Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Filtered by product Macos
Total 2350 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-22238 3 Adobe, Apple, Microsoft 3 After Effects, Macos, Windows 2023-02-24 N/A 7.8 HIGH
After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-22239 3 Adobe, Apple, Microsoft 3 After Effects, Macos, Windows 2023-02-24 N/A 7.8 HIGH
After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-22231 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2023-02-24 N/A 5.5 MEDIUM
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-22237 3 Adobe, Apple, Microsoft 3 After Effects, Macos, Windows 2023-02-24 N/A 7.8 HIGH
After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-22228 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2023-02-24 N/A 7.8 HIGH
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-22229 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2023-02-24 N/A 7.8 HIGH
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-22226 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2023-02-24 N/A 7.8 HIGH
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-22230 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2023-02-24 N/A 7.8 HIGH
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-22227 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2023-02-24 N/A 7.8 HIGH
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-21583 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2023-02-24 N/A 5.5 MEDIUM
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-21575 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2023-02-24 N/A 7.8 HIGH
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-21576 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2023-02-24 N/A 7.8 HIGH
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-21578 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2023-02-24 N/A 5.5 MEDIUM
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-21577 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2023-02-24 N/A 5.5 MEDIUM
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-21574 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2023-02-24 N/A 7.8 HIGH
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-42818 1 Apple 1 Macos 2023-02-23 N/A 5.9 MEDIUM
This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity.
CVE-2022-40304 3 Apple, Netapp, Xmlsoft 22 Ipados, Iphone Os, Macos and 19 more 2023-02-23 N/A 7.8 HIGH
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
CVE-2023-0575 4 Apple, Linux, Microsoft and 1 more 5 Iphone Os, Macos, Linux Kernel and 2 more 2023-02-17 N/A 9.8 CRITICAL
External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.
CVE-2022-29181 2 Apple, Nokogiri 2 Macos, Nokogiri 2023-02-15 6.4 MEDIUM 8.2 HIGH
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.
CVE-2022-24836 4 Apple, Debian, Fedoraproject and 1 more 4 Macos, Debian Linux, Fedora and 1 more 2023-02-15 5.0 MEDIUM 7.5 HIGH
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.