Total
5132 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30321 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | N/A | 5.5 MEDIUM |
|
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-43558 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | N/A | 7.8 HIGH |
|
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-43589 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | N/A | 7.8 HIGH |
|
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-43590 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | N/A | 7.8 HIGH |
|
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-43593 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | N/A | 7.8 HIGH |
|
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47104 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | N/A | 5.5 MEDIUM |
|
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47105 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | N/A | 5.5 MEDIUM |
|
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-47106 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | N/A | 5.5 MEDIUM |
|
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-30317 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | N/A | 7.8 HIGH |
|
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-42865 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-06-16 | N/A | 6.5 MEDIUM |
|
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.
|
|||||
| CVE-2023-42830 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-16 | N/A | 3.3 LOW |
|
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information.
|
|||||
| CVE-2023-42829 | 1 Apple | 1 Macos | 2025-06-16 | N/A | 5.5 MEDIUM |
|
The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases.
|
|||||
| CVE-2023-32401 | 1 Apple | 1 Macos | 2025-06-16 | N/A | 7.8 HIGH |
|
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution.
|
|||||
| CVE-2023-41077 | 1 Apple | 1 Macos | 2025-06-12 | N/A | 5.5 MEDIUM |
|
An app may be able to access protected user data. This issue is fixed in macOS Sonoma 14, macOS Ventura 13.6.1. The issue was addressed with improved checks.
|
|||||
| CVE-2023-40425 | 1 Apple | 1 Macos | 2025-06-12 | N/A | 4.4 MEDIUM |
|
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14, macOS Monterey 12.7.1. An app with root privileges may be able to access private information.
|
|||||
| CVE-2023-42833 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-06-11 | N/A | 8.8 HIGH |
|
A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution.
|
|||||
| CVE-2023-40439 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-11 | N/A | 3.3 LOW |
|
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information.
|
|||||
| CVE-2024-22251 | 2 Apple, Vmware | 3 Macos, Fusion, Workstation | 2025-06-10 | N/A | 5.9 MEDIUM |
|
VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure.
|
|||||
| CVE-2023-42983 | 1 Apple | 1 Macos | 2025-06-09 | N/A | 6.4 MEDIUM |
|
Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks.
|
|||||
| CVE-2022-29458 | 3 Apple, Debian, Gnu | 3 Macos, Debian Linux, Ncurses | 2025-06-09 | 5.8 MEDIUM | 7.1 HIGH |
|
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
|
|||||
| CVE-2021-22945 | 8 Apple, Debian, Fedoraproject and 5 more | 25 Macos, Debian Linux, Fedora and 22 more | 2025-06-09 | 5.8 MEDIUM | 9.1 CRITICAL |
|
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
|
|||||
| CVE-2024-23746 | 2 Apple, Miro | 2 Macos, Miro | 2025-06-04 | N/A | 9.8 CRITICAL |
|
Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents).
|
|||||
| CVE-2024-23741 | 2 Apple, Vercel | 2 Macos, Hyper | 2025-06-03 | N/A | 9.8 CRITICAL |
|
An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
|
|||||
| CVE-2024-31952 | 2 Apple, Samsung | 2 Macos, Magician | 2025-06-03 | N/A | 6.7 MEDIUM |
|
An issue was discovered in Samsung Magician 8.0.0 on macOS. Because symlinks are used during the installation process, an attacker can escalate privileges via arbitrary file permission writes. (The attacker must already have user privileges, and an administrator password must be entered during the program installation stage for privilege escalation.)
|
|||||
| CVE-2024-31953 | 2 Apple, Samsung | 2 Macos, Magician | 2025-06-03 | N/A | 6.7 MEDIUM |
|
An issue was discovered in Samsung Magician 8.0.0 on macOS. Because it is possible to tamper with the directory and executable files used during the installation process, an attacker can escalate privileges through arbitrary code execution. (The attacker must already have user privileges, and an administrator password must be entered during the program installation stage for privilege escalation.)
|
|||||
| CVE-2023-42866 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-06-03 | N/A | 8.8 HIGH |
|
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.
|
|||||
| CVE-2023-42831 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-03 | N/A | 5.5 MEDIUM |
|
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user.
|
|||||
| CVE-2023-42828 | 1 Apple | 1 Macos | 2025-06-03 | N/A | 7.8 HIGH |
|
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges.
|
|||||
| CVE-2023-40437 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-03 | N/A | 5.5 MEDIUM |
|
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information.
|
|||||
| CVE-2023-40433 | 1 Apple | 1 Macos | 2025-06-03 | N/A | 5.5 MEDIUM |
|
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks.
|
|||||
| CVE-2023-28185 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-06-03 | N/A | 5.5 MEDIUM |
|
An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a denial-of-service.
|
|||||
| CVE-2022-48504 | 1 Apple | 1 Macos | 2025-06-03 | N/A | 5.5 MEDIUM |
|
The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.
|
|||||
| CVE-2025-30466 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-06-02 | N/A | 9.8 CRITICAL |
|
This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. A website may be able to bypass Same Origin Policy.
|
|||||
| CVE-2025-31189 | 1 Apple | 1 Macos | 2025-06-02 | N/A | 8.2 HIGH |
|
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.
|
|||||
| CVE-2025-31198 | 1 Apple | 1 Macos | 2025-06-02 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A path handling issue was addressed with improved validation.
|
|||||
| CVE-2025-31199 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-06-02 | N/A | 5.5 MEDIUM |
|
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
|
|||||
| CVE-2025-31231 | 1 Apple | 1 Macos | 2025-06-02 | N/A | 5.5 MEDIUM |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read sensitive location information.
|
|||||
| CVE-2025-31261 | 1 Apple | 1 Macos | 2025-06-02 | N/A | 5.5 MEDIUM |
|
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.
|
|||||
| CVE-2025-31263 | 1 Apple | 1 Macos | 2025-06-02 | N/A | 9.1 CRITICAL |
|
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory.
|
|||||
| CVE-2025-31264 | 1 Apple | 1 Macos | 2025-06-02 | N/A | 4.6 MEDIUM |
|
An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.
|
|||||