Total
32389 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40433 | 1 Apple | 1 Macos | 2025-06-03 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks. | ||||
| CVE-2023-38612 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-03 | 3.3 Low |
| The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. An app may be able to access protected user data. | ||||
| CVE-2023-38607 | 1 Apple | 1 Macos | 2025-06-03 | 5.5 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An app may be able to modify Printer settings. | ||||
| CVE-2023-34328 | 1 Xen | 1 Xen | 2025-06-03 | 5.5 Medium |
| [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely. | ||||
| CVE-2023-34327 | 1 Xen | 1 Xen | 2025-06-03 | 5.5 Medium |
| [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely. | ||||
| CVE-2023-32424 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2025-06-03 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | ||||
| CVE-2022-48504 | 1 Apple | 1 Macos | 2025-06-03 | 5.5 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. | ||||
| CVE-2018-25095 | 1 Snapcreek | 1 Duplicator | 2025-06-03 | 9.8 Critical |
| The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server. | ||||
| CVE-2023-33040 | 1 Qualcomm | 288 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 285 more | 2025-06-03 | 7.5 High |
| Transient DOS in Data Modem during DTLS handshake. | ||||
| CVE-2023-48732 | 1 Mattermost | 1 Mattermost Server | 2025-06-03 | 4.3 Medium |
| Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel. | ||||
| CVE-2023-48418 | 1 Google | 2 Pixel Watch, Pixel Watch Firmware | 2025-06-03 | 10 Critical |
| In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation | ||||
| CVE-2023-46741 | 1 Linuxfoundation | 1 Cubefs | 2025-06-03 | 4.8 Medium |
| CubeFS is an open-source cloud-native file storage system. A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them escalate privileges. CubeFS leaks configuration keys in plaintext format in the logs. These keys could allow anyone to carry out operations on blobs that they otherwise do not have permissions for. For example, an attacker that has succesfully retrieved a secret key from the logs can delete blogs from the blob store. The attacker can either be an internal user with limited privileges to read the log, or they can be an external user who has escalated privileges sufficiently to access the logs. The vulnerability has been patched in v3.3.1. There is no other mitigation than upgrading. | ||||
| CVE-2024-20683 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-06-03 | 7.8 High |
| Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2024-20698 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-06-03 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2024-21305 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-06-03 | 4.4 Medium |
| Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | ||||
| CVE-2024-21313 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-06-03 | 5.3 Medium |
| Windows TCP/IP Information Disclosure Vulnerability | ||||
| CVE-2024-20672 | 1 Microsoft | 1 .net | 2025-06-03 | 7.5 High |
| .NET Denial of Service Vulnerability | ||||
| CVE-2024-0056 | 2 Microsoft, Redhat | 21 .net, .net Framework, Microsoft.data.sqlclient and 18 more | 2025-06-03 | 8.7 High |
| Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | ||||
| CVE-2024-0057 | 2 Microsoft, Redhat | 19 .net, .net Framework, Powershell and 16 more | 2025-06-03 | 9.1 Critical |
| NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | ||||
| CVE-2024-20652 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-06-03 | 8.1 High |
| Windows HTML Platforms Security Feature Bypass Vulnerability | ||||