Total
31801 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42831 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-03 | N/A | 5.5 MEDIUM |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user. | |||||
| CVE-2023-42828 | 1 Apple | 1 Macos | 2025-06-03 | N/A | 7.8 HIGH |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges. | |||||
| CVE-2023-40529 | 1 Apple | 2 Ipados, Iphone Os | 2025-06-03 | N/A | 2.4 LOW |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information. | |||||
| CVE-2023-40437 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-03 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information. | |||||
| CVE-2023-40433 | 1 Apple | 1 Macos | 2025-06-03 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks. | |||||
| CVE-2023-38612 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-03 | N/A | 3.3 LOW |
| The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. An app may be able to access protected user data. | |||||
| CVE-2023-38607 | 1 Apple | 1 Macos | 2025-06-03 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An app may be able to modify Printer settings. | |||||
| CVE-2023-34328 | 1 Xen | 1 Xen | 2025-06-03 | N/A | 5.5 MEDIUM |
| [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely. | |||||
| CVE-2023-34327 | 1 Xen | 1 Xen | 2025-06-03 | N/A | 5.5 MEDIUM |
| [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely. | |||||
| CVE-2023-32424 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2025-06-03 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | |||||
| CVE-2022-48504 | 1 Apple | 1 Macos | 2025-06-03 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. | |||||
| CVE-2018-25095 | 1 Snapcreek | 1 Duplicator | 2025-06-03 | N/A | 9.8 CRITICAL |
| The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server. | |||||
| CVE-2024-22028 | 1 3rrr-btob | 12 3r-tmc01, 3r-tmc01 Firmware, 3r-tmc02 and 9 more | 2025-06-03 | N/A | 4.6 MEDIUM |
| Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the internal data. | |||||
| CVE-2024-0230 | 1 Apple | 2 Magic Keyboard, Magic Keyboard Firmware | 2025-06-03 | N/A | 2.4 LOW |
| A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic. | |||||
| CVE-2023-6843 | 1 Easy.jobs | 1 Easy.jobs | 2025-06-03 | N/A | 4.3 MEDIUM |
| The easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg WordPress plugin before 2.4.7 does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings. | |||||
| CVE-2023-51059 | 1 Mokosmart | 2 Mkgw1 Gateway, Mkgw1 Gateway Firmware | 2025-06-03 | N/A | 8.8 HIGH |
| An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface. | |||||
| CVE-2023-50440 | 1 Primx | 3 Zed\!, Zedmail, Zonecentral | 2025-06-03 | N/A | 5.5 MEDIUM |
| ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim. | |||||
| CVE-2023-52109 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-02 | N/A | 7.5 HIGH |
| Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-52108 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-02 | N/A | 7.5 HIGH |
| Vulnerability of process priorities being raised in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2023-52104 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-02 | N/A | 7.5 HIGH |
| Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||