๐จ CVE-2023-28058
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
๐@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
๐@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
๐จ CVE-2023-28036
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
๐@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
๐@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
๐จ CVE-2023-28034
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
๐@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
๐@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
๐จ CVE-2023-28031
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
๐@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
๐@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
๐จ CVE-2023-28027
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
๐@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
๐@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
๐จ CVE-2023-3381
A vulnerability classified as problematic was found in SourceCodester Online School Fees System 1.0. Affected by this vulnerability is an unknown functionality of the file /paysystem/datatable.php of the component GET Parameter Handler. The manipulation of the argument doj leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-232237 was assigned to this vulnerability.
๐@cveNotify
A vulnerability classified as problematic was found in SourceCodester Online School Fees System 1.0. Affected by this vulnerability is an unknown functionality of the file /paysystem/datatable.php of the component GET Parameter Handler. The manipulation of the argument doj leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-232237 was assigned to this vulnerability.
๐@cveNotify
GitHub
CVEReport/XSS2.md at main ยท M9KJ-TEAM/CVEReport
Contribute to M9KJ-TEAM/CVEReport development by creating an account on GitHub.
๐จ CVE-2022-46718
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information
๐@cveNotify
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information
๐@cveNotify
Apple Support
About the security content of iOS 15.7.2 and iPadOS 15.7.2
This document describes the security content of iOS 15.7.2 and iPadOS 15.7.2.
๐จ CVE-2022-42834
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression
๐@cveNotify
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression
๐@cveNotify
Apple Support
About the security content of macOS Ventura 13
This document describes the security content of macOS Ventura 13.
๐จ CVE-2022-42792
This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information
๐@cveNotify
This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information
๐@cveNotify
Apple Support
About the security content of iOS 16.1 and iPadOS 16
This document describes the security content of iOS 16.1 and iPadOS 16.
๐จ CVE-2022-42807
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key
๐@cveNotify
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key
๐@cveNotify
Apple Support
About the security content of macOS Ventura 13
This document describes the security content of macOS Ventura 13.
๐จ CVE-2022-22630
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution
๐@cveNotify
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution
๐@cveNotify
Apple Support
About the security content of macOS Big Sur 11.6.6
This document describes the security content of macOS Big Sur 11.6.6.
๐จ CVE-2023-32371
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox
๐@cveNotify
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox
๐@cveNotify
Apple Support
About the security content of iOS 16.5 and iPadOS 16.5
This document describes the security content of iOS 16.5 and iPadOS 16.5.
๐จ CVE-2023-32363
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences
๐@cveNotify
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences
๐@cveNotify
Apple Support
About the security content of macOS Ventura 13.4
This document describes the security content of macOS Ventura 13.4.
๐จ CVE-2023-32352
A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may bypass Gatekeeper checks
๐@cveNotify
A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may bypass Gatekeeper checks
๐@cveNotify
Apple Support
About the security content of macOS Big Sur 11.7.7
This document describes the security content of macOS Big Sur 11.7.7.
๐จ CVE-2023-28204
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.
๐@cveNotify
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.
๐@cveNotify
Apple Support
About the security content of Safari 16.5
This document describes the security content of Safari 16.5.
๐จ CVE-2023-32400
This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Entitlements and privacy permissions granted to this app may be used by a malicious app
๐@cveNotify
This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Entitlements and privacy permissions granted to this app may be used by a malicious app
๐@cveNotify
Apple Support
About the security content of iOS 16.5 and iPadOS 16.5
This document describes the security content of iOS 16.5 and iPadOS 16.5.
๐จ CVE-2023-28191
This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences
๐@cveNotify
This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences
๐@cveNotify
Apple Support
About the security content of macOS Big Sur 11.7.7
This document describes the security content of macOS Big Sur 11.7.7.
๐จ CVE-2022-42860
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file system
๐@cveNotify
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file system
๐@cveNotify
Apple Support
About the security content of macOS Ventura 13
This document describes the security content of macOS Ventura 13.
๐จ CVE-2023-32394
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. A person with physical access to a device may be able to view contact information from the lock screen
๐@cveNotify
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. A person with physical access to a device may be able to view contact information from the lock screen
๐@cveNotify
Apple Support
About the security content of tvOS 16.5
This document describes the security content of tvOS 16.5.
๐จ CVE-2023-27964
An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.
๐@cveNotify
An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.
๐@cveNotify
Apple Support
About the security content of AirPods and Beats firmware updates
This document describes the security content of AirPods and Beats firmware updates.
๐จ CVE-2023-25515
NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity.
๐@cveNotify
NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity.
๐@cveNotify