Total
4794 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47106 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | N/A | 5.5 MEDIUM |
| InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-30317 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | N/A | 7.8 HIGH |
| InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-42865 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-06-16 | N/A | 6.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory. | |||||
| CVE-2023-42830 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-16 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information. | |||||
| CVE-2023-42829 | 1 Apple | 1 Macos | 2025-06-16 | N/A | 5.5 MEDIUM |
| The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases. | |||||
| CVE-2023-32401 | 1 Apple | 1 Macos | 2025-06-16 | N/A | 7.8 HIGH |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-41077 | 1 Apple | 1 Macos | 2025-06-12 | N/A | 5.5 MEDIUM |
| An app may be able to access protected user data. This issue is fixed in macOS Sonoma 14, macOS Ventura 13.6.1. The issue was addressed with improved checks. | |||||
| CVE-2023-40425 | 1 Apple | 1 Macos | 2025-06-12 | N/A | 4.4 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14, macOS Monterey 12.7.1. An app with root privileges may be able to access private information. | |||||
| CVE-2023-42833 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-06-11 | N/A | 8.8 HIGH |
| A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-40439 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-11 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information. | |||||
| CVE-2024-22251 | 2 Apple, Vmware | 3 Macos, Fusion, Workstation | 2025-06-10 | N/A | 5.9 MEDIUM |
| VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure. | |||||
| CVE-2023-42983 | 1 Apple | 1 Macos | 2025-06-09 | N/A | 6.4 MEDIUM |
| Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks. | |||||
| CVE-2022-29458 | 3 Apple, Debian, Gnu | 3 Macos, Debian Linux, Ncurses | 2025-06-09 | 5.8 MEDIUM | 7.1 HIGH |
| ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. | |||||
| CVE-2021-22945 | 8 Apple, Debian, Fedoraproject and 5 more | 25 Macos, Debian Linux, Fedora and 22 more | 2025-06-09 | 5.8 MEDIUM | 9.1 CRITICAL |
| When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. | |||||
| CVE-2024-23746 | 2 Apple, Miro | 2 Macos, Miro | 2025-06-04 | N/A | 9.8 CRITICAL |
| Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents). | |||||
| CVE-2024-23741 | 2 Apple, Vercel | 2 Macos, Hyper | 2025-06-03 | N/A | 9.8 CRITICAL |
| An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. | |||||
| CVE-2024-31952 | 2 Apple, Samsung | 2 Macos, Magician | 2025-06-03 | N/A | 6.7 MEDIUM |
| An issue was discovered in Samsung Magician 8.0.0 on macOS. Because symlinks are used during the installation process, an attacker can escalate privileges via arbitrary file permission writes. (The attacker must already have user privileges, and an administrator password must be entered during the program installation stage for privilege escalation.) | |||||
| CVE-2024-31953 | 2 Apple, Samsung | 2 Macos, Magician | 2025-06-03 | N/A | 6.7 MEDIUM |
| An issue was discovered in Samsung Magician 8.0.0 on macOS. Because it is possible to tamper with the directory and executable files used during the installation process, an attacker can escalate privileges through arbitrary code execution. (The attacker must already have user privileges, and an administrator password must be entered during the program installation stage for privilege escalation.) | |||||
| CVE-2023-42866 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-06-03 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-42831 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-03 | N/A | 5.5 MEDIUM |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user. | |||||