Total
861 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-22668 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-03-08 | N/A | 5.5 MEDIUM |
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A malicious application may be able to leak sensitive user information. | |||||
CVE-2022-32855 | 1 Apple | 2 Ipados, Iphone Os | 2023-03-08 | N/A | 5.5 MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6. A user may be able to view restricted content from the lock screen. | |||||
CVE-2022-32824 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2023-03-08 | N/A | 5.5 MEDIUM |
The issue was addressed with improved memory handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory. | |||||
CVE-2022-42826 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2023-03-07 | N/A | 8.8 HIGH |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
CVE-2022-32949 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2023-03-07 | N/A | 7.8 HIGH |
This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2022-32844 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2023-03-07 | N/A | 6.3 MEDIUM |
A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication. | |||||
CVE-2022-32830 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2023-03-07 | N/A | 7.5 HIGH |
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.6, iOS 15.6 and iPadOS 15.6. Processing a maliciously crafted image may lead to disclosure of user information. | |||||
CVE-2022-32784 | 1 Apple | 3 Ipados, Iphone Os, Safari | 2023-03-07 | N/A | 6.5 MEDIUM |
The issue was addressed with improved UI handling. This issue is fixed in Safari 15.6, iOS 15.6 and iPadOS 15.6. Visiting a maliciously crafted website may leak sensitive data. | |||||
CVE-2022-26760 | 1 Apple | 2 Ipados, Iphone Os | 2023-03-07 | N/A | 9.8 CRITICAL |
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A malicious application may be able to elevate privileges. | |||||
CVE-2023-23511 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-03-03 | N/A | 5.5 MEDIUM |
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences. | |||||
CVE-2023-23512 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-03-03 | N/A | 6.5 MEDIUM |
The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, iOS 16.3 and iPadOS 16.3, watchOS 9.3. Visiting a website may lead to an app denial-of-service. | |||||
CVE-2019-14899 | 4 Apple, Freebsd, Linux and 1 more | 8 Ipados, Iphone Os, Mac Os X and 5 more | 2023-03-01 | 4.9 MEDIUM | 7.4 HIGH |
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. | |||||
CVE-2022-40304 | 3 Apple, Netapp, Xmlsoft | 22 Ipados, Iphone Os, Macos and 19 more | 2023-02-23 | N/A | 7.8 HIGH |
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. | |||||
CVE-2013-0340 | 3 Apple, Libexpat Project, Python | 7 Ipados, Iphone Os, Macos and 4 more | 2023-02-12 | 6.8 MEDIUM | N/A |
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. | |||||
CVE-2022-26757 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2023-01-31 | 9.3 HIGH | 7.8 HIGH |
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2021-31000 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-01-24 | 4.3 MEDIUM | 3.3 LOW |
A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be able to read sensitive contact information. | |||||
CVE-2013-0899 | 6 Apple, Google, Linux and 3 more | 9 Ipados, Iphone Os, Mac Os X and 6 more | 2023-01-23 | 5.0 MEDIUM | N/A |
Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet. | |||||
CVE-2022-42855 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2023-01-23 | N/A | 7.1 HIGH |
A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements. | |||||
CVE-2022-26981 | 3 Apple, Fedoraproject, Liblouis | 7 Ipados, Iphone Os, Macos and 4 more | 2023-01-13 | 6.8 MEDIUM | 7.8 HIGH |
Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). | |||||
CVE-2022-32849 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2023-01-12 | N/A | 5.5 MEDIUM |
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information. |