Action not permitted
Modal body text goes here.
Modal Title
Modal Body
Vulnerability from csaf_ncscnl
Published
2024-09-26 08:48
Modified
2024-09-26 08:48
Summary
Kwetsbaarheden verholpen in Apple MacOS
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Apple heeft kwetsbaarheden verholpen in MacOS
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van beveiligingsmaatregel
- Toegang tot gevoelige gegevens
- Toegang tot systeemgegevens
Voor succesvol misbruik moet de kwaadwillende lokale toegang hebben, het slachtoffer misleiden een malafide app te downloaden en installeren, of een malafide bestand te openen of link te volgen.
Oplossingen
Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen in MacOS 13.7, 14.7 en 15. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-208
Observable Timing Discrepancy
CWE-942
Permissive Cross-domain Policy with Untrusted Domains
CWE-415
Double Free
CWE-265
CWE-265
CWE-203
Observable Discrepancy
CWE-190
Integer Overflow or Wraparound
CWE-61
UNIX Symbolic Link (Symlink) Following
CWE-285
Improper Authorization
CWE-404
Improper Resource Shutdown or Release
CWE-275
CWE-275
CWE-284
Improper Access Control
CWE-377
Insecure Temporary File
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Apple heeft kwetsbaarheden verholpen in MacOS", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van beveiligingsmaatregel\n- Toegang tot gevoelige gegevens\n- Toegang tot systeemgegevens\n\n\nVoor succesvol misbruik moet de kwaadwillende lokale toegang hebben, het slachtoffer misleiden een malafide app te downloaden en installeren, of een malafide bestand te openen of link te volgen.", title: "Interpretaties", }, { category: "description", text: "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen in MacOS 13.7, 14.7 en 15. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Observable Timing Discrepancy", title: "CWE-208", }, { category: "general", text: "Permissive Cross-domain Policy with Untrusted Domains", title: "CWE-942", }, { category: "general", text: "Double Free", title: "CWE-415", }, { category: "general", text: "CWE-265", title: "CWE-265", }, { category: "general", text: "Observable Discrepancy", title: "CWE-203", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, { category: "general", text: "Improper Authorization", title: "CWE-285", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "CWE-275", title: "CWE-275", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Insecure Temporary File", title: "CWE-377", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - certbundde; cveprojectv5; hkcert; nvd", url: "https://support.apple.com/en-us/121247", }, { category: "external", summary: "Reference - certbundde; cveprojectv5; hkcert; nvd", url: "https://support.apple.com/en-us/121234", }, { category: "external", summary: "Reference - certbundde; cveprojectv5; hkcert; nvd", url: "https://support.apple.com/en-us/121238", }, ], title: "Kwetsbaarheden verholpen in Apple MacOS", tracking: { current_release_date: "2024-09-26T08:48:34.451990Z", id: "NCSC-2024-0381", initial_release_date: "2024-09-26T08:48:34.451990Z", revision_history: [ { date: "2024-09-26T08:48:34.451990Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "macos_sequoia__15", product: { name: "macos_sequoia__15", product_id: "CSAFPID-1644309", product_identification_helper: { cpe: "cpe:2.3:a:apple:macos_sequoia__15:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "macos_sonoma__14.7", product: { name: "macos_sonoma__14.7", product_id: "CSAFPID-1644310", product_identification_helper: { cpe: "cpe:2.3:a:apple:macos_sonoma__14.7:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "macos_ventura__13.7", product: { name: "macos_ventura__13.7", product_id: "CSAFPID-1644311", product_identification_helper: { cpe: "cpe:2.3:a:apple:macos_ventura__13.7:*:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "apple", }, ], }, vulnerabilities: [ { cve: "CVE-2024-44154", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44154", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44154.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44154", }, { cve: "CVE-2024-44158", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44158", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44158.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44158", }, { cve: "CVE-2024-44160", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44160", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44160.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44160", }, { cve: "CVE-2024-44161", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44161", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44161.json", }, ], title: "CVE-2024-44161", }, { cve: "CVE-2024-44163", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44163", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44163.json", }, ], title: "CVE-2024-44163", }, { cve: "CVE-2024-44164", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44164", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44164.json", }, ], title: "CVE-2024-44164", }, { cve: "CVE-2024-44165", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44165", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44165.json", }, ], title: "CVE-2024-44165", }, { cve: "CVE-2024-44166", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44166", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44166.json", }, ], title: "CVE-2024-44166", }, { cve: "CVE-2024-44167", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44167", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44167.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44167", }, { cve: "CVE-2024-44168", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44168", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44168.json", }, ], title: "CVE-2024-44168", }, { cve: "CVE-2024-44169", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44169", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44169.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44169", }, { cve: "CVE-2024-44170", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44170", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44170.json", }, ], title: "CVE-2024-44170", }, { cve: "CVE-2024-44176", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44176", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44176.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44176", }, { cve: "CVE-2024-44177", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44177", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44177.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44177", }, { cve: "CVE-2024-44178", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44178", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44178.json", }, ], title: "CVE-2024-44178", }, { cve: "CVE-2024-44181", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, notes: [ { category: "other", text: "Insecure Temporary File", title: "CWE-377", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44181", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44181.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44181", }, { cve: "CVE-2024-44182", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44182", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44182.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44182", }, { cve: "CVE-2024-44183", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44183", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44183.json", }, ], title: "CVE-2024-44183", }, { cve: "CVE-2024-44184", cwe: { id: "CWE-275", name: "-", }, notes: [ { category: "other", text: "CWE-275", title: "CWE-275", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44184", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44184.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44184", }, { cve: "CVE-2024-44186", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44186", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44186.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44186", }, { cve: "CVE-2024-44187", cwe: { id: "CWE-942", name: "Permissive Cross-domain Policy with Untrusted Domains", }, notes: [ { category: "other", text: "Permissive Cross-domain Policy with Untrusted Domains", title: "CWE-942", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44187", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44187.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44187", }, { cve: "CVE-2024-44188", cwe: { id: "CWE-275", name: "-", }, notes: [ { category: "other", text: "CWE-275", title: "CWE-275", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44188", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44188.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44188", }, { cve: "CVE-2024-44189", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44189", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44189.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44189", }, { cve: "CVE-2024-44190", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44190", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44190.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44190", }, { cve: "CVE-2024-44191", cwe: { id: "CWE-285", name: "Improper Authorization", }, notes: [ { category: "other", text: "Improper Authorization", title: "CWE-285", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44191", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44191.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44191", }, { cve: "CVE-2024-44198", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44198", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44198.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44198", }, { cve: "CVE-2023-4504", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2023-4504", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4504.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2023-4504", }, { cve: "CVE-2023-5841", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2023-5841", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5841.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2023-5841", }, { cve: "CVE-2024-23237", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-23237", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23237.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-23237", }, { cve: "CVE-2024-27795", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-27795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27795.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-27795", }, { cve: "CVE-2024-27858", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-27858", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27858.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-27858", }, { cve: "CVE-2024-27860", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-27860", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27860.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-27860", }, { cve: "CVE-2024-27861", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-27861", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27861.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-27861", }, { cve: "CVE-2024-27869", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-27869", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27869.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-27869", }, { cve: "CVE-2024-27875", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-27875", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27875.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-27875", }, { cve: "CVE-2024-27876", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-27876", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27876.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-27876", }, { cve: "CVE-2024-27880", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-27880", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27880.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-27880", }, { cve: "CVE-2024-27886", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-27886", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27886.json", }, ], title: "CVE-2024-27886", }, { cve: "CVE-2024-39894", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, notes: [ { category: "other", text: "Observable Timing Discrepancy", title: "CWE-208", }, { category: "other", text: "Observable Discrepancy", title: "CWE-203", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-39894", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39894.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-39894", }, { cve: "CVE-2024-40770", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40770", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40770.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40770", }, { cve: "CVE-2024-40791", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40791", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40791.json", }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40791", }, { cve: "CVE-2024-40797", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40797", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40797.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40797", }, { cve: "CVE-2024-40801", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40801", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40801.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40801", }, { cve: "CVE-2024-40814", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40814", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40814.json", }, ], title: "CVE-2024-40814", }, { cve: "CVE-2024-40825", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40825", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40825.json", }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40825", }, { cve: "CVE-2024-40826", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40826", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40826.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40826", }, { cve: "CVE-2024-40831", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40831", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40831.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40831", }, { cve: "CVE-2024-40837", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40837", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40837.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40837", }, { cve: "CVE-2024-40838", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40838", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40838.json", }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40838", }, { cve: "CVE-2024-40841", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40841", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40841.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40841", }, { cve: "CVE-2024-40842", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40842", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40842.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40842", }, { cve: "CVE-2024-40843", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40843", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40843.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40843", }, { cve: "CVE-2024-40844", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40844", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40844.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40844", }, { cve: "CVE-2024-40845", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40845", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40845.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40845", }, { cve: "CVE-2024-40846", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40846", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40846.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40846", }, { cve: "CVE-2024-40847", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40847", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40847.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40847", }, { cve: "CVE-2024-40848", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40848", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40848.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40848", }, { cve: "CVE-2024-40850", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40850", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40850.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40850", }, { cve: "CVE-2024-40856", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40856", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40856.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40856", }, { cve: "CVE-2024-40857", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40857", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40857.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40857", }, { cve: "CVE-2024-40859", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40859", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40859.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40859", }, { cve: "CVE-2024-40860", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40860", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40860.json", }, ], title: "CVE-2024-40860", }, { cve: "CVE-2024-40861", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40861", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40861.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40861", }, { cve: "CVE-2024-40866", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-40866", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40866.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-40866", }, { cve: "CVE-2024-41957", cwe: { id: "CWE-415", name: "Double Free", }, notes: [ { category: "other", text: "Double Free", title: "CWE-415", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-41957", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41957.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-41957", }, { cve: "CVE-2024-44125", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44125", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44125.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44125", }, { cve: "CVE-2024-44128", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44128", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44128.json", }, ], title: "CVE-2024-44128", }, { cve: "CVE-2024-44129", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44129", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44129.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44129", }, { cve: "CVE-2024-44130", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44130", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44130.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44130", }, { cve: "CVE-2024-44131", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44131", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44131.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44131", }, { cve: "CVE-2024-44132", cwe: { id: "CWE-61", name: "UNIX Symbolic Link (Symlink) Following", }, notes: [ { category: "other", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44132", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44132.json", }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44132", }, { cve: "CVE-2024-44133", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44133.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44133", }, { cve: "CVE-2024-44134", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44134", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44134.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44134", }, { cve: "CVE-2024-44135", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44135", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44135.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44135", }, { cve: "CVE-2024-44146", cwe: { id: "CWE-265", name: "-", }, notes: [ { category: "other", text: "CWE-265", title: "CWE-265", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44146", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44146.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44146", }, { cve: "CVE-2024-44148", cwe: { id: "CWE-265", name: "-", }, notes: [ { category: "other", text: "CWE-265", title: "CWE-265", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44148", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44148.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44148", }, { cve: "CVE-2024-44149", cwe: { id: "CWE-275", name: "-", }, notes: [ { category: "other", text: "CWE-275", title: "CWE-275", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44149", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44149.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44149", }, { cve: "CVE-2024-44151", product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44151", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44151.json", }, ], title: "CVE-2024-44151", }, { cve: "CVE-2024-44152", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44152", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44152.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44152", }, { cve: "CVE-2024-44153", cwe: { id: "CWE-275", name: "-", }, notes: [ { category: "other", text: "CWE-275", title: "CWE-275", }, ], product_status: { known_affected: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, references: [ { category: "self", summary: "CVE-2024-44153", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44153.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1644309", "CSAFPID-1644310", "CSAFPID-1644311", ], }, ], title: "CVE-2024-44153", }, ], }
cve-2024-44154
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-18 18:58
Severity ?
EPSS score ?
Summary
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted file may lead to unexpected app termination.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44154", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T14:38:23.993434Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T18:58:50.532Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted file may lead to unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted file may lead to unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:52.765Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44154", datePublished: "2024-09-16T23:22:52.765Z", dateReserved: "2024-08-20T21:42:05.923Z", dateUpdated: "2025-03-18T18:58:50.532Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44125
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:24
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to leak sensitive user information.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44125", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T19:23:52.789561Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T19:24:07.150Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to leak sensitive user information.", }, ], problemTypes: [ { descriptions: [ { description: "A malicious application may be able to leak sensitive user information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:12.769Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44125", datePublished: "2024-09-16T23:23:12.769Z", dateReserved: "2024-08-20T21:42:05.918Z", dateUpdated: "2024-09-17T19:24:07.150Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40866
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 17:55
Severity ?
EPSS score ?
Summary
The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40866", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-18T17:55:34.103087Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-18T17:55:45.998Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.", }, ], problemTypes: [ { descriptions: [ { description: "Visiting a malicious website may lead to address bar spoofing", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:28.243Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121241", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40866", datePublished: "2024-09-16T23:22:28.243Z", dateReserved: "2024-07-10T17:11:04.716Z", dateUpdated: "2024-09-18T17:55:45.998Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44128
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2025-03-18 17:57
Severity ?
EPSS score ?
Summary
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An Automator Quick Action workflow may be able to bypass Gatekeeper.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44128", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T13:38:56.591159Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-841", description: "CWE-841 Improper Enforcement of Behavioral Workflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T17:57:41.584Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An Automator Quick Action workflow may be able to bypass Gatekeeper.", }, ], problemTypes: [ { descriptions: [ { description: "An Automator Quick Action workflow may be able to bypass Gatekeeper", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:19.791Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44128", datePublished: "2024-09-16T23:23:19.791Z", dateReserved: "2024-08-20T21:42:05.918Z", dateUpdated: "2025-03-18T17:57:41.584Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27875
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 20:32
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15. Privacy Indicators for microphone or camera access may be attributed incorrectly.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-27875", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T20:32:24.702883Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T20:32:35.497Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15. Privacy Indicators for microphone or camera access may be attributed incorrectly.", }, ], problemTypes: [ { descriptions: [ { description: "Privacy Indicators for microphone or camera access may be attributed incorrectly", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:39.961Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27875", datePublished: "2024-09-16T23:22:39.961Z", dateReserved: "2024-02-26T15:32:28.543Z", dateUpdated: "2024-09-17T20:32:35.497Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40825
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:14
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A malicious app with root privileges may be able to modify the contents of system files.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "15", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "2", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40825", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T18:54:09.983367Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-17T19:14:31.546Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A malicious app with root privileges may be able to modify the contents of system files.", }, ], problemTypes: [ { descriptions: [ { description: "A malicious app with root privileges may be able to modify the contents of system files", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:26.697Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121249", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40825", datePublished: "2024-09-16T23:23:26.697Z", dateReserved: "2024-07-10T17:11:04.698Z", dateUpdated: "2024-09-17T19:14:31.546Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40860
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 20:28
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40860", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T20:28:45.911518Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T20:28:54.579Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to modify protected parts of the file system", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:41.618Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40860", datePublished: "2024-09-16T23:22:41.618Z", dateReserved: "2024-07-10T17:11:04.714Z", dateUpdated: "2024-09-17T20:28:54.579Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44164
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:26
Severity ?
EPSS score ?
Summary
This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to bypass Privacy preferences.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44164", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T19:26:01.486391Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T19:26:12.381Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to bypass Privacy preferences.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to bypass Privacy preferences", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:10.979Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44164", datePublished: "2024-09-16T23:23:10.979Z", dateReserved: "2024-08-20T21:42:05.925Z", dateUpdated: "2024-09-17T19:26:12.381Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40831
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-18 14:24
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user's Photos Library.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40831", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T15:14:23.966477Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-281", description: "CWE-281 Improper Preservation of Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T14:24:49.165Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user's Photos Library.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access a user's Photos Library", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:30.195Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40831", datePublished: "2024-09-16T23:22:30.195Z", dateReserved: "2024-07-10T17:11:04.699Z", dateUpdated: "2025-03-18T14:24:49.165Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40845
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2025-03-14 16:26
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40845", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T13:53:49.354149Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-14T16:26:53.161Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted video file may lead to unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:13.612Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40845", datePublished: "2024-09-16T23:23:13.612Z", dateReserved: "2024-07-10T17:11:04.708Z", dateUpdated: "2025-03-14T16:26:53.161Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44184
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-14 16:28
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 13.7 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44184", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T20:49:15.868250Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-14T16:28:40.292Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:22.803Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44184", datePublished: "2024-09-16T23:22:22.803Z", dateReserved: "2024-08-20T21:42:05.928Z", dateUpdated: "2025-03-14T16:28:40.292Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44186
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2025-03-18 18:22
Severity ?
EPSS score ?
Summary
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44186", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T13:26:34.835362Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T18:22:39.521Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access protected user data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:21.473Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44186", datePublished: "2024-09-16T23:23:21.473Z", dateReserved: "2024-08-20T21:42:05.933Z", dateUpdated: "2025-03-18T18:22:39.521Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44135
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2025-03-19 18:17
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected files within an App Sandbox container.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44135", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T14:21:14.867321Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-276", description: "CWE-276 Incorrect Default Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-19T18:17:02.644Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected files within an App Sandbox container.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access protected files within an App Sandbox container", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:03.101Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44135", datePublished: "2024-09-16T23:23:03.101Z", dateReserved: "2024-08-20T21:42:05.919Z", dateUpdated: "2025-03-19T18:17:02.644Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40826
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 18:06
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 15 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40826", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-18T18:06:38.469712Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-18T18:06:47.727Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview.", }, ], problemTypes: [ { descriptions: [ { description: "An unencrypted document may be written to a temporary file when using print preview", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:12.703Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121250", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40826", datePublished: "2024-09-16T23:22:12.703Z", dateReserved: "2024-07-10T17:11:04.699Z", dateUpdated: "2024-09-18T18:06:47.727Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40770
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 14:28
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40770", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T14:28:39.415226Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T14:28:53.781Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings.", }, ], problemTypes: [ { descriptions: [ { description: "A non-privileged user may be able to modify restricted network settings", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:57.231Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40770", datePublished: "2024-09-16T23:22:57.231Z", dateReserved: "2024-07-10T17:11:04.686Z", dateUpdated: "2024-09-17T14:28:53.781Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40842
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2025-03-18 19:58
Severity ?
EPSS score ?
Summary
An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40842", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T13:57:21.078486Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T19:58:04.225Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:09.223Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40842", datePublished: "2024-09-16T23:23:09.223Z", dateReserved: "2024-07-10T17:11:04.707Z", dateUpdated: "2025-03-18T19:58:04.225Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27880
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 19:54
Severity ?
EPSS score ?
Summary
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing a maliciously crafted file may lead to unexpected app termination.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 15 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-27880", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T19:53:49.898183Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T19:54:01.521Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing a maliciously crafted file may lead to unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted file may lead to unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:47.649Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, { url: "https://support.apple.com/en-us/121240", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27880", datePublished: "2024-09-16T23:22:47.649Z", dateReserved: "2024-02-26T15:32:28.543Z", dateUpdated: "2024-09-17T19:54:01.521Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44129
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2025-03-18 17:47
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15. An app may be able to leak sensitive user information.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44129", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T13:42:43.016287Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T17:47:11.017Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15. An app may be able to leak sensitive user information.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to leak sensitive user information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:17.086Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44129", datePublished: "2024-09-16T23:23:17.086Z", dateReserved: "2024-08-20T21:42:05.919Z", dateUpdated: "2025-03-18T17:47:11.017Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44131
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 13:51
Severity ?
EPSS score ?
Summary
This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 15 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44131", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-18T13:50:56.563856Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-18T13:51:04.651Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access sensitive user data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:09.818Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121250", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44131", datePublished: "2024-09-16T23:22:09.818Z", dateReserved: "2024-08-20T21:42:05.919Z", dateUpdated: "2024-09-18T13:51:04.651Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27876
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:39
Severity ?
EPSS score ?
Summary
A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "13.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "14.7", status: "affected", version: "14", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.7", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.7", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27876", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T19:29:37.670174Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-17T19:39:13.222Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.", }, ], problemTypes: [ { descriptions: [ { description: "Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:00.127Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27876", datePublished: "2024-09-16T23:23:00.127Z", dateReserved: "2024-02-26T15:32:28.543Z", dateUpdated: "2024-09-17T19:39:13.222Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44166
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 13:52
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44166", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-18T13:52:00.983086Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-18T13:52:08.811Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:13.668Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44166", datePublished: "2024-09-16T23:22:13.668Z", dateReserved: "2024-08-20T21:42:05.925Z", dateUpdated: "2024-09-18T13:52:08.811Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40844
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:17
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to observe data displayed to the user by Shortcuts.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40844", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T19:17:11.236620Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T19:17:19.509Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to observe data displayed to the user by Shortcuts.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to observe data displayed to the user by Shortcuts", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:23.996Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40844", datePublished: "2024-09-16T23:23:23.996Z", dateReserved: "2024-07-10T17:11:04.708Z", dateUpdated: "2024-09-17T19:17:19.509Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23237
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 13:51
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause a denial-of-service.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-23237", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-18T13:51:18.642644Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-18T13:51:25.711Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause a denial-of-service.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to cause a denial-of-service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:10.750Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23237", datePublished: "2024-09-16T23:22:10.750Z", dateReserved: "2024-01-12T22:22:21.480Z", dateUpdated: "2024-09-18T13:51:25.711Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40848
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 18:50
Severity ?
EPSS score ?
Summary
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An attacker may be able to read sensitive information.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40848", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T18:50:22.335632Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T18:50:31.886Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An attacker may be able to read sensitive information.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker may be able to read sensitive information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:29.232Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40848", datePublished: "2024-09-16T23:23:29.232Z", dateReserved: "2024-07-10T17:11:04.709Z", dateUpdated: "2024-09-17T18:50:31.886Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39894
Vulnerability from cvelistv5
Published
2024-07-02 00:00
Modified
2025-01-29 22:04
Severity ?
EPSS score ?
Summary
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:openbsd:openssh:9.5:-:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "openssh", vendor: "openbsd", versions: [ { lessThanOrEqual: "9.7", status: "affected", version: "9.5", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-39894", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-03T13:15:38.073610Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-367", description: "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-03T13:15:54.538Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-01-29T22:04:16.776Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-25:01.openssh.asc", }, { tags: [ "x_transferred", ], url: "https://www.openssh.com/txt/release-9.8", }, { tags: [ "x_transferred", ], url: "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2024/07/02/1", }, { name: "[oss-security] 20240703 Re: Announce: OpenSSH 9.8 released", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/03/6", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240712-0004/", }, { name: "[oss-security] 20240723 Re: linux-distros application for CentOS Project's Hyperscale SIG", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/23/4", }, { name: "[oss-security] 20240723 Re: linux-distros application for CentOS Project's Hyperscale SIG", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/23/6", }, { name: "[oss-security] 20240728 Re: Announce: OpenSSH 9.8 released", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/28/3", }, ], title: "CVE Program Container", x_generator: { engine: "ADPogram 0.0.1", }, }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-11T15:12:12.186Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.openssh.com/txt/release-9.8", }, { url: "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html", }, { url: "https://www.openwall.com/lists/oss-security/2024/07/02/1", }, { name: "[oss-security] 20240703 Re: Announce: OpenSSH 9.8 released", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/07/03/6", }, { url: "https://security.netapp.com/advisory/ntap-20240712-0004/", }, { name: "[oss-security] 20240723 Re: linux-distros application for CentOS Project's Hyperscale SIG", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/07/23/4", }, { name: "[oss-security] 20240723 Re: linux-distros application for CentOS Project's Hyperscale SIG", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/07/23/6", }, { name: "[oss-security] 20240728 Re: Announce: OpenSSH 9.8 released", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/07/28/3", }, { url: "https://crzphil.github.io/posts/ssh-obfuscation-bypass/", }, { url: "https://news.ycombinator.com/item?id=41508530", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-39894", datePublished: "2024-07-02T00:00:00.000Z", dateReserved: "2024-07-02T00:00:00.000Z", dateUpdated: "2025-01-29T22:04:16.776Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44183
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 15:13
Severity ?
EPSS score ?
Summary
A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause a denial-of-service.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 13.7 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44183", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T15:13:08.762169Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T15:13:21.788Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause a denial-of-service.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to cause a denial-of-service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:31.160Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, { url: "https://support.apple.com/en-us/121240", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44183", datePublished: "2024-09-16T23:22:31.160Z", dateReserved: "2024-08-20T21:42:05.928Z", dateUpdated: "2024-09-17T15:13:21.788Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44161
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 19:56
Severity ?
EPSS score ?
Summary
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44161", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T19:56:12.823759Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T19:56:22.733Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted texture may lead to unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:40.785Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44161", datePublished: "2024-09-16T23:22:40.785Z", dateReserved: "2024-08-20T21:42:05.924Z", dateUpdated: "2024-09-17T19:56:22.733Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44148
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2025-03-14 16:24
Severity ?
EPSS score ?
Summary
This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44148", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T13:55:39.642252Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-14T16:24:46.502Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to break out of its sandbox", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:10.031Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44148", datePublished: "2024-09-16T23:23:10.031Z", dateReserved: "2024-08-20T21:42:05.921Z", dateUpdated: "2025-03-14T16:24:46.502Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44198
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 20:25
Severity ?
EPSS score ?
Summary
An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44198", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T20:25:22.202640Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T20:25:33.991Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to an unexpected process crash", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:42.495Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121240", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44198", datePublished: "2024-09-16T23:22:42.495Z", dateReserved: "2024-08-20T21:42:05.936Z", dateUpdated: "2024-09-17T20:25:33.991Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40801
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 19:52
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected user data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40801", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T19:52:14.758178Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T19:52:38.942Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected user data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access protected user data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:48.535Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40801", datePublished: "2024-09-16T23:22:48.535Z", dateReserved: "2024-07-10T17:11:04.692Z", dateUpdated: "2024-09-17T19:52:38.942Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44191
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:19
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. An app may gain unauthorized access to Bluetooth.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | Xcode |
Version: unspecified < 16 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44191", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T19:19:41.075670Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T19:19:49.259Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Xcode", vendor: "Apple", versions: [ { lessThan: "16", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. An app may gain unauthorized access to Bluetooth.", }, ], problemTypes: [ { descriptions: [ { description: "An app may gain unauthorized access to Bluetooth", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:17.982Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121239", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121240", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44191", datePublished: "2024-09-16T23:23:17.982Z", dateReserved: "2024-08-20T21:42:05.934Z", dateUpdated: "2024-09-17T19:19:49.259Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44176
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-18 19:46
Severity ?
EPSS score ?
Summary
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing an image may lead to a denial-of-service.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 13.7 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44176", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T15:02:07.414858Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T19:46:10.152Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing an image may lead to a denial-of-service.", }, ], problemTypes: [ { descriptions: [ { description: "Processing an image may lead to a denial-of-service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:34.847Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, { url: "https://support.apple.com/en-us/121240", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44176", datePublished: "2024-09-16T23:22:34.847Z", dateReserved: "2024-08-20T21:42:05.927Z", dateUpdated: "2025-03-18T19:46:10.152Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27795
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-13 20:07
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27795", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T20:47:34.206584Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-13T20:07:39.624Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet.", }, ], problemTypes: [ { descriptions: [ { description: "A camera extension may be able to access the internet", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:23.747Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27795", datePublished: "2024-09-16T23:22:23.747Z", dateReserved: "2024-02-26T15:32:28.515Z", dateUpdated: "2025-03-13T20:07:39.624Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44134
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2025-03-13 20:36
Severity ?
EPSS score ?
Summary
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44134", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T14:07:44.621398Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T20:36:47.437Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to read sensitive location information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:05.839Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44134", datePublished: "2024-09-16T23:23:05.839Z", dateReserved: "2024-08-20T21:42:05.919Z", dateUpdated: "2025-03-13T20:36:47.437Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44163
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2025-03-18 20:36
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to access private information.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44163", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T14:02:45.914822Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T20:36:34.266Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to access private information.", }, ], problemTypes: [ { descriptions: [ { description: "A malicious application may be able to access private information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:06.694Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44163", datePublished: "2024-09-16T23:23:06.694Z", dateReserved: "2024-08-20T21:42:05.925Z", dateUpdated: "2025-03-18T20:36:34.266Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40837
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 19:58
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40837", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T19:58:11.525229Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T19:58:20.834Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access protected user data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:44.799Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40837", datePublished: "2024-09-16T23:22:44.799Z", dateReserved: "2024-07-10T17:11:04.706Z", dateUpdated: "2024-09-17T19:58:20.834Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44149
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 18:51
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44149", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T18:51:37.062872Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T18:51:44.917Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access protected user data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:28.377Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44149", datePublished: "2024-09-16T23:23:28.377Z", dateReserved: "2024-08-20T21:42:05.921Z", dateUpdated: "2024-09-17T18:51:44.917Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44167
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 20:44
Severity ?
EPSS score ?
Summary
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to overwrite arbitrary files.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:mercurycom:mac1200r_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mac1200r_firmware", vendor: "mercurycom", versions: [ { lessThan: "13.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "14.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "15", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios_and_ipados", vendor: "apple", versions: [ { lessThan: "18", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44167", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T20:38:38.923198Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-17T20:44:32.357Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to overwrite arbitrary files.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to overwrite arbitrary files", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:25.822Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44167", datePublished: "2024-09-16T23:22:25.822Z", dateReserved: "2024-08-20T21:42:05.925Z", dateUpdated: "2024-09-17T20:44:32.357Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44189
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 18:07
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. A logic issue existed where a process may be able to capture screen contents without user consent.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44189", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-18T18:07:37.845271Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-18T18:07:47.866Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. A logic issue existed where a process may be able to capture screen contents without user consent.", }, ], problemTypes: [ { descriptions: [ { description: "A logic issue existed where a process may be able to capture screen contents without user consent", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:11.673Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44189", datePublished: "2024-09-16T23:22:11.673Z", dateReserved: "2024-08-20T21:42:05.933Z", dateUpdated: "2024-09-18T18:07:47.866Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44182
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-17 15:20
Severity ?
EPSS score ?
Summary
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access sensitive data logged when a shortcut fails to launch another app.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44182", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T14:44:14.260327Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-17T15:20:13.339Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access sensitive data logged when a shortcut fails to launch another app.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access sensitive data logged when a shortcut fails to launch another app", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:51.058Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44182", datePublished: "2024-09-16T23:22:51.058Z", dateReserved: "2024-08-20T21:42:05.928Z", dateUpdated: "2025-03-17T15:20:13.339Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40857
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-18 18:46
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40857", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T15:11:25.286465Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T18:46:29.545Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may lead to universal cross site scripting", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:32.092Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121240", }, { url: "https://support.apple.com/en-us/121241", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40857", datePublished: "2024-09-16T23:22:32.092Z", dateReserved: "2024-07-10T17:11:04.711Z", dateUpdated: "2025-03-18T18:46:29.545Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44130
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 13:53
Severity ?
EPSS score ?
Summary
This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15. An app with root privileges may be able to access private information.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44130", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-18T13:53:05.169726Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-18T13:53:36.884Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15. An app with root privileges may be able to access private information.", }, ], problemTypes: [ { descriptions: [ { description: "An app with root privileges may be able to access private information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:26.983Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44130", datePublished: "2024-09-16T23:22:26.983Z", dateReserved: "2024-08-20T21:42:05.919Z", dateUpdated: "2024-09-18T13:53:36.884Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44169
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 13:37
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 13.7 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "13.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "14.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "15", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios_and_ipados", vendor: "apple", versions: [ { lessThan: "17.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "18", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "18", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watch_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watch_os", vendor: "apple", versions: [ { lessThan: "11", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44169", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T13:30:00.573003Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-17T13:37:50.374Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to cause unexpected system termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:20.604Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, { url: "https://support.apple.com/en-us/121240", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44169", datePublished: "2024-09-16T23:23:20.604Z", dateReserved: "2024-08-20T21:42:05.926Z", dateUpdated: "2024-09-17T13:37:50.374Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44168
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 13:49
Severity ?
EPSS score ?
Summary
A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44168", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T13:48:59.322010Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T13:49:11.656Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to modify protected parts of the file system", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:15.311Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44168", datePublished: "2024-09-16T23:23:15.311Z", dateReserved: "2024-08-20T21:42:05.925Z", dateUpdated: "2024-09-17T13:49:11.656Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44146
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 17:58
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44146", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-18T17:57:56.615608Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-18T17:58:06.229Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to break out of its sandbox", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:15.412Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44146", datePublished: "2024-09-16T23:22:15.412Z", dateReserved: "2024-08-20T21:42:05.921Z", dateUpdated: "2024-09-18T17:58:06.229Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44190
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2025-03-17 15:14
Severity ?
EPSS score ?
Summary
A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read arbitrary files.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44190", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T13:41:20.315903Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-17T15:14:45.956Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read arbitrary files.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to read arbitrary files", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:18.930Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44190", datePublished: "2024-09-16T23:23:18.930Z", dateReserved: "2024-08-20T21:42:05.934Z", dateUpdated: "2025-03-17T15:14:45.956Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44170
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 13:49
Severity ?
EPSS score ?
Summary
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, macOS Sequoia 15. An app may be able to access user-sensitive data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44170", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-18T13:49:21.385885Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-18T13:49:32.557Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, macOS Sequoia 15. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:06.931Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121240", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44170", datePublished: "2024-09-16T23:22:06.931Z", dateReserved: "2024-08-20T21:42:05.926Z", dateUpdated: "2024-09-18T13:49:32.557Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44187
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2025-03-14 15:25
Severity ?
EPSS score ?
Summary
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44187", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T13:44:18.458972Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-346", description: "CWE-346 Origin Validation Error", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-14T15:25:26.428Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.", }, ], problemTypes: [ { descriptions: [ { description: "A malicious website may exfiltrate data cross-origin", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:16.230Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121240", }, { url: "https://support.apple.com/en-us/121241", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44187", datePublished: "2024-09-16T23:23:16.230Z", dateReserved: "2024-08-20T21:42:05.933Z", dateUpdated: "2025-03-14T15:25:26.428Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40841
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 15:10
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "15", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40841", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T15:07:41.570881Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-17T15:10:28.887Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted video file may lead to unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:32.912Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40841", datePublished: "2024-09-16T23:22:32.912Z", dateReserved: "2024-07-10T17:11:04.707Z", dateUpdated: "2024-09-17T15:10:28.887Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40850
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 15:19
Severity ?
EPSS score ?
Summary
A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to access user-sensitive data.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 13.7 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40850", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T15:19:00.806930Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T15:19:27.231Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "11", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:21.900Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, { url: "https://support.apple.com/en-us/121240", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40850", datePublished: "2024-09-16T23:22:21.900Z", dateReserved: "2024-07-10T17:11:04.710Z", dateUpdated: "2024-09-17T15:19:27.231Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40861
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 14:59
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "15", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40861", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T14:55:58.406580Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-17T14:59:18.487Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to gain root privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:35.793Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40861", datePublished: "2024-09-16T23:22:35.793Z", dateReserved: "2024-07-10T17:11:04.714Z", dateUpdated: "2024-09-17T14:59:18.487Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27858
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-18 20:16
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27858", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T14:53:55.226317Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-281", description: "CWE-281 Improper Preservation of Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T20:16:49.848Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access protected user data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:36.830Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27858", datePublished: "2024-09-16T23:22:36.830Z", dateReserved: "2024-02-26T15:32:28.540Z", dateUpdated: "2025-03-18T20:16:49.848Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27860
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-20 14:09
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27860", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T14:26:53.705305Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T14:09:28.751Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory.", }, ], problemTypes: [ { descriptions: [ { description: "An application may be able to read restricted memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:58.156Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27860", datePublished: "2024-09-16T23:22:58.156Z", dateReserved: "2024-02-26T15:32:28.540Z", dateUpdated: "2025-03-20T14:09:28.751Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40814
Vulnerability from cvelistv5
Published
2024-07-29 22:16
Modified
2024-08-02 04:39
Severity ?
EPSS score ?
Summary
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.6. An app may be able to bypass Privacy preferences.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.6", status: "affected", version: "14.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40814", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-30T19:25:13.656168Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285 Improper Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-30T19:27:26.489Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:39:54.840Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214119", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.6. An app may be able to bypass Privacy preferences.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to bypass Privacy preferences", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-29T22:16:54.546Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214119", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/18", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40814", datePublished: "2024-07-29T22:16:54.546Z", dateReserved: "2024-07-10T17:11:04.695Z", dateUpdated: "2024-08-02T04:39:54.840Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40856
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 20:29
Severity ?
EPSS score ?
Summary
An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, tvOS 18, macOS Sequoia 15. An attacker may be able to force a device to disconnect from a secure network.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40856", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T20:29:31.605822Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T20:29:39.759Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, tvOS 18, macOS Sequoia 15. An attacker may be able to force a device to disconnect from a secure network.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker may be able to force a device to disconnect from a secure network", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:50.203Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121248", }, { url: "https://support.apple.com/en-us/121250", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40856", datePublished: "2024-09-16T23:22:50.203Z", dateReserved: "2024-07-10T17:11:04.711Z", dateUpdated: "2024-09-17T20:29:39.759Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40797
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 17:56
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Visiting a malicious website may lead to user interface spoofing.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40797", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-18T17:56:48.287127Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-18T17:56:56.897Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Visiting a malicious website may lead to user interface spoofing.", }, ], problemTypes: [ { descriptions: [ { description: "Visiting a malicious website may lead to user interface spoofing", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:17.211Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40797", datePublished: "2024-09-16T23:22:17.211Z", dateReserved: "2024-07-10T17:11:04.691Z", dateUpdated: "2024-09-18T17:56:56.897Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40791
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-19 14:46
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access information about a user's contacts.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 13.7 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40791", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T15:06:48.728250Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532 Insertion of Sensitive Information into Log File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-19T14:46:59.430Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access information about a user's contacts.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access information about a user's contacts", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:33.850Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40791", datePublished: "2024-09-16T23:22:33.850Z", dateReserved: "2024-07-10T17:11:04.689Z", dateUpdated: "2025-03-19T14:46:59.430Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40846
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-17 15:16
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40846", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T20:56:19.385641Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-17T15:16:34.519Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted video file may lead to unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:18.135Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40846", datePublished: "2024-09-16T23:22:18.135Z", dateReserved: "2024-07-10T17:11:04.709Z", dateUpdated: "2025-03-17T15:16:34.519Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27886
Vulnerability from cvelistv5
Published
2024-07-29 22:16
Modified
2025-02-13 17:47
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.4. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:mac_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mac_os", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27886", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-30T14:36:28.355064Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-783", description: "CWE-783 Operator Precedence Logic Error", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-30T15:26:43.251Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:41:55.812Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214084", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.4. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode.", }, ], problemTypes: [ { descriptions: [ { description: "An unprivileged app may be able to log keystrokes in other apps including those using secure input mode", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-29T22:20:24.604Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/kb/HT214084", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27886", datePublished: "2024-07-29T22:16:35.305Z", dateReserved: "2024-02-26T15:32:28.544Z", dateUpdated: "2025-02-13T17:47:10.638Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44158
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-19 14:37
Severity ?
EPSS score ?
Summary
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A shortcut may output sensitive user data without consent.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44158", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T14:24:21.838263Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-19T14:37:32.123Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A shortcut may output sensitive user data without consent.", }, ], problemTypes: [ { descriptions: [ { description: "A shortcut may output sensitive user data without consent", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:59.176Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44158", datePublished: "2024-09-16T23:22:59.176Z", dateReserved: "2024-08-20T21:42:05.924Z", dateUpdated: "2025-03-19T14:37:32.123Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4504
Vulnerability from cvelistv5
Published
2023-09-21 22:47
Modified
2025-02-13 17:13
Severity ?
EPSS score ?
Summary
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | OpenPrinting | CUPS |
Version: 0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:31:05.906Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "technical-description", "third-party-advisory", "x_transferred", ], url: "https://takeonme.org/cves/CVE-2023-4504.html", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h", }, { tags: [ "release-notes", "x_transferred", ], url: "https://github.com/OpenPrinting/cups/releases/tag/v2.4.7", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7/", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CUPS", vendor: "OpenPrinting", versions: [ { lessThan: "2.4.6", status: "affected", version: "0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "libppd", vendor: "OpenPrinting", versions: [ { lessThan: "d09348b", status: "affected", version: "0", versionType: "git", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "zenofex", }, { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "WanderingGlitch", }, { lang: "en", type: "coordinator", user: "00000000-0000-4000-9000-000000000000", value: "Austin Hackers Anonymous!", }, ], datePublic: "2023-09-20T12:35:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.</span><br>", }, ], value: "Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122 Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-07T02:06:38.717Z", orgId: "26969f82-7e87-44d8-9cb5-f6fb926ddd43", shortName: "AHA", }, references: [ { tags: [ "technical-description", "third-party-advisory", ], url: "https://takeonme.org/cves/CVE-2023-4504.html", }, { tags: [ "vendor-advisory", ], url: "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6", }, { tags: [ "vendor-advisory", ], url: "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h", }, { tags: [ "release-notes", ], url: "https://github.com/OpenPrinting/cups/releases/tag/v2.4.7", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7/", }, { url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6/", }, ], source: { discovery: "EXTERNAL", }, title: "OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "26969f82-7e87-44d8-9cb5-f6fb926ddd43", assignerShortName: "AHA", cveId: "CVE-2023-4504", datePublished: "2023-09-21T22:47:41.879Z", dateReserved: "2023-08-23T21:14:04.183Z", dateUpdated: "2025-02-13T17:13:43.730Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44132
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:14
Severity ?
EPSS score ?
Summary
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "15", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44132", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T19:10:11.511786Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-61", description: "CWE-61 UNIX Symbolic Link (Symlink) Following", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-17T19:14:18.722Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to break out of its sandbox", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:25.727Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44132", datePublished: "2024-09-16T23:23:25.727Z", dateReserved: "2024-08-20T21:42:05.919Z", dateUpdated: "2024-09-17T19:14:18.722Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27861
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2025-03-19 17:55
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27861", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T14:01:35.077794Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-19T17:55:56.037Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory.", }, ], problemTypes: [ { descriptions: [ { description: "An application may be able to read restricted memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:07.510Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27861", datePublished: "2024-09-16T23:23:07.510Z", dateReserved: "2024-02-26T15:32:28.540Z", dateUpdated: "2025-03-19T17:55:56.037Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-5841
Vulnerability from cvelistv5
Published
2024-02-01 18:28
Modified
2025-02-13 17:25
Severity ?
EPSS score ?
Summary
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Academy Software Foundation | OpenEXR |
Version: 0 ≤ 3.2.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:14:24.651Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://takeonme.org/cves/CVE-2023-5841.html", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "OpenEXR", vendor: "Academy Software Foundation", versions: [ { lessThanOrEqual: "3.2.1", status: "affected", version: "0", versionType: "semver", }, { status: "unaffected", version: "3.2.2", }, { status: "unaffected", version: "3.1.12", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "zenofex", }, { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "WanderingGlitch", }, { lang: "en", type: "coordinator", user: "00000000-0000-4000-9000-000000000000", value: "Austin Hackers Anonymous!", }, ], datePublic: "2024-01-31T22:35:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions <span style=\"background-color: rgb(255, 255, 255);\">v3.2.2 and v3.1.12 of the affected library.</span><br>", }, ], value: "Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-25T02:06:23.585Z", orgId: "26969f82-7e87-44d8-9cb5-f6fb926ddd43", shortName: "AHA", }, references: [ { url: "https://takeonme.org/cves/CVE-2023-5841.html", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/", }, ], source: { discovery: "EXTERNAL", }, title: "OpenEXR Heap Overflow in Scanline Deep Data Parsing", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "26969f82-7e87-44d8-9cb5-f6fb926ddd43", assignerShortName: "AHA", cveId: "CVE-2023-5841", datePublished: "2024-02-01T18:28:05.892Z", dateReserved: "2023-10-29T23:41:19.153Z", dateUpdated: "2025-02-13T17:25:51.153Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40847
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-18 13:52
Severity ?
EPSS score ?
Summary
The issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access sensitive user data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40847", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-18T13:52:35.715017Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-18T13:52:46.062Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access sensitive user data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access sensitive user data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:16.278Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40847", datePublished: "2024-09-16T23:22:16.278Z", dateReserved: "2024-07-10T17:11:04.709Z", dateUpdated: "2024-09-18T13:52:46.062Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-41957
Vulnerability from cvelistv5
Published
2024-08-01 21:41
Modified
2024-11-29 12:04
Severity ?
EPSS score ?
Summary
Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags,
but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 | x_refsource_CONFIRM | |
| https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-11-29T12:04:42.320Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/08/01/1", }, { url: "https://security.netapp.com/advisory/ntap-20241129-0007/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-41957", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-02T15:31:59.324596Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-02T15:32:16.672Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "vim", vendor: "vim", versions: [ { status: "affected", version: "< 9.1.0647", }, ], }, ], descriptions: [ { lang: "en", value: "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags,\nbut it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-415", description: "CWE-415: Double Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-01T21:41:42.921Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4", }, { name: "https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a", tags: [ "x_refsource_MISC", ], url: "https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a", }, ], source: { advisory: "GHSA-f9cr-gv85-hcr4", discovery: "UNKNOWN", }, title: "Vim double free in src/alloc.c:616", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-41957", datePublished: "2024-08-01T21:41:42.921Z", dateReserved: "2024-07-24T16:51:40.950Z", dateUpdated: "2024-11-29T12:04:42.320Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44177
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 19:59
Severity ?
EPSS score ?
Summary
A privacy issue was addressed by removing sensitive data. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44177", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T19:58:59.301348Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T19:59:09.911Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed by removing sensitive data. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:43.861Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44177", datePublished: "2024-09-16T23:22:43.861Z", dateReserved: "2024-08-20T21:42:05.927Z", dateUpdated: "2024-09-17T19:59:09.911Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-27869
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 20:53
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 15 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "15", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios_and_ipados", vendor: "apple", versions: [ { lessThan: "18", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-27869", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T20:50:33.432687Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-17T20:53:21.065Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to record the screen without an indicator", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:20.064Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121250", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-27869", datePublished: "2024-09-16T23:22:20.064Z", dateReserved: "2024-02-26T15:32:28.541Z", dateUpdated: "2024-09-17T20:53:21.065Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44165
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 18:52
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Network traffic may leak outside a VPN tunnel.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44165", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T18:52:28.163694Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T18:52:50.386Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "18", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Network traffic may leak outside a VPN tunnel.", }, ], problemTypes: [ { descriptions: [ { description: "Network traffic may leak outside a VPN tunnel", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:27.570Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121249", }, { url: "https://support.apple.com/en-us/121246", }, { url: "https://support.apple.com/en-us/121250", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44165", datePublished: "2024-09-16T23:23:27.570Z", dateReserved: "2024-08-20T21:42:05.925Z", dateUpdated: "2024-09-17T18:52:50.386Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44188
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-19 17:03
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44188", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T20:46:17.452228Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-281", description: "CWE-281 Improper Preservation of Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-19T17:03:15.649Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access protected user data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:24.814Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44188", datePublished: "2024-09-16T23:22:24.814Z", dateReserved: "2024-08-20T21:42:05.933Z", dateUpdated: "2025-03-19T17:03:15.649Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44181
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-20 14:37
Severity ?
EPSS score ?
Summary
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read sensitive location information.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44181", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T14:36:17.764956Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T14:37:10.088Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read sensitive location information.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to read sensitive location information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:53.686Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44181", datePublished: "2024-09-16T23:22:53.686Z", dateReserved: "2024-08-20T21:42:05.927Z", dateUpdated: "2025-03-20T14:37:10.088Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44160
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 14:53
Severity ?
EPSS score ?
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "13.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "14.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "15", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44160", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T14:49:35.657521Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-17T14:53:00.179Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a maliciously crafted texture may lead to unexpected app termination", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:37.835Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44160", datePublished: "2024-09-16T23:22:37.835Z", dateReserved: "2024-08-20T21:42:05.924Z", dateUpdated: "2024-09-17T14:53:00.179Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44152
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2025-03-19 13:49
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44152", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T13:50:47.120490Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-19T13:49:21.883Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:14.462Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44152", datePublished: "2024-09-16T23:23:14.462Z", dateReserved: "2024-08-20T21:42:05.923Z", dateUpdated: "2025-03-19T13:49:21.883Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40843
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-20 13:19
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to modify protected parts of the file system.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40843", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T14:40:05.062323Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T13:19:40.530Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to modify protected parts of the file system.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to modify protected parts of the file system", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:51.924Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40843", datePublished: "2024-09-16T23:22:51.924Z", dateReserved: "2024-07-10T17:11:04.708Z", dateUpdated: "2025-03-20T13:19:40.530Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40838
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2024-09-17 14:32
Severity ?
EPSS score ?
Summary
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user's device.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40838", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T14:31:59.821483Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T14:32:23.272Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user's device.", }, ], problemTypes: [ { descriptions: [ { description: "A malicious app may be able to access notifications from the user's device", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:55.333Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40838", datePublished: "2024-09-16T23:22:55.333Z", dateReserved: "2024-07-10T17:11:04.706Z", dateUpdated: "2024-09-17T14:32:23.272Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44133
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:25
Severity ?
EPSS score ?
Summary
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. On MDM managed devices, an app may be able to bypass certain Privacy preferences.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44133", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T19:25:04.060403Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T19:25:15.176Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. On MDM managed devices, an app may be able to bypass certain Privacy preferences.", }, ], problemTypes: [ { descriptions: [ { description: "On MDM managed devices, an app may be able to bypass certain Privacy preferences", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:11.932Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44133", datePublished: "2024-09-16T23:23:11.932Z", dateReserved: "2024-08-20T21:42:05.919Z", dateUpdated: "2024-09-17T19:25:15.176Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44178
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-15 15:27
Severity ?
EPSS score ?
Summary
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44178", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T14:30:05.793100Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-15T15:27:24.607Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to modify protected parts of the file system", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:56.274Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44178", datePublished: "2024-09-16T23:22:56.274Z", dateReserved: "2024-08-20T21:42:05.927Z", dateUpdated: "2025-03-15T15:27:24.607Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44153
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:18
Severity ?
EPSS score ?
Summary
The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-44153", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T19:17:56.846329Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T19:18:06.183Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:23.145Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44153", datePublished: "2024-09-16T23:23:23.145Z", dateReserved: "2024-08-20T21:42:05.923Z", dateUpdated: "2024-09-17T19:18:06.183Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40859
Vulnerability from cvelistv5
Published
2024-09-16 23:23
Modified
2024-09-17 19:27
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-40859", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T19:27:00.406196Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T19:27:14.191Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:23:01.051Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121238", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-40859", datePublished: "2024-09-16T23:23:01.051Z", dateReserved: "2024-07-10T17:11:04.712Z", dateUpdated: "2024-09-17T19:27:14.191Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-44151
Vulnerability from cvelistv5
Published
2024-09-16 23:22
Modified
2025-03-18 14:02
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44151", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T20:55:16.692045Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-276", description: "CWE-276 Incorrect Default Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T14:02:37.465Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to modify protected parts of the file system", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T23:22:19.091Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/121234", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/121247", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44151", datePublished: "2024-09-16T23:22:19.091Z", dateReserved: "2024-08-20T21:42:05.923Z", dateUpdated: "2025-03-18T14:02:37.465Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.