary attacks. Because the standalone CMP client originally was developed as test code, the salt was instead hardcoded and only 6 octets long. | |||||
| CVE-2024-27807 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-25 | N/A | 4.3 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An app may be able to circumvent App Privacy Report logging. | |||||
| CVE-2024-40795 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-25 | N/A | 3.3 LOW |
| This issue was addressed with improved data protection. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to read sensitive location information. | |||||
| CVE-2025-2220 | 1 Odysseyautomation | 1 Odyssey Cms | 2025-03-25 | N/A | 7.8 HIGH |
| A vulnerability was found in Odyssey CMS up to 10.34. It has been classified as problematic. Affected is an unknown function of the file /modules/odyssey_contact_form/odyssey_contact_form.php of the component reCAPTCHA Handler. The manipulation of the argument g-recaptcha-response leads to key management error. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-27877 | 1 Apple | 1 Macos | 2025-03-25 | N/A | 6.1 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents. | |||||
| CVE-2024-27863 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-03-25 | N/A | 5.5 MEDIUM |
| An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to determine kernel memory layout. | |||||
| CVE-2024-23784 | 1 Sharp | 4 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 1 more | 2025-03-25 | N/A | 6.5 MEDIUM |
| Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page of the affected product. | |||||
| CVE-2024-23237 | 1 Apple | 1 Macos | 2025-03-25 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause a denial-of-service. | |||||
| CVE-2024-27845 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-25 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.5 and iPadOS 17.5. An app may be able to access Notes attachments. | |||||
| CVE-2024-24051 | 1 Monoprice | 2 Select Mini 3d Printer V2, Select Mini 3d Printer V2 Firmware | 2025-03-25 | N/A | 5.5 MEDIUM |
| Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device's movable parts to destinations that exceed the devices' maximum coordinates via the printing of a malicious .gcode file. | |||||
| CVE-2024-36446 | 1 Mitel | 1 Mivoice Mx-one | 2025-03-25 | N/A | 8.8 HIGH |
| The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successful exploit could allow an attacker to bypass the authorization schema. | |||||
| CVE-2023-42949 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-25 | N/A | 3.3 LOW |
| This issue was addressed with improved data protection. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to access edited photos saved to a temporary directory. | |||||