admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-09-17T02:00:19.245220+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-09-17 02:03:17 +00:00
parent 71ef5627fe
commit c9b362a9af
123 changed files with 2825 additions and 215 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2018/CVE-2018-106xx/CVE-2018-10624.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2018-10624",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2018-08-01T21:29:00.217",
"lastModified": "2024-01-23T01:15:08.943",
"lastModified": "2024-09-17T00:15:30.227",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.\n\n"
"value": "In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information."
},
{
"lang": "es",

4
CVE-2018/CVE-2018-250xx/CVE-2018-25004.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2018-25004",
"sourceIdentifier": "cna@mongodb.com",
"published": "2021-03-01T17:15:11.717",
"lastModified": "2024-01-23T15:15:10.593",
"lastModified": "2024-09-17T01:15:37.957",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11.\n\n"
"value": "A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11."
},
{
"lang": "es",

4
CVE-2019/CVE-2019-209xx/CVE-2019-20925.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2019-20925",
"sourceIdentifier": "cna@mongodb.com",
"published": "2020-11-24T11:15:10.607",
"lastModified": "2024-01-23T15:15:10.893",
"lastModified": "2024-09-17T00:15:34.570",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24.\n\n"
"value": "An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24."
},
{
"lang": "es",

4
CVE-2019/CVE-2019-56xx/CVE-2019-5640.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2019-5640",
"sourceIdentifier": "cve@rapid7.com",
"published": "2021-11-22T17:15:08.357",
"lastModified": "2023-10-10T11:15:10.007",
"lastModified": "2024-09-17T01:15:41.100",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user\n\n"
"value": "Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user"
},
{
"lang": "es",

4
CVE-2020/CVE-2020-129xx/CVE-2020-12930.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2020-12930",
"sourceIdentifier": "psirt@amd.com",
"published": "2022-11-09T21:15:10.580",
"lastModified": "2024-02-13T20:15:48.760",
"lastModified": "2024-09-17T00:15:35.687",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\n\n"
"value": "Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity."
},
{
"lang": "es",

4
CVE-2020/CVE-2020-129xx/CVE-2020-12931.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2020-12931",
"sourceIdentifier": "psirt@amd.com",
"published": "2022-11-09T21:15:11.407",
"lastModified": "2024-02-13T20:15:49.017",
"lastModified": "2024-09-17T01:15:41.680",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\n\n"
"value": "Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity."
},
{
"lang": "es",

4
CVE-2020/CVE-2020-145xx/CVE-2020-14521.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2020-14521",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2022-02-11T18:15:08.513",
"lastModified": "2023-11-07T03:17:15.377",
"lastModified": "2024-09-17T00:15:35.893",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nMultiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.\n\n\n\n"
"value": "Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition."
},
{
"lang": "es",

4
CVE-2020/CVE-2020-79xx/CVE-2020-7925.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2020-7925",
"sourceIdentifier": "cna@mongodb.com",
"published": "2020-11-23T15:15:11.543",
"lastModified": "2024-01-23T16:15:49.010",
"lastModified": "2024-09-17T01:15:44.437",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9.\n\n"
"value": "Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9."
},
{
"lang": "es",

4
CVE-2020/CVE-2020-79xx/CVE-2020-7928.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2020-7928",
"sourceIdentifier": "cna@mongodb.com",
"published": "2020-11-23T17:15:12.797",
"lastModified": "2024-01-23T16:15:49.263",
"lastModified": "2024-09-17T01:15:44.573",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4.1; MongoDB Server v4.2 versions prior to 4.2.9; MongoDB Server v4.0 versions prior to 4.0.20 and MongoDB Server v3.6 versions prior to 3.6.20.\n\n"
"value": "A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects MongoDB Server v4.4 versions prior to 4.4.1; MongoDB Server v4.2 versions prior to 4.2.9; MongoDB Server v4.0 versions prior to 4.0.20 and MongoDB Server v3.6 versions prior to 3.6.20."
},
{
"lang": "es",

4
CVE-2021/CVE-2021-203xx/CVE-2021-20326.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2021-20326",
"sourceIdentifier": "cna@mongodb.com",
"published": "2021-04-30T09:15:07.597",
"lastModified": "2024-01-23T16:15:49.437",
"lastModified": "2024-09-17T00:15:39.420",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.4.\n\n"
"value": "A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.4."
},
{
"lang": "es",

4
CVE-2021/CVE-2021-204xx/CVE-2021-20407.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2021-20407",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2021-02-12T17:15:13.840",
"lastModified": "2023-05-11T22:15:09.613",
"lastModified": "2024-09-17T01:15:45.653",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 196185.\n\n"
"value": "IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 196185."
},
{
"lang": "es",

4
CVE-2021/CVE-2021-352xx/CVE-2021-35250.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2021-35250",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2022-04-25T20:15:41.787",
"lastModified": "2023-08-03T21:15:12.083",
"lastModified": "2024-09-17T00:15:41.550",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.\n\n"
"value": "A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1."
},
{
"lang": "es",

4
CVE-2021/CVE-2021-38xx/CVE-2021-3806.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2021-3806",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2021-09-18T14:15:07.427",
"lastModified": "2023-09-03T17:15:07.267",
"lastModified": "2024-09-17T00:15:42.687",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability on Pardus Software Center's \"extractArchive\" function could allow anyone on the same network to do a man-in-the-middle and write files on the system.\n\n"
"value": "A path traversal vulnerability on Pardus Software Center's \"extractArchive\" function could allow anyone on the same network to do a man-in-the-middle and write files on the system."
},
{
"lang": "es",

4
CVE-2021/CVE-2021-38xx/CVE-2021-3833.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2021-3833",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2021-10-07T16:15:08.947",
"lastModified": "2023-11-20T14:15:07.430",
"lastModified": "2024-09-17T00:15:42.810",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integria IMS login check uses a loose comparator (\"==\") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.\n\n"
"value": "Integria IMS login check uses a loose comparator (\"==\") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords."
},
{
"lang": "es",

4
CVE-2021/CVE-2021-447xx/CVE-2021-44795.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2021-44795",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2022-01-27T13:15:08.007",
"lastModified": "2023-09-03T16:15:08.840",
"lastModified": "2024-09-17T01:15:48.993",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Single Connect does not perform an authorization check when using the \"sc-assigned-credential-ui\" module. A remote attacker could exploit this vulnerability to modify users permissions. The exploitation of this vulnerability might allow a remote attacker to delete permissions from other users without authenticating.\n\n"
"value": "Single Connect does not perform an authorization check when using the \"sc-assigned-credential-ui\" module. A remote attacker could exploit this vulnerability to modify users permissions. The exploitation of this vulnerability might allow a remote attacker to delete permissions from other users without authenticating."
},
{
"lang": "es",

4
CVE-2022/CVE-2022-04xx/CVE-2022-0495.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-0495",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2022-09-21T09:15:09.187",
"lastModified": "2023-09-03T16:15:09.510",
"lastModified": "2024-09-17T01:15:49.137",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.\n\n"
"value": "The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01."
},
{
"lang": "es",

6
CVE-2022/CVE-2022-09xx/CVE-2022-0900.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-0900",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2022-05-23T14:16:26.247",
"lastModified": "2024-02-16T13:59:33.853",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-17T00:15:43.990",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS.This issue affects DivvyDrive: from unspecified before v.4.6.2.0.\n\n"
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS.This issue affects DivvyDrive: from unspecified before v.4.6.2.0."
},
{
"lang": "es",

4
CVE-2022/CVE-2022-12xx/CVE-2022-1277.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-1277",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2022-07-29T13:15:08.533",
"lastModified": "2023-09-03T16:15:09.773",
"lastModified": "2024-09-17T00:15:44.137",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability.\n\n"
"value": "Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability."
},
{
"lang": "es",

4
CVE-2022/CVE-2022-28xx/CVE-2022-2807.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-2807",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2022-12-02T12:15:09.797",
"lastModified": "2023-04-16T10:15:07.183",
"lastModified": "2024-09-17T01:15:51.330",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.This issue affects Prens Student Information System: before 2.1.11.\n\n"
"value": "SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.This issue affects Prens Student Information System: before 2.1.11."
},
{
"lang": "es",

4
CVE-2022/CVE-2022-303xx/CVE-2022-30311.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-30311",
"sourceIdentifier": "info@cert.vde.com",
"published": "2022-06-13T14:15:09.300",
"lastModified": "2023-08-10T08:15:09.837",
"lastModified": "2024-09-17T00:15:45.830",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-refresh-request\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\n\n"
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-refresh-request\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection."
},
{
"lang": "es",

4
CVE-2022/CVE-2022-312xx/CVE-2022-31217.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-31217",
"sourceIdentifier": "cybersecurity@ch.abb.com",
"published": "2022-06-15T19:15:11.420",
"lastModified": "2023-09-13T04:15:10.403",
"lastModified": "2024-09-17T00:15:46.000",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a \"repair\" operation on the product.\n\n"
"value": "Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a \"repair\" operation on the product."
},
{
"lang": "es",

4
CVE-2022/CVE-2022-324xx/CVE-2022-32455.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-32455",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2022-08-04T18:15:09.707",
"lastModified": "2023-11-07T03:47:48.817",
"lastModified": "2024-09-17T00:15:46.183",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n"
"value": "In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
},
{
"lang": "es",

4
CVE-2022/CVE-2022-362xx/CVE-2022-36296.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-36296",
"sourceIdentifier": "audit@patchstack.com",
"published": "2022-08-05T16:15:14.643",
"lastModified": "2023-11-07T03:49:35.523",
"lastModified": "2024-09-17T00:15:46.780",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin <= 0.2.27 at WordPress allows unauthenticated post update/create/delete.\n\n"
"value": "Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin <= 0.2.27 at WordPress allows unauthenticated post update/create/delete."
},
{
"lang": "es",

4
CVE-2022/CVE-2022-381xx/CVE-2022-38107.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-38107",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2022-10-19T22:15:12.247",
"lastModified": "2023-08-03T18:15:10.463",
"lastModified": "2024-09-17T00:15:47.020",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details.\n\n"
"value": "Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details."
},
{
"lang": "es",

6
CVE-2022/CVE-2022-409xx/CVE-2022-40981.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-40981",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2022-11-10T22:15:15.113",
"lastModified": "2023-12-28T19:14:27.900",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-17T00:15:47.360",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.\n\n"
"value": "All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device."
},
{
"lang": "es",

78
CVE-2023/CVE-2023-62xx/CVE-2023-6277.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6277",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-24T19:15:07.643",
"lastModified": "2024-07-30T02:15:04.343",
"lastModified": "2024-09-17T01:15:52.603",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -141,38 +141,6 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/16",
"source": "secalert@redhat.com"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/17",
"source": "secalert@redhat.com"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/18",
"source": "secalert@redhat.com"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/19",
"source": "secalert@redhat.com"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/20",
"source": "secalert@redhat.com"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/21",
"source": "secalert@redhat.com"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/22",
"source": "secalert@redhat.com"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/23",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6277",
"source": "secalert@redhat.com",
@ -206,50 +174,6 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJIN6DTSL3VODZUGWEUXLEL5DR53EZMV/",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7ZGN2MZXJ6E57W3L4YBM3ZPAU3T7T5C/",
"source": "secalert@redhat.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240119-0002/",
"source": "secalert@redhat.com"
},
{
"url": "https://support.apple.com/kb/HT214116",
"source": "secalert@redhat.com"
},
{
"url": "https://support.apple.com/kb/HT214117",
"source": "secalert@redhat.com"
},
{
"url": "https://support.apple.com/kb/HT214118",
"source": "secalert@redhat.com"
},
{
"url": "https://support.apple.com/kb/HT214119",
"source": "secalert@redhat.com"
},
{
"url": "https://support.apple.com/kb/HT214120",
"source": "secalert@redhat.com"
},
{
"url": "https://support.apple.com/kb/HT214122",
"source": "secalert@redhat.com"
},
{
"url": "https://support.apple.com/kb/HT214123",
"source": "secalert@redhat.com"
},
{
"url": "https://support.apple.com/kb/HT214124",
"source": "secalert@redhat.com"
}
]
}

21
CVE-2024/CVE-2024-232xx/CVE-2024-23237.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-23237",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:47.670",
"lastModified": "2024-09-17T00:15:47.670",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause a denial-of-service."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-277xx/CVE-2024-27795.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-27795",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:47.740",
"lastModified": "2024-09-17T00:15:47.740",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-278xx/CVE-2024-27858.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-27858",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:47.797",
"lastModified": "2024-09-17T00:15:47.797",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-278xx/CVE-2024-27860.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-27860",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:47.847",
"lastModified": "2024-09-17T00:15:47.847",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-278xx/CVE-2024-27861.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-27861",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:47.897",
"lastModified": "2024-09-17T00:15:47.897",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

25
CVE-2024/CVE-2024-278xx/CVE-2024-27869.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-27869",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:47.943",
"lastModified": "2024-09-17T00:15:47.943",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-278xx/CVE-2024-27874.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-27874",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:47.993",
"lastModified": "2024-09-17T00:15:47.993",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A remote attacker may be able to cause a denial-of-service."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-278xx/CVE-2024-27875.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-27875",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.063",
"lastModified": "2024-09-17T00:15:48.063",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15. Privacy Indicators for microphone or camera access may be attributed incorrectly."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

41
CVE-2024/CVE-2024-278xx/CVE-2024-27876.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2024-27876",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.127",
"lastModified": "2024-09-17T00:15:48.127",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121246",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121249",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

25
CVE-2024/CVE-2024-278xx/CVE-2024-27879.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-27879",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.190",
"lastModified": "2024-09-17T00:15:48.190",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. An attacker may be able to cause unexpected app termination."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121246",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

45
CVE-2024/CVE-2024-278xx/CVE-2024-27880.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-27880",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.250",
"lastModified": "2024-09-17T00:15:48.250",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing a maliciously crafted file may lead to unexpected app termination."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121240",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121246",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121248",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121249",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-407xx/CVE-2024-40770.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40770",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.310",
"lastModified": "2024-09-17T00:15:48.310",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-407xx/CVE-2024-40790.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40790",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.380",
"lastModified": "2024-09-17T00:15:48.380",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved handling of caches. This issue is fixed in visionOS 2. An app may be able to read sensitive data from the GPU memory."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121249",
"source": "product-security@apple.com"
}
]
}

37
CVE-2024/CVE-2024-407xx/CVE-2024-40791.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-40791",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.430",
"lastModified": "2024-09-17T00:15:48.430",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access information about a user's contacts."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121246",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

29
CVE-2024/CVE-2024-407xx/CVE-2024-40797.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-40797",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.490",
"lastModified": "2024-09-17T00:15:48.490",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Visiting a malicious website may lead to user interface spoofing."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

25
CVE-2024/CVE-2024-408xx/CVE-2024-40801.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-40801",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.547",
"lastModified": "2024-09-17T00:15:48.547",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

25
CVE-2024/CVE-2024-408xx/CVE-2024-40825.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-40825",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.597",
"lastModified": "2024-09-17T00:15:48.597",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A malicious app with root privileges may be able to modify the contents of system files."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121249",
"source": "product-security@apple.com"
}
]
}

25
CVE-2024/CVE-2024-408xx/CVE-2024-40826.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-40826",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.653",
"lastModified": "2024-09-17T00:15:48.653",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-408xx/CVE-2024-40830.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40830",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.700",
"lastModified": "2024-09-17T00:15:48.700",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to enumerate a user's installed apps."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-408xx/CVE-2024-40831.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40831",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.753",
"lastModified": "2024-09-17T00:15:48.753",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user's Photos Library."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-408xx/CVE-2024-40837.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40837",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.800",
"lastModified": "2024-09-17T00:15:48.800",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-408xx/CVE-2024-40838.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40838",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.853",
"lastModified": "2024-09-17T00:15:48.853",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user's device."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-408xx/CVE-2024-40840.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40840",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.907",
"lastModified": "2024-09-17T00:15:48.907",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to use Siri to access sensitive user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

25
CVE-2024/CVE-2024-408xx/CVE-2024-40841.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-40841",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:48.957",
"lastModified": "2024-09-17T00:15:48.957",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-408xx/CVE-2024-40842.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40842",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.013",
"lastModified": "2024-09-17T00:15:49.013",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-408xx/CVE-2024-40843.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40843",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.060",
"lastModified": "2024-09-17T00:15:49.060",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to modify protected parts of the file system."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

33
CVE-2024/CVE-2024-408xx/CVE-2024-40844.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-40844",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.130",
"lastModified": "2024-09-17T00:15:49.130",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to observe data displayed to the user by Shortcuts."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121246",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

25
CVE-2024/CVE-2024-408xx/CVE-2024-40845.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-40845",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.180",
"lastModified": "2024-09-17T00:15:49.180",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

25
CVE-2024/CVE-2024-408xx/CVE-2024-40846.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-40846",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.230",
"lastModified": "2024-09-17T00:15:49.230",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

29
CVE-2024/CVE-2024-408xx/CVE-2024-40847.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-40847",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.277",
"lastModified": "2024-09-17T00:15:49.277",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access sensitive user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

29
CVE-2024/CVE-2024-408xx/CVE-2024-40848.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-40848",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.330",
"lastModified": "2024-09-17T00:15:49.330",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An attacker may be able to read sensitive information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

49
CVE-2024/CVE-2024-408xx/CVE-2024-40850.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-40850",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.383",
"lastModified": "2024-09-17T00:15:49.383",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to access user-sensitive data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121240",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121246",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121248",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121249",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-408xx/CVE-2024-40852.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40852",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.440",
"lastModified": "2024-09-17T00:15:49.440",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

29
CVE-2024/CVE-2024-408xx/CVE-2024-40856.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-40856",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.490",
"lastModified": "2024-09-17T00:15:49.490",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, tvOS 18, macOS Sequoia 15. An attacker may be able to force a device to disconnect from a secure network."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121248",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

41
CVE-2024/CVE-2024-408xx/CVE-2024-40857.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2024-40857",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.537",
"lastModified": "2024-09-17T00:15:49.537",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121240",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121241",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121248",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121249",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-408xx/CVE-2024-40859.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40859",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.590",
"lastModified": "2024-09-17T00:15:49.590",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

25
CVE-2024/CVE-2024-408xx/CVE-2024-40860.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-40860",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.640",
"lastModified": "2024-09-17T00:15:49.640",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-408xx/CVE-2024-40861.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40861",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.690",
"lastModified": "2024-09-17T00:15:49.690",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-408xx/CVE-2024-40862.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40862",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.743",
"lastModified": "2024-09-17T00:15:49.743",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An attacker may be able to determine the Apple ID of the owner of the computer."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121239",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-408xx/CVE-2024-40863.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-40863",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.793",
"lastModified": "2024-09-17T00:15:49.793",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to leak sensitive user information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

25
CVE-2024/CVE-2024-408xx/CVE-2024-40866.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-40866",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.840",
"lastModified": "2024-09-17T00:15:49.840",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121241",
"source": "product-security@apple.com"
}
]
}

6
CVE-2024/CVE-2024-434xx/CVE-2024-43461.json
View File

@ -2,9 +2,13 @@
"id": "CVE-2024-43461",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-09-10T17:15:33.410",
"lastModified": "2024-09-10T17:43:14.410",
"lastModified": "2024-09-17T01:00:01.320",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2024-09-16",
"cisaActionDue": "2024-10-07",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows MSHTML Platform Spoofing Vulnerability",
"descriptions": [
{
"lang": "en",

21
CVE-2024/CVE-2024-441xx/CVE-2024-44124.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-44124",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.890",
"lastModified": "2024-09-17T00:15:49.890",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A malicious Bluetooth input device may bypass pairing."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

25
CVE-2024/CVE-2024-441xx/CVE-2024-44125.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-44125",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.940",
"lastModified": "2024-09-17T00:15:49.940",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to leak sensitive user information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

25
CVE-2024/CVE-2024-441xx/CVE-2024-44127.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-44127",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:49.990",
"lastModified": "2024-09-17T00:15:49.990",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121246",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

29
CVE-2024/CVE-2024-441xx/CVE-2024-44128.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-44128",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.040",
"lastModified": "2024-09-17T00:15:50.040",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An Automator Quick Action workflow may be able to bypass Gatekeeper."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

25
CVE-2024/CVE-2024-441xx/CVE-2024-44129.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-44129",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.090",
"lastModified": "2024-09-17T00:15:50.090",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15. An app may be able to leak sensitive user information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-441xx/CVE-2024-44130.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-44130",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.147",
"lastModified": "2024-09-17T00:15:50.147",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15. An app with root privileges may be able to access private information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

25
CVE-2024/CVE-2024-441xx/CVE-2024-44131.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-44131",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.200",
"lastModified": "2024-09-17T00:15:50.200",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-441xx/CVE-2024-44132.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-44132",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.250",
"lastModified": "2024-09-17T00:15:50.250",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-441xx/CVE-2024-44133.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-44133",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.300",
"lastModified": "2024-09-17T00:15:50.300",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. On MDM managed devices, an app may be able to bypass certain Privacy preferences."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-441xx/CVE-2024-44134.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-44134",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.350",
"lastModified": "2024-09-17T00:15:50.350",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

25
CVE-2024/CVE-2024-441xx/CVE-2024-44135.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-44135",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.393",
"lastModified": "2024-09-17T00:15:50.393",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected files within an App Sandbox container."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-441xx/CVE-2024-44139.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-44139",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.443",
"lastModified": "2024-09-17T00:15:50.443",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-441xx/CVE-2024-44146.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-44146",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.523",
"lastModified": "2024-09-17T00:15:50.523",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-441xx/CVE-2024-44147.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-44147",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.573",
"lastModified": "2024-09-17T00:15:50.573",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-441xx/CVE-2024-44148.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-44148",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.617",
"lastModified": "2024-09-17T00:15:50.617",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-441xx/CVE-2024-44149.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-44149",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.663",
"lastModified": "2024-09-17T00:15:50.663",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

29
CVE-2024/CVE-2024-441xx/CVE-2024-44151.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-44151",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.717",
"lastModified": "2024-09-17T00:15:50.717",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-441xx/CVE-2024-44152.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-44152",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.763",
"lastModified": "2024-09-17T00:15:50.763",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
}
]
}

25
CVE-2024/CVE-2024-441xx/CVE-2024-44153.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-44153",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.810",
"lastModified": "2024-09-17T00:15:50.810",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

25
CVE-2024/CVE-2024-441xx/CVE-2024-44154.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-44154",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.860",
"lastModified": "2024-09-17T00:15:50.860",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted file may lead to unexpected app termination."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

33
CVE-2024/CVE-2024-441xx/CVE-2024-44158.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-44158",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.910",
"lastModified": "2024-09-17T00:15:50.910",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A shortcut may output sensitive user data without consent."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121246",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

29
CVE-2024/CVE-2024-441xx/CVE-2024-44160.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-44160",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.963",
"lastModified": "2024-09-17T00:15:50.963",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

29
CVE-2024/CVE-2024-441xx/CVE-2024-44161.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-44161",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:51.010",
"lastModified": "2024-09-17T00:15:51.010",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

21
CVE-2024/CVE-2024-441xx/CVE-2024-44162.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-44162",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:51.060",
"lastModified": "2024-09-17T00:15:51.060",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to a user's Keychain items."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121239",
"source": "product-security@apple.com"
}
]
}

29
CVE-2024/CVE-2024-441xx/CVE-2024-44163.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-44163",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:51.107",
"lastModified": "2024-09-17T00:15:51.107",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to access private information."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

33
CVE-2024/CVE-2024-441xx/CVE-2024-44164.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-44164",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:51.157",
"lastModified": "2024-09-17T00:15:51.157",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to bypass Privacy preferences."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121246",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

41
CVE-2024/CVE-2024-441xx/CVE-2024-44165.json Normal file
View File

@ -0,0 +1,41 @@
{
"id": "CVE-2024-44165",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:51.207",
"lastModified": "2024-09-17T00:15:51.207",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Network traffic may leak outside a VPN tunnel."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121246",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121249",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

29
CVE-2024/CVE-2024-441xx/CVE-2024-44166.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-44166",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:51.260",
"lastModified": "2024-09-17T00:15:51.260",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

37
CVE-2024/CVE-2024-441xx/CVE-2024-44167.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-44167",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:51.310",
"lastModified": "2024-09-17T00:15:51.310",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to overwrite arbitrary files."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121249",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

29
CVE-2024/CVE-2024-441xx/CVE-2024-44168.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-44168",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:51.367",
"lastModified": "2024-09-17T00:15:51.367",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
}
]
}

49
CVE-2024/CVE-2024-441xx/CVE-2024-44169.json Normal file
View File

@ -0,0 +1,49 @@
{
"id": "CVE-2024-44169",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:51.410",
"lastModified": "2024-09-17T00:15:51.410",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121234",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121240",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121246",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121247",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121248",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121249",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

29
CVE-2024/CVE-2024-441xx/CVE-2024-44170.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-44170",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:51.463",
"lastModified": "2024-09-17T00:15:51.463",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, macOS Sequoia 15. An app may be able to access user-sensitive data."
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121240",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
}
]
}

Some files were not shown because too many files have changed in this diff Show More