Total
4503 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29913 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2023-10-18 | N/A | 7.1 HIGH |
| IBM Security Verify Privilege On-Premise 11.5 could allow an authenticated user to obtain sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 207898. | |||||
| CVE-2022-22375 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2023-10-18 | N/A | 8.8 HIGH |
| IBM Security Verify Privilege On-Premises 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 221681. | |||||
| CVE-2022-22384 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2023-10-18 | N/A | 4.3 MEDIUM |
| IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to modify messages returned from the server due to hazardous input validation. IBM X-Force ID: 221961. | |||||
| CVE-2021-20581 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2023-10-18 | N/A | 4.3 MEDIUM |
| IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 199324. | |||||
| CVE-2022-22377 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2023-10-18 | N/A | 5.3 MEDIUM |
| IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 221827. | |||||
| CVE-2023-43611 | 2 Apple, F5 | 20 Macos, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 17 more | 2023-10-18 | N/A | 7.8 HIGH |
| The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2023-5450 | 2 Apple, F5 | 2 Macos, Big-ip Access Policy Manager | 2023-10-18 | N/A | 7.8 HIGH |
| An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-26370 | 3 Adobe, Apple, Microsoft | 5 Photoshop 2022, Photoshop 2023, Photoshop 2024 and 2 more | 2023-10-14 | N/A | 7.8 HIGH |
| Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-38217 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2023-10-14 | N/A | 5.5 MEDIUM |
| Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-38216 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2023-10-13 | N/A | 5.5 MEDIUM |
| Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-41067 | 1 Apple | 1 Macos | 2023-10-12 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks. | |||||
| CVE-2023-41066 | 1 Apple | 1 Macos | 2023-10-12 | N/A | 5.5 MEDIUM |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to unexpectedly leak a user's credentials from secure text fields. | |||||
| CVE-2023-41065 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-10-12 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to read sensitive location information. | |||||
| CVE-2023-40541 | 1 Apple | 1 Macos | 2023-10-12 | N/A | 5.5 MEDIUM |
| This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14. A shortcut may output sensitive user data without consent. | |||||
| CVE-2023-40450 | 1 Apple | 1 Macos | 2023-10-12 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks. | |||||
| CVE-2023-40441 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-10-12 | N/A | 6.5 MEDIUM |
| A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service. | |||||
| CVE-2023-40434 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-10-12 | N/A | 3.3 LOW |
| A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user's Photos Library. | |||||
| CVE-2023-40424 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2023-10-12 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data. | |||||
| CVE-2023-40426 | 1 Apple | 1 Macos | 2023-10-12 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences. | |||||
| CVE-2023-40417 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-10-12 | N/A | 5.4 MEDIUM |
| A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing. | |||||