๐จ CVE-2024-23291
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A malicious app may be able to observe user data in log entries related to accessibility notifications.
๐@cveNotify
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A malicious app may be able to observe user data in log entries related to accessibility notifications.
๐@cveNotify
seclists.org
Full Disclosure: APPLE-SA-03-07-2024-2 macOS Sonoma 14.4
๐จ CVE-2024-23292
This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access information about a user's contacts.
๐@cveNotify
This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access information about a user's contacts.
๐@cveNotify
seclists.org
Full Disclosure: APPLE-SA-03-07-2024-2 macOS Sonoma 14.4
๐จ CVE-2024-23297
The issue was addressed with improved checks. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. A malicious application may be able to access private information.
๐@cveNotify
The issue was addressed with improved checks. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. A malicious application may be able to access private information.
๐@cveNotify
seclists.org
Full Disclosure: APPLE-SA-03-07-2024-5 watchOS 10.4
๐จ CVE-2024-0670
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges
๐@cveNotify
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges
๐@cveNotify
seclists.org
Full Disclosure: SEC Consult SA-20240307-0 :: Local Privilege Escalation via writable files in Checkmk Agent (CVE-2024-0670)
๐จ CVE-2024-23300
A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageBand 10.4.11. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
๐@cveNotify
A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageBand 10.4.11. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
๐@cveNotify
seclists.org
Full Disclosure: APPLE-SA-03-12-2024-1 GarageBand 10.4.11
๐จ CVE-2023-42938
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges.
๐@cveNotify
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges.
๐@cveNotify
Apple Support
About the security content of iTunes 12.13.1 for Windows
This document describes the security content of iTunes 12.13.1 for Windows.
๐จ CVE-2023-52361
The VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect integrity.
๐@cveNotify
The VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect integrity.
๐@cveNotify
๐จ CVE-2024-23293
This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data.
๐@cveNotify
This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data.
๐@cveNotify
seclists.org
Full Disclosure: APPLE-SA-03-07-2024-2 macOS Sonoma 14.4
๐จ CVE-2024-23294
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4. Processing malicious input may lead to code execution.
๐@cveNotify
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4. Processing malicious input may lead to code execution.
๐@cveNotify
seclists.org
Full Disclosure: APPLE-SA-03-07-2024-2 macOS Sonoma 14.4
๐จ CVE-2024-23295
A permissions issue was addressed to help ensure Personas are always protected This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona.
๐@cveNotify
A permissions issue was addressed to help ensure Personas are always protected This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona.
๐@cveNotify
seclists.org
Full Disclosure: APPLE-SA-03-07-2024-7 visionOS 1.1
๐จ CVE-2023-42920
Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS.
๐@cveNotify
Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS.
๐@cveNotify
๐จ CVE-2024-33122
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list() function.
๐@cveNotify
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list() function.
๐@cveNotify
GitHub
cxcxcxcxcxcxcxc/cxcxcxcxcxc/about-2024/33122.txt at main ยท cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc
Contribute to cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc development by creating an account on GitHub.
๐จ CVE-2023-52890
NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging.
๐@cveNotify
NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging.
๐@cveNotify
GitHub
Use after free in ntfs_uppercase_mbs() of libntfs-3g ยท Issue #84 ยท tuxera/ntfs-3g
I believe there is a use after free in ntfs_uppercase_mbs() when following a specific code path: ntfs-3g/libntfs-3g/unistr.c Line 1193 in 1565b01 *t = 0; It can be triggered if the call to utf8_to_...
๐จ CVE-2024-55560
MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh_host_rsa_key, and ssh_host_ed25519_key that persist after installation.
๐@cveNotify
MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh_host_rsa_key, and ssh_host_ed25519_key that persist after installation.
๐@cveNotify
GitHub
Rotate host keys during firstruncmd ยท MailCleaner/MailCleaner@28d913e
MailCleaner Community Edition. Contribute to MailCleaner/MailCleaner development by creating an account on GitHub.
๐จ CVE-2024-55564
The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow.
๐@cveNotify
The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow.
๐@cveNotify
๐จ CVE-2022-38947
SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in product_title parameter, allows attackers to execute arbitrary code.
๐@cveNotify
SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in product_title parameter, allows attackers to execute arbitrary code.
๐@cveNotify
GitHub
CVE/Flipkart-Clone-PHP/Flipkart-Clone-PHP.md at main ยท Cosemz/CVE
CVE. Contribute to Cosemz/CVE development by creating an account on GitHub.
๐จ CVE-2024-40582
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.
๐@cveNotify
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.
๐@cveNotify
๐จ CVE-2024-40583
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.
๐@cveNotify
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.
๐@cveNotify
๐จ CVE-2022-23084
The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption.
On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.
๐@cveNotify
The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption.
On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.
๐@cveNotify
๐จ CVE-2022-23085
A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption.
On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.
๐@cveNotify
A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption.
On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.
๐@cveNotify