๐จ CVE-2023-32353
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges.
๐@cveNotify
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges.
๐@cveNotify
Apple Support
About the security content of iTunes 12.12.9 for Windows
This document describes the security content of iTunes 12.12.9 for Windows.
๐จ CVE-2023-32355
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.
๐@cveNotify
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.
๐@cveNotify
Apple Support
About the security content of macOS Ventura 13.4
This document describes the security content of macOS Ventura 13.4.
๐จ CVE-2023-32391
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.5, iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.
๐@cveNotify
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.5, iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.
๐@cveNotify
Apple Support
About the security content of iOS 16.5 and iPadOS 16.5
This document describes the security content of iOS 16.5 and iPadOS 16.5.
๐จ CVE-2023-32395
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.
๐@cveNotify
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.
๐@cveNotify
Apple Support
About the security content of macOS Ventura 13.4
This document describes the security content of macOS Ventura 13.4.
๐จ CVE-2023-32397
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.
๐@cveNotify
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.
๐@cveNotify
Apple Support
About the security content of macOS Ventura 13.4
This document describes the security content of macOS Ventura 13.4.
๐จ CVE-2023-32399
The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.
๐@cveNotify
The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.
๐@cveNotify
Apple Support
About the security content of iOS 16.5 and iPadOS 16.5
This document describes the security content of iOS 16.5 and iPadOS 16.5.
๐จ CVE-2023-32400
This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.
๐@cveNotify
This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.
๐@cveNotify
Apple Support
About the security content of iOS 16.5 and iPadOS 16.5
This document describes the security content of iOS 16.5 and iPadOS 16.5.
๐จ CVE-2023-32403
This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.
๐@cveNotify
This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.
๐@cveNotify
Apple Support
About the security content of iOS 16.5 and iPadOS 16.5
This document describes the security content of iOS 16.5 and iPadOS 16.5.
๐จ CVE-2023-32404
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.
๐@cveNotify
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.
๐@cveNotify
Apple Support
About the security content of iOS 16.5 and iPadOS 16.5
This document describes the security content of iOS 16.5 and iPadOS 16.5.
๐จ CVE-2023-32405
A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to gain root privileges.
๐@cveNotify
A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to gain root privileges.
๐@cveNotify
Apple Support
About the security content of macOS Ventura 13.4
This document describes the security content of macOS Ventura 13.4.
๐จ CVE-2023-32407
A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.
๐@cveNotify
A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.
๐@cveNotify
Apple Support
About the security content of iOS 16.5 and iPadOS 16.5
This document describes the security content of iOS 16.5 and iPadOS 16.5.
๐จ CVE-2023-32415
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.
๐@cveNotify
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.
๐@cveNotify
Apple Support
About the security content of iOS 16.5 and iPadOS 16.5
This document describes the security content of iOS 16.5 and iPadOS 16.5.
๐จ CVE-2021-31635
Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function.
๐@cveNotify
Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function.
๐@cveNotify
GitHub
Server Side Template Injection leading to Remote Code Execution ยท Issue #187 ยท jfinal/jfinal
I have found a ssti vulnerability leading to remote code execution. Considering the security factors, the details of the vulnerability will not be disclosed temporarily.I have written the details i...
๐จ CVE-2023-21175
In onCreate of DataUsageSummary.java, there is a possible method for a guest user to enable or disable mobile data due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243574
๐@cveNotify
In onCreate of DataUsageSummary.java, there is a possible method for a guest user to enable or disable mobile data due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243574
๐@cveNotify
๐จ CVE-2023-21176
In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222287335
๐@cveNotify
In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222287335
๐@cveNotify
๐จ CVE-2023-21187
In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246542917
๐@cveNotify
In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246542917
๐@cveNotify
๐จ CVE-2023-21513
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.
๐@cveNotify
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.
๐@cveNotify
๐จ CVE-2024-23220
The issue was addressed with improved handling of caches. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4. An app may be able to fingerprint the user.
๐@cveNotify
The issue was addressed with improved handling of caches. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4. An app may be able to fingerprint the user.
๐@cveNotify
seclists.org
Full Disclosure: APPLE-SA-03-07-2024-7 visionOS 1.1
๐จ CVE-2024-23226
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution.
๐@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution.
๐@cveNotify
seclists.org
Full Disclosure: APPLE-SA-03-07-2024-2 macOS Sonoma 14.4
๐จ CVE-2024-23227
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to read sensitive location information.
๐@cveNotify
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to read sensitive location information.
๐@cveNotify
seclists.org
Full Disclosure: APPLE-SA-03-07-2024-2 macOS Sonoma 14.4
๐จ CVE-2022-0788
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users
๐@cveNotify
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users
๐@cveNotify
WPScan
WP Fundraising Donation and Crowdfunding Platform < 1.5.0 - Unauthenticated SQLi
See details on WP Fundraising Donation and Crowdfunding Platform < 1.5.0 - Unauthenticated SQLi CVE 2022-0788. View the latest Plugin Vulnerabilities on WPScan.