‼ CVE-2023-41232 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.7, iOS 17 and iPadOS 17, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. An app may be able to disclose kernel memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44017 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39233 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may disclose sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44207 ‼
📖 Read
via "National Vulnerability Database".
Stored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40520 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40417 ‼
📖 Read
via "National Vulnerability Database".
A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41984 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44169 ‼
📖 Read
via "National Vulnerability Database".
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43331 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41073 ‼
📖 Read
via "National Vulnerability Database".
An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access protected user data.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40441 ‼
📖 Read
via "National Vulnerability Database".
A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40420 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44042 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5176 ‼
📖 Read
via "National Vulnerability Database".
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32377 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44155 ‼
📖 Read
via "National Vulnerability Database".
Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40456 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41996 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40419 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to gain elevated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32458 ‼
📖 Read
via "National Vulnerability Database".
Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4129 ‼
📖 Read
via "National Vulnerability Database".
Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.📖 Read
via "National Vulnerability Database".