Apple iOS - 5688 CVEs (Page 13/48)

About “Apple iOS”

A curated feed of “Apple iOS”-related CVEs appears below. We currently track 5688 CVEs for this tag (all time). In the last 365 days, 502 were published. Average CVSS is 6.7 (all time; 6.3 over 365d), and 48% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-284 - Improper Access Control, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2023-06-23

Medium

CVE-2023-32422

This issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to bypass Privacy prefere…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2023-32420

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to cause unexpected…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD

Critical

CVE-2023-32419

The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution.

CVSS: 9.8 CWE: N/A View on NVD

Medium

CVE-2023-32415

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive locati…

CVSS: 5.5 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD

High

CVE-2023-32413

A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD

Critical

CVE-2023-32412

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Mont…

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2023-32411

This issue was addressed with improved entitlements. This issue is fixed in tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to…

CVSS: 5.5 CWE: N/A View on NVD

Medium

CVE-2023-32410

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2023-32409

The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote a…

CVSS: 8.6 CWE: N/A View on NVD

Medium

CVE-2023-32408

The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 1…

CVSS: 5.5 CWE: N/A View on NVD

Medium

CVE-2023-32407

A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.…

CVSS: 5.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD

Medium

CVE-2023-32404

This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.

CVSS: 5.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD

Medium

CVE-2023-32403

This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macO…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2023-32402

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content ma…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2023-32400

This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Entitlements and privacy permissions granted to this app may be used b…

CVSS: 5.5 CWE: CWE-281 - Improper Preservation of Permissions View on NVD

Medium

CVE-2023-32399

The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location in…

CVSS: 5.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD

High

CVE-2023-32398

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2023-32397

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD

Low

CVE-2023-32394

The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to vie…

CVSS: 2.4 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD

Medium

CVE-2023-32392

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS…

CVSS: 5.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD

Medium

CVE-2023-32391

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.5, iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. A shortcut may be able to use sensitive d…

CVSS: 4.6 CWE: CWE-125 - Out-of-bounds Read View on NVD

Low

CVE-2023-32390

The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Photos belonging to the Hidden Photos Album could be viewed without aut…

CVSS: 2.4 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2023-32389

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to disclose…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2023-32388

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS M…

CVSS: 5.5 CWE: CWE-281 - Improper Preservation of Permissions View on NVD

Medium

CVE-2023-32385

A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination.

CVSS: 5.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD

High

CVE-2023-32384

A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

Medium

CVE-2023-32376

This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to modify protected parts of the f…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2023-32373

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2023-32372

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. Processing an image may result in disc…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2023-32371

The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox.

CVSS: 6.3 CWE: N/A View on NVD

Medium

CVE-2023-32368

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing a 3D…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2023-32367

This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data.

CVSS: 5.5 CWE: N/A View on NVD

Low

CVE-2023-32365

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, iOS 16.5 and iPadOS 16.5. Shake-to-undo may allow a deleted photo to be re-surfaced without authenti…

CVSS: 2.4 CWE: N/A View on NVD

High

CVE-2023-32357

An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadO…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2023-32354

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. An app may be able to disclose kernel memory.

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2023-32352

A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may bypass Gate…

CVSS: 5.5 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD

Medium

CVE-2023-28204

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 1…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2023-28202

This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app firewall setting may not take effect after…

CVSS: 5.5 CWE: CWE-640 - Weak Password Recovery Mechanism for Forgotten Password View on NVD

Medium

CVE-2023-28191

This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and…

CVSS: 5.5 CWE: CWE-346 - Origin Validation Error View on NVD

Medium

CVE-2023-27940

The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, macOS Ventura 13.4. A sandboxed app may be able to observe syst…

CVSS: 6.3 CWE: N/A View on NVD

High

CVE-2023-27930

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to execute arbitrary code wi…

CVSS: 7.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD

Medium

CVE-2022-46718

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to rea…

CVSS: 5.5 CWE: CWE-346 - Origin Validation Error View on NVD

Medium

CVE-2022-46715

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to bypass certain Privacy preferences

CVSS: 5.5 CWE: N/A View on NVD

Medium

CVE-2022-42792

This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information

CVSS: 5.5 CWE: CWE-203 - Observable Discrepancy View on NVD

2023-06-13

Medium

CVE-2023-29501

Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verificati…

CVSS: 4.8 CWE: CWE-295 - Improper Certificate Validation View on NVD

2023-05-10

High

CVE-2022-41690

Improper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 7.1 CWE: CWE-284 - Improper Access Control View on NVD

Medium

CVE-2023-28932

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.20 versions.

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2023-05-08

Low

CVE-2023-22813

A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My C…

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

Critical

CVE-2023-28201

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4. A remote user may b…

CVSS: 9.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD

Medium

CVE-2023-28200

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD

Low

CVE-2023-28194

The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to unexpectedly create a bookmark on the Home Screen.

CVSS: 3.3 CWE: N/A View on NVD

Medium

CVE-2023-28182

The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A…

CVSS: 6.5 CWE: CWE-287 - Improper Authentication View on NVD

High

CVE-2023-28181

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.4, macOS Big Sur 11.7.7,…

CVSS: 7.8 CWE: N/A View on NVD

Medium

CVE-2023-28178

A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to bypass…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2023-27970

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges.

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2023-27969

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. An app…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2023-27963

The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchO…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD

Medium

CVE-2023-27961

Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, w…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2023-27959

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges.

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2023-27956

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. Processing a maliciou…

CVSS: 5.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

Medium

CVE-2023-27955

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, macOS Big Sur 11.7.5. An app may be able to read a…

CVSS: 5.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

Medium

CVE-2023-27954

The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A websi…

CVSS: 6.5 CWE: CWE-863 - Incorrect Authorization View on NVD

High

CVE-2023-27949

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. Processing a maliciously crafted fi…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2023-27946

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. Processing a m…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2023-27943

This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Files downloaded from the internet may not have the quarantine flag applied.

CVSS: 5.5 CWE: N/A View on NVD

Medium

CVE-2023-27942

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be a…

CVSS: 5.5 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD

Medium

CVE-2023-27941

CVSS: 5.5 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD

High

CVE-2023-27937

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD

High

CVE-2023-27936

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2023-27933

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app with root privileges…

CVSS: 6.7 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2023-27932

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web c…

CVSS: 5.5 CWE: CWE-346 - Origin Validation Error View on NVD

Medium

CVE-2023-27931

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.3, tvOS 16.4, watchOS 9.4. An…

CVSS: 5.5 CWE: CWE-203 - Observable Discrepancy View on NVD

Medium

CVE-2023-27929

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing a maliciously crafted image…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Low

CVE-2023-27928

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watch…

CVSS: 3.3 CWE: N/A View on NVD

Low

CVE-2023-23543

The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4…

CVSS: 3.6 CWE: N/A View on NVD

Low

CVE-2023-23541

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access informa…

CVSS: 3.3 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD

High

CVE-2023-23540

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. An app may be able t…

CVSS: 7.8 CWE: N/A View on NVD

Medium

CVE-2023-23537

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2023-23536

The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tv…

CVSS: 7.8 CWE: N/A View on NVD

Medium

CVE-2023-23535

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.6,…

CVSS: 5.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

High

CVE-2023-23532

This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.6 and iPadOS 15.7.6. An app may be able to break out of its sandbox.

CVSS: 8.8 CWE: N/A View on NVD

Medium

CVE-2023-23528

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 16.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted Bluetooth packet may result in disclosu…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2023-23527

CVSS: 5.5 CWE: N/A View on NVD

Critical

CVE-2023-23526

This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A file from an iCl…

CVSS: 9.8 CWE: N/A View on NVD

High

CVE-2023-23525

This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. An app may be able to gain root privileges.

CVSS: 7.8 CWE: N/A View on NVD

Low

CVE-2023-23523

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Photos belonging to the Hidden Photos Album could be viewed without authen…

CVSS: 3.3 CWE: N/A View on NVD

Medium

CVE-2023-23494

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to cause a denial-of-service.

CVSS: 5.3 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

High

CVE-2022-46720

An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to break out of its sandbox

CVSS: 8.6 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD

High

CVE-2022-32885

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lea…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

2023-05-07

High

CVE-2023-32290

The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server.

CVSS: 7.5 CWE: CWE-311 - Missing Encryption of Sensitive Data View on NVD

2023-04-10

High

CVE-2023-28206

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7…

CVSS: 8.6 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2023-28205

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processin…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

Low

CVE-2022-46717

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2. A user with physical access to a locked Apple Watch may be able to view user photos via access…

CVSS: 2.4 CWE: N/A View on NVD

High

CVE-2022-46716

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. Private Relay functionality did not match system settings

CVSS: 7.5 CWE: N/A View on NVD

Critical

CVE-2022-46709

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16. An app may be able to execute arbitrary code with kernel privileges

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2022-46703

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. An app may be able to read sensitive locatio…

CVSS: 5.5 CWE: N/A View on NVD

Low

CVE-2022-32871

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information

CVSS: 2.4 CWE: N/A View on NVD

2023-04-04

Medium

CVE-2023-28999

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious serve…

CVSS: 6.9 CWE: CWE-325 - Missing Cryptographic Step View on NVD

2023-03-30

Medium

CVE-2023-28647

Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. In versions prior to 4.7.0 when an attacker has physical access to an unlocked device, they may enable t…

CVSS: 4.4 CWE: CWE-281 - Improper Preservation of Permissions View on NVD

2023-03-23

Medium

CVE-2023-20100

A vulnerability in the access point (AP) joining process of the Control and Provisioning of Wireless Access Points (CAPWAP) protocol of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could…

CVSS: 6.8 CWE: CWE-694 - Use of Multiple Resources with Duplicate Identifier View on NVD

Medium

CVE-2023-20082

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical acc…

CVSS: 6.1 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

Medium

CVE-2023-20081

A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Softwa…

CVSS: 6.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2023-20080

A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) con…

CVSS: 8.6 CWE: CWE-129 - Improper Validation of Array Index View on NVD

High

CVE-2023-20072

A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload, resulting…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2023-20067

A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service…

CVSS: 7.4 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD

Medium

CVE-2023-20066

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint o…

CVSS: 6.5 CWE: CWE-23 - Relative Path Traversal View on NVD

High

CVE-2023-20065

A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vuln…

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD

High

CVE-2023-20035

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficie…

CVSS: 7.8 CWE: CWE-146 - Improper Neutralization of Expression/Command Delimiters View on NVD

Medium

CVE-2023-20029

A vulnerability in the Meraki onboarding feature of Cisco IOS XE Software could allow an authenticated, local attacker to gain root level privileges on an affected device. This vulnerability is due t…

CVSS: 4.4 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD

High

CVE-2023-20027

A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service…

CVSS: 8.6 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2023-22702

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.13 versions.

CVSS: 6.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2023-03-22

Medium

CVE-2022-45634

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows authenticated attacker to gain access to sensitive account information

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

2023-03-21

High

CVE-2022-45636

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.

CVSS: 8.1 CWE: CWE-862 - Missing Authorization View on NVD

Critical

CVE-2022-45637

An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism.

CVSS: 9.8 CWE: CWE-640 - Weak Password Recovery Mechanism for Forgotten Password View on NVD

High

CVE-2022-45635

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy.

CVSS: 7.5 CWE: CWE-521 - Weak Password Requirements View on NVD

2023-03-14

Medium

CVE-2023-24890

Microsoft OneDrive for iOS Security Feature Bypass Vulnerability

CVSS: 6.5 CWE: CWE-1390 - Weak Authentication View on NVD

2023-03-09

Medium

CVE-2023-20064

A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console usin…

CVSS: 4.6 CWE: CWE-862 - Missing Authorization View on NVD

High

CVE-2023-20049

A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Perform…

CVSS: 8.6 CWE: CWE-805 - Buffer Access with Incorrect Length Value View on NVD

2023-03-07

Medium

CVE-2023-1225

Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severit…

CVSS: 4.3 CWE: N/A View on NVD

2023-02-27

High

CVE-2023-23531

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with cer…

CVSS: 8.6 CWE: CWE-787 - Out-of-bounds Write View on NVD