Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): macos
- Search Type: Search All
- Match: Exact
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-27791 |
The issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, tvOS 17.3, macOS Ventura 13.6.4, iOS 16.7.5 and iPadOS 16.7.5, macOS Monterey 12.7.3, macOS Sonoma 14.3. An app may be able to corrupt coprocessor memory. Published: April 24, 2024; 1:15:47 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-23271 |
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior. Published: April 24, 2024; 1:15:47 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27247 |
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access. Published: April 09, 2024; 2:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-42974 |
A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code with kernel privileges. Published: March 28, 2024; 12:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-42956 |
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. Published: March 28, 2024; 12:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-42950 |
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. Published: March 28, 2024; 12:15:08 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-42947 |
A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox. Published: March 28, 2024; 12:15:08 PM -0400 |
V3.1: 8.6 HIGH V2.0:(not available) |
CVE-2023-42936 |
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data. Published: March 28, 2024; 12:15:08 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-42931 |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication. Published: March 28, 2024; 12:15:08 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-42930 |
This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. An app may be able to modify protected parts of the file system. Published: March 28, 2024; 12:15:08 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-42913 |
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions. Published: March 28, 2024; 12:15:08 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-42896 |
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected parts of the file system. Published: March 28, 2024; 12:15:07 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-42893 |
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected user data. Published: March 28, 2024; 12:15:07 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-42892 |
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A local attacker may be able to elevate their privileges. Published: March 28, 2024; 12:15:07 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-40390 |
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data. Published: March 28, 2024; 12:15:07 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-1933 |
Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink. Published: March 26, 2024; 9:15:45 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28183 |
ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use (TOCTOU) vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass anti-rollback protection. Anti-rollback prevents rollback to application with security version lower than one programmed in eFuse of chip. This attack can allow to boot past (passive) application partition having lower security version of the same device even in the presence of the flash encryption scheme. The attack requires carefully modifying the flash contents after the anti-rollback checks have been performed by the bootloader (before loading the application). The vulnerability is fixed in 4.4.7 and 5.2.1. Published: March 25, 2024; 11:15:52 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-23755 |
ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode. Published: March 23, 2024; 6:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-42920 |
Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS. Published: March 19, 2024; 1:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2537 |
Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion. Published: March 15, 2024; 2:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |