π¨ CVE-2023-32390
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup.
π@cveNotify
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup.
π@cveNotify
Apple Support
About the security content of iOS 16.5 and iPadOS 16.5
This document describes the security content of iOS 16.5 and iPadOS 16.5.
π¨ CVE-2023-32414
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox.
π@cveNotify
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox.
π@cveNotify
Apple Support
About the security content of macOS Ventura 13.4
This document describes the security content of macOS Ventura 13.4.
π¨ CVE-2024-23243
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4. An app may be able to read sensitive location information.
π@cveNotify
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4. An app may be able to read sensitive location information.
π@cveNotify
seclists.org
Full Disclosure: APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4
π¨ CVE-2024-9760
Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24476.
π@cveNotify
Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24476.
π@cveNotify
Zerodayinitiative
ZDI-24-1357
Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
π¨ CVE-2024-9761
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24477.
π@cveNotify
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24477.
π@cveNotify
Zerodayinitiative
ZDI-24-1366
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
π¨ CVE-2024-9762
Tungsten Automation Power PDF OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of OXPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24478.
π@cveNotify
Tungsten Automation Power PDF OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of OXPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24478.
π@cveNotify
Zerodayinitiative
ZDI-24-1358
Tungsten Automation Power PDF OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
π¨ CVE-2024-9763
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24479.
π@cveNotify
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24479.
π@cveNotify
Zerodayinitiative
ZDI-24-1359
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
π¨ CVE-2024-40744
Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.
π@cveNotify
Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.
π@cveNotify
Tassos Marinos
The #1 Joomla Contact Form Builder Extension - Convert Forms
π¨ CVE-2024-20792
Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Illustrator | APSB24-30
π¨ CVE-2024-20793
Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Illustrator | APSB24-30
π¨ CVE-2022-42860
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file system
π@cveNotify
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file system
π@cveNotify
Apple Support
About the security content of macOS Ventura 13
This document describes the security content of macOS Ventura 13.
π¨ CVE-2022-46718
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information
π@cveNotify
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information
π@cveNotify
Apple Support
About the security content of iOS 15.7.2 and iPadOS 15.7.2
This document describes the security content of iOS 15.7.2 and iPadOS 15.7.2.
π¨ CVE-2023-23516
The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to execute arbitrary code with kernel privileges.
π@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to execute arbitrary code with kernel privileges.
π@cveNotify
Apple Support
About the security content of macOS Big Sur 11.7.3
This document describes the security content of macOS Big Sur 11.7.3.
π¨ CVE-2024-28907
Microsoft Brokering File System Elevation of Privilege Vulnerability
π@cveNotify
Microsoft Brokering File System Elevation of Privilege Vulnerability
π@cveNotify
π¨ CVE-2018-9394
In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2018-9395
In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2024-28904
Microsoft Brokering File System Elevation of Privilege Vulnerability
π@cveNotify
Microsoft Brokering File System Elevation of Privilege Vulnerability
π@cveNotify
π¨ CVE-2024-28905
Microsoft Brokering File System Elevation of Privilege Vulnerability
π@cveNotify
Microsoft Brokering File System Elevation of Privilege Vulnerability
π@cveNotify
π¨ CVE-2024-45321
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.
π@cveNotify
The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.
π@cveNotify
GitHub
Securing Perl: cpanm HTTPS + verify_SSL + verify signatures? Β· Issue #611 Β· miyagawa/cpanminus
Hi! I'm starting to work across the community to try and help "Securing Perl" by encouraging the checking of module signatures, moving mirrors to HTTPS, nudging defaults toward connec...
π¨ CVE-2024-11667
A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.
π@cveNotify
A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.
π@cveNotify
Zyxel
Zyxel security advisory: protecting against recent firewall threats | Zyxel Networks
Summary Zyxel is aware of recent attempts by threat actors to target Zyxel firewalls through previously disclosed vulnerabilities, as reported in Sekoiaβs blog post. We confirm that firewall firmware version 5.39, released on September 3, 2024, and laterβ¦