Macos Security Vulnerabilities and Issues — Macos CVE List

Lucene search

AppleMacos

425 matches found

CVE•added 2023/12/18 4:15 p.m.•3810 views

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connecti...

5.9CVSS6.7AI score0.67991EPSS

CVE•added 2023/06/23 6:15 p.m.•1772 views

CVE-2023-32373

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is awa...

8.8CVSS8.6AI score0.00014EPSS

CVE•added 2023/06/23 6:15 p.m.•1745 views

CVE-2023-28204

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this...

6.5CVSS6.6AI score0.00046EPSS

CVE•added 2023/06/23 6:15 p.m.•1631 views

CVE-2023-32409

The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue ...

8.6CVSS7.7AI score0.00354EPSS

CVE•added 2023/01/18 5:15 p.m.•1135 views

CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affect...

7.8CVSS7.7AI score0.50157EPSS

CVE•added 2023/06/23 6:15 p.m.•1133 views

CVE-2023-32367

This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data.

5.5CVSS4.9AI score0.00039EPSS

CVE•added 2023/07/27 12:15 a.m.•1050 views

CVE-2023-37450

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

8.8CVSS8.5AI score0.00016EPSS

CVE•added 2023/02/27 8:15 p.m.•1038 views

CVE-2023-23529

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issu...

8.8CVSS8.6AI score0.00065EPSS

CVE•added 2023/06/23 6:15 p.m.•1020 views

CVE-2023-27930

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.5AI score0.00054EPSS

CVE•added 2023/06/23 6:15 p.m.•931 views

CVE-2023-32434

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with ker...

7.8CVSS7.9AI score0.82398EPSS

CVE•added 2023/06/23 6:15 p.m.•811 views

CVE-2023-32388

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.

5.5CVSS5.7AI score0.00011EPSS

CVE•added 2023/04/10 7:15 p.m.•774 views

CVE-2023-28206

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with kernel privileges. Apple...

8.6CVSS8.2AI score0.2485EPSS

CVE•added 2023/06/23 6:15 p.m.•762 views

CVE-2023-32369

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.

6CVSS5.9AI score0.00028EPSS

CVE•added 2023/02/09 8:15 p.m.•759 views

CVE-2022-43552

A use after free vulnerability exists in curl

5.9CVSS6.2AI score0.00102EPSS

CVE•added 2023/04/10 7:15 p.m.•747 views

CVE-2023-28205

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report t...

8.8CVSS8.8AI score0.00111EPSS

CVE•added 2023/06/05 10:15 p.m.•728 views

CVE-2023-3079

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.6AI score0.00526EPSS

CVE•added 2023/06/23 6:15 p.m.•720 views

CVE-2023-32435

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have be...

8.8CVSS8.8AI score0.00912EPSS

CVE•added 2023/06/23 6:15 p.m.•703 views

CVE-2023-32439

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this is...

8.8CVSS8.6AI score0.00689EPSS

CVE•added 2023/07/27 12:15 a.m.•701 views

CVE-2023-38606

This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a r...

5.5CVSS5.4AI score0.00166EPSS

CVE•added 2023/09/21 7:15 p.m.•624 views

CVE-2023-41993

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

8.8CVSS8.8AI score0.08952EPSS

CVE•added 2023/06/23 6:15 p.m.•596 views

CVE-2023-32412

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termina...

9.8CVSS8.8AI score0.01001EPSS

CVE•added 2023/06/23 6:15 p.m.•585 views

CVE-2023-32400

This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.

5.5CVSS5AI score0.0002EPSS

CVE•added 2023/06/23 6:15 p.m.•577 views

CVE-2023-32371

The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox.

6.3CVSS5.4AI score0.00028EPSS

CVE•added 2023/07/27 1:15 a.m.•551 views

CVE-2023-38572

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy.

7.5CVSS6.7AI score0.00345EPSS

CVE•added 2023/02/27 8:15 p.m.•547 views

CVE-2022-22668

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A malicious application may be able to leak sensitive user information.

5.5CVSS4AI score0.00043EPSS

CVE•added 2023/12/08 6:15 a.m.•546 views

CVE-2023-45866

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such acce...

6.3CVSS6.9AI score0.29778EPSS

CVE•added 2023/07/27 1:15 a.m.•537 views

CVE-2023-38611

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.

8.8CVSS8.3AI score0.00992EPSS

CVE•added 2023/07/27 12:15 a.m.•531 views

CVE-2023-38133

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information.

6.5CVSS6.2AI score0.00333EPSS

CVE•added 2023/07/27 12:15 a.m.•522 views

CVE-2023-38594

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.

8.8CVSS8.3AI score0.0045EPSS

CVE•added 2023/07/27 12:15 a.m.•512 views

CVE-2023-38597

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

8.8CVSS8.3AI score0.00536EPSS

CVE•added 2023/07/27 1:15 a.m.•512 views

CVE-2023-38600

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.

8.8CVSS8.3AI score0.01019EPSS

CVE•added 2023/07/27 1:15 a.m.•504 views

CVE-2023-38595

8.8CVSS8.3AI score0.00992EPSS

CVE•added 2023/05/08 8:15 p.m.•499 views

CVE-2023-27969

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.1AI score0.00071EPSS

CVE•added 2023/02/27 8:15 p.m.•498 views

CVE-2022-22582

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files.

5.5CVSS4.5AI score0.03054EPSS

CVE•added 2023/05/08 8:15 p.m.•453 views

CVE-2023-27954

The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information.

6.5CVSS6.3AI score0.00192EPSS

CVE•added 2023/06/23 6:15 p.m.•448 views

CVE-2023-32360

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.

5.5CVSS5AI score0.00038EPSS

CVE•added 2023/12/19 10:15 p.m.•447 views

CVE-2023-42940

A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content.

5.7CVSS4.6AI score0.00156EPSS

CVE•added 2023/09/04 2:15 p.m.•425 views

CVE-2023-4733

Use After Free in GitHub repository vim/vim prior to 9.0.1840.

7.8CVSS7.4AI score0.00036EPSS

CVE•added 2023/07/28 5:15 a.m.•412 views

CVE-2023-38599

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.

6.5CVSS6AI score0.00362EPSS

CVE•added 2023/09/02 6:15 p.m.•410 views

CVE-2023-4734

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.

7.8CVSS7.7AI score0.00036EPSS

CVE•added 2023/09/02 8:15 p.m.•407 views

CVE-2023-4738

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.

7.8CVSS7.7AI score0.00041EPSS

CVE•added 2023/09/07 6:15 p.m.•396 views

CVE-2023-41064

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Ap...

7.8CVSS7.1AI score0.92609EPSS

CVE•added 2023/07/28 5:15 a.m.•395 views

CVE-2023-38592

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.

8.8CVSS8.2AI score0.00727EPSS

CVE•added 2023/11/30 11:15 p.m.•393 views

CVE-2023-42917

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against ver...

8.8CVSS8.8AI score0.0003EPSS

CVE•added 2023/09/21 7:15 p.m.•388 views

CVE-2023-41991

A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

5.5CVSS6.3AI score0.06728EPSS

CVE•added 2023/02/27 8:15 p.m.•382 views

CVE-2023-23518

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.4AI score0.00169EPSS

CVE•added 2023/09/21 7:15 p.m.•381 views

CVE-2023-41992

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS befor...

7.8CVSS7.1AI score0.0037EPSS

CVE•added 2023/02/27 8:15 p.m.•367 views

CVE-2023-23517

8.8CVSS8.4AI score0.00169EPSS

CVE•added 2023/09/02 6:15 p.m.•363 views

CVE-2023-4735

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.

7.8CVSS6.2AI score0.00027EPSS

CVE•added 2023/02/27 8:15 p.m.•360 views

CVE-2023-23499

This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. An app may be able to access user-sensitive data.

5.5CVSS4.5AI score0.0004EPSS

Total number of security vulnerabilities425