Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2024-0578
Vulnerability from csaf_certbund
Published
2024-03-07 23:00
Modified
2025-01-06 23:00
Summary
Apple macOS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.
Angriff
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme
- MacOS X
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", title: "Angriff", }, { category: "general", text: "- MacOS X", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0578 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0578.json", }, { category: "self", summary: "WID-SEC-2024-0578 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0578", }, { category: "external", summary: "Apple Security Update vom 2024-03-07", url: "https://support.apple.com/en-us/HT214083", }, ], source_lang: "en-US", title: "Apple macOS: Mehrere Schwachstellen", tracking: { current_release_date: "2025-01-06T23:00:00.000+00:00", generator: { date: "2025-01-07T09:19:04.754+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-0578", initial_release_date: "2024-03-07T23:00:00.000+00:00", revision_history: [ { date: "2024-03-07T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2025-01-06T23:00:00.000+00:00", number: "2", summary: "CVE-2024-23299 ergänzt", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<12.7.4", product: { name: "Apple macOS <12.7.4", product_id: "T033317", }, }, { category: "product_version", name: "12.7.4", product: { name: "Apple macOS 12.7.4", product_id: "T033317-fixed", product_identification_helper: { cpe: "cpe:/o:apple:mac_os:12.7.4", }, }, }, { category: "product_version_range", name: "<14.4", product: { name: "Apple macOS <14.4", product_id: "T033318", }, }, { category: "product_version", name: "14.4", product: { name: "Apple macOS 14.4", product_id: "T033318-fixed", product_identification_helper: { cpe: "cpe:/o:apple:mac_os:14.4", }, }, }, { category: "product_version_range", name: "<13.6.5", product: { name: "Apple macOS <13.6.5", product_id: "T033319", }, }, { category: "product_version", name: "13.6.5", product: { name: "Apple macOS 13.6.5", product_id: "T033319-fixed", product_identification_helper: { cpe: "cpe:/o:apple:mac_os:13.6.5", }, }, }, ], category: "product_name", name: "macOS", }, ], category: "vendor", name: "Apple", }, ], }, vulnerabilities: [ { cve: "CVE-2022-42816", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2022-42816", }, { cve: "CVE-2022-48554", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2022-48554", }, { cve: "CVE-2023-28826", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2023-28826", }, { cve: "CVE-2023-42853", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2023-42853", }, { cve: "CVE-2023-48795", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2023-48795", }, { cve: "CVE-2023-51384", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2023-51384", }, { cve: "CVE-2023-51385", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2023-51385", }, { cve: "CVE-2024-0258", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-0258", }, { cve: "CVE-2024-23201", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23201", }, { cve: "CVE-2024-23204", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23204", }, { cve: "CVE-2024-23205", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23205", }, { cve: "CVE-2024-23216", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23216", }, { cve: "CVE-2024-23218", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23218", }, { cve: "CVE-2024-23225", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23225", }, { cve: "CVE-2024-23226", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23226", }, { cve: "CVE-2024-23227", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23227", }, { cve: "CVE-2024-23230", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23230", }, { cve: "CVE-2024-23231", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23231", }, { cve: "CVE-2024-23232", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23232", }, { cve: "CVE-2024-23233", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23233", }, { cve: "CVE-2024-23234", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23234", }, { cve: "CVE-2024-23235", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23235", }, { cve: "CVE-2024-23238", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23238", }, { cve: "CVE-2024-23239", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23239", }, { cve: "CVE-2024-23241", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23241", }, { cve: "CVE-2024-23242", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23242", }, { cve: "CVE-2024-23244", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23244", }, { cve: "CVE-2024-23245", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23245", }, { cve: "CVE-2024-23246", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23246", }, { cve: "CVE-2024-23247", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23247", }, { cve: "CVE-2024-23248", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23248", }, { cve: "CVE-2024-23249", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23249", }, { cve: "CVE-2024-23250", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23250", }, { cve: "CVE-2024-23252", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23252", }, { cve: "CVE-2024-23253", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23253", }, { cve: "CVE-2024-23254", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23254", }, { cve: "CVE-2024-23255", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23255", }, { cve: "CVE-2024-23257", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23257", }, { cve: "CVE-2024-23258", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23258", }, { cve: "CVE-2024-23259", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23259", }, { cve: "CVE-2024-23260", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23260", }, { cve: "CVE-2024-23263", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23263", }, { cve: "CVE-2024-23264", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23264", }, { cve: "CVE-2024-23265", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23265", }, { cve: "CVE-2024-23266", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23266", }, { cve: "CVE-2024-23267", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23267", }, { cve: "CVE-2024-23268", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23268", }, { cve: "CVE-2024-23269", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23269", }, { cve: "CVE-2024-23270", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23270", }, { cve: "CVE-2024-23272", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23272", }, { cve: "CVE-2024-23273", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23273", }, { cve: "CVE-2024-23274", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23274", }, { cve: "CVE-2024-23275", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23275", }, { cve: "CVE-2024-23276", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23276", }, { cve: "CVE-2024-23277", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23277", }, { cve: "CVE-2024-23278", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23278", }, { cve: "CVE-2024-23279", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23279", }, { cve: "CVE-2024-23280", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23280", }, { cve: "CVE-2024-23281", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23281", }, { cve: "CVE-2024-23283", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23283", }, { cve: "CVE-2024-23284", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23284", }, { cve: "CVE-2024-23285", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23285", }, { cve: "CVE-2024-23286", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23286", }, { cve: "CVE-2024-23287", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23287", }, { cve: "CVE-2024-23288", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23288", }, { cve: "CVE-2024-23289", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23289", }, { cve: "CVE-2024-23290", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23290", }, { cve: "CVE-2024-23291", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23291", }, { cve: "CVE-2024-23292", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23292", }, { cve: "CVE-2024-23293", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23293", }, { cve: "CVE-2024-23294", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23294", }, { cve: "CVE-2024-23296", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23296", }, { cve: "CVE-2024-23299", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie dem Kernel, dem PackageKit oder den Speicherdiensten, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Berechtigungsprüfung, einer unsachgemäßen Validierung von Benutzereingaben oder einer unsachgemäßen Speicherbehandlung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, seine Privilegien zu erweitern oder Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T033318", "T033319", "T033317", ], }, release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23299", }, ], }
cve-2024-23285
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.4. An app may be able to create symlinks to protected regions of the disk.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.157Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23285", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-27T19:47:04.907277Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-61", description: "CWE-61 UNIX Symbolic Link (Symlink) Following", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-27T20:20:42.533Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.4. An app may be able to create symlinks to protected regions of the disk.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to create symlinks to protected regions of the disk", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:52.264Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23285", datePublished: "2024-03-08T01:35:31.663Z", dateReserved: "2024-01-12T22:22:21.499Z", dateUpdated: "2025-02-13T17:39:30.133Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23246
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:16.7:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "16.7", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:16.7:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "16.7", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "safari", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "14.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "webkitgtk", vendor: "webkitgtk", versions: [ { lessThan: "2.45.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23246", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-18T04:00:44.136279Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-06T14:04:44.881Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.063Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to break out of its sandbox", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:25.668Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23246", datePublished: "2024-03-08T01:35:32.589Z", dateReserved: "2024-01-12T22:22:21.483Z", dateUpdated: "2025-02-13T17:34:14.202Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23280
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.150Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214089", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "safari", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23280", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-28T20:33:30.944280Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-31T16:45:41.969Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.", }, ], problemTypes: [ { descriptions: [ { description: "A maliciously crafted webpage may be able to fingerprint the user", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-07T06:06:16.536Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214089", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23280", datePublished: "2024-03-08T01:36:14.625Z", dateReserved: "2024-01-12T22:22:21.499Z", dateUpdated: "2025-02-13T17:39:26.737Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23296
Vulnerability from cvelistv5
Published
2024-03-05 19:24
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23296", options: [ { Exploitation: "Active", }, { Automatable: "No", }, { "Technical Impact": "Total", }, ], role: "CISA Coordinator", timestamp: "2024-03-09T05:00:52.848270Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-03-06", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-23296", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:46:11.337Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.205Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214088", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214087", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/18", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214107", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/May/11", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/May/13", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214100", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214118", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-29T22:07:07.727Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/kb/HT214088", }, { url: "https://support.apple.com/kb/HT214084", }, { url: "https://support.apple.com/kb/HT214086", }, { url: "https://support.apple.com/kb/HT214087", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/18", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { url: "https://support.apple.com/kb/HT214107", }, { url: "http://seclists.org/fulldisclosure/2024/May/11", }, { url: "http://seclists.org/fulldisclosure/2024/May/13", }, { url: "https://support.apple.com/kb/HT214100", }, { url: "https://support.apple.com/kb/HT214118", }, { url: "http://seclists.org/fulldisclosure/2024/Jul/20", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23296", datePublished: "2024-03-05T19:24:13.999Z", dateReserved: "2024-01-12T22:22:21.502Z", dateUpdated: "2025-02-13T17:39:36.697Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23247
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-26 19:59
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Processing a file may lead to unexpected app termination or arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.039Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7.4", status: "affected", version: "0", versionType: "custom", }, { lessThan: "13.6.5", status: "affected", version: "13.0", versionType: "custom", }, { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23247", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-07T04:00:23.736852Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-26T19:59:16.670Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Processing a file may lead to unexpected app termination or arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a file may lead to unexpected app termination or arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:37.152Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23247", datePublished: "2024-03-08T01:35:42.829Z", dateReserved: "2024-01-12T22:22:21.484Z", dateUpdated: "2025-03-26T19:59:16.670Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23235
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23235", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-11T16:21:14.723503Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-31T18:12:37.705Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:31.970Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:00.781Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23235", datePublished: "2024-03-08T01:36:04.430Z", dateReserved: "2024-01-12T22:22:21.480Z", dateUpdated: "2025-02-13T17:34:08.282Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23250
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-27 15:21
Severity ?
EPSS score ?
Summary
An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access Bluetooth-connected microphones without user permission.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23250", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-12T18:12:05.442356Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T15:21:44.164Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.324Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access Bluetooth-connected microphones without user permission.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access Bluetooth-connected microphones without user permission", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:02.423Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23250", datePublished: "2024-03-08T01:35:33.516Z", dateReserved: "2024-01-12T22:22:21.486Z", dateUpdated: "2025-03-27T15:21:44.164Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23245
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Third-party shortcuts may use a legacy action from Automator to send events to apps without user consent.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.088Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23245", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T18:39:59.567732Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-04T21:07:32.363Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Third-party shortcuts may use a legacy action from Automator to send events to apps without user consent.", }, ], problemTypes: [ { descriptions: [ { description: "Third-party shortcuts may use a legacy action from Automator to send events to apps without user consent", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:07.375Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23245", datePublished: "2024-03-08T01:36:01.619Z", dateReserved: "2024-01-12T22:22:21.483Z", dateUpdated: "2025-02-13T17:34:13.600Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23204
Vulnerability from cvelistv5
Published
2024-01-23 00:25
Modified
2025-02-13 17:33
Severity ?
EPSS score ?
Summary
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:31.999Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214059", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214060", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214061", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jan/33", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jan/36", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jan/39", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214085", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.", }, ], problemTypes: [ { descriptions: [ { description: "A shortcut may be able to use sensitive data with certain actions without prompting the user", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T22:08:40.834Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214059", }, { url: "https://support.apple.com/en-us/HT214060", }, { url: "https://support.apple.com/en-us/HT214061", }, { url: "http://seclists.org/fulldisclosure/2024/Jan/33", }, { url: "http://seclists.org/fulldisclosure/2024/Jan/36", }, { url: "http://seclists.org/fulldisclosure/2024/Jan/39", }, { url: "https://support.apple.com/kb/HT214082", }, { url: "https://support.apple.com/kb/HT214083", }, { url: "https://support.apple.com/kb/HT214085", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23204", datePublished: "2024-01-23T00:25:30.276Z", dateReserved: "2024-01-12T22:22:21.475Z", dateUpdated: "2025-02-13T17:33:50.468Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23238
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to edit NVRAM variables.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.074Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23238", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-05T19:49:08.395517Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-05T19:51:30.070Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to edit NVRAM variables.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to edit NVRAM variables", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:48.907Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23238", datePublished: "2024-03-08T01:36:15.545Z", dateReserved: "2024-01-12T22:22:21.480Z", dateUpdated: "2025-02-13T17:34:09.502Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23254
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23254", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T15:22:13.972787Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-04T17:21:36.617Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.080Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214089", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.", }, ], problemTypes: [ { descriptions: [ { description: "A malicious website may exfiltrate audio data cross-origin", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-07T06:06:08.214Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214089", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23254", datePublished: "2024-03-08T01:36:07.243Z", dateReserved: "2024-01-12T22:22:21.487Z", dateUpdated: "2025-02-13T17:34:18.949Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23291
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A malicious app may be able to observe user data in log entries related to accessibility notifications.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.214Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23291", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-05T16:27:23.080978Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-05T16:30:08.296Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A malicious app may be able to observe user data in log entries related to accessibility notifications.", }, ], problemTypes: [ { descriptions: [ { description: "A malicious app may be able to observe user data in log entries related to accessibility notifications", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:47.318Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23291", datePublished: "2024-03-08T01:35:50.295Z", dateReserved: "2024-01-12T22:22:21.501Z", dateUpdated: "2025-02-13T17:39:33.744Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23231
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able to access user-sensitive data.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.073Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214085", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23231", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T18:40:42.656077Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-31T17:27:36.348Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:57.256Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "https://support.apple.com/kb/HT214085", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23231", datePublished: "2024-03-08T01:35:38.235Z", dateReserved: "2024-01-12T22:22:21.479Z", dateUpdated: "2025-02-13T17:34:05.704Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23230
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
This issue was addressed with improved file handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to access sensitive user data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23230", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T15:47:29.441243Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862 Missing Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-31T15:07:33.638Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.105Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved file handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to access sensitive user data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access sensitive user data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:22.196Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23230", datePublished: "2024-03-08T01:35:39.177Z", dateReserved: "2024-01-12T22:22:21.479Z", dateUpdated: "2025-02-13T17:34:04.947Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23241
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to leak sensitive user information.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23241", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-12T15:42:05.900296Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-922", description: "CWE-922 Insecure Storage of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-18T21:02:43.242Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.061Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to leak sensitive user information.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to leak sensitive user information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:14.333Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23241", datePublished: "2024-03-08T01:35:26.031Z", dateReserved: "2024-01-12T22:22:21.482Z", dateUpdated: "2025-02-13T17:34:10.709Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23252
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{ containers: { cna: { providerMetadata: { dateUpdated: "2024-03-26T18:41:15.985Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, rejectedReasons: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", }, ], value: "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", }, ], x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23252", datePublished: "2024-03-08T01:35:45.663Z", dateRejected: "2024-03-26T18:41:15.985Z", dateReserved: "2024-01-12T22:22:21.486Z", dateUpdated: "2024-03-26T18:41:15.985Z", state: "REJECTED", }, dataType: "CVE_RECORD", dataVersion: "5.0", }
cve-2024-23266
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-25 17:56
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23266", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T15:22:56.739248Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T17:56:31.163Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.117Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to modify protected parts of the file system", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:16.844Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23266", datePublished: "2024-03-08T01:35:37.236Z", dateReserved: "2024-01-12T22:22:21.491Z", dateUpdated: "2025-03-25T17:56:31.163Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23273
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.140Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214089", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23273", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-27T19:31:28.016236Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295 Improper Certificate Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-30T19:43:36.912Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.", }, ], problemTypes: [ { descriptions: [ { description: "Private Browsing tabs may be accessed without authentication", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:08.842Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214089", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23273", datePublished: "2024-03-08T01:35:54.940Z", dateReserved: "2024-01-12T22:22:21.498Z", dateUpdated: "2025-02-13T17:39:22.331Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23288
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-20 21:22
Severity ?
EPSS score ?
Summary
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to elevate privileges.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.152Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23288", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-28T15:45:10.369323Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266 Incorrect Privilege Assignment", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T21:22:17.525Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to elevate privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to elevate privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:23.848Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23288", datePublished: "2024-03-08T01:35:40.080Z", dateReserved: "2024-01-12T22:22:21.501Z", dateUpdated: "2025-03-20T21:22:17.525Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23272
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-28 19:06
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. A user may gain access to protected parts of the file system.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23272", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-28T19:05:15.066527Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-28T19:06:44.418Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.183Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. A user may gain access to protected parts of the file system.", }, ], problemTypes: [ { descriptions: [ { description: "A user may gain access to protected parts of the file system", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:32.016Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23272", datePublished: "2024-03-08T01:35:54.007Z", dateReserved: "2024-01-12T22:22:21.498Z", dateUpdated: "2025-03-28T19:06:44.418Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23283
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to access user-sensitive data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23283", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T14:08:53.623193Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-27T13:37:58.207Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.167Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:20.502Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23283", datePublished: "2024-03-08T01:35:21.358Z", dateReserved: "2024-01-12T22:22:21.499Z", dateUpdated: "2025-02-13T17:39:28.636Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23233
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-28 23:36
Severity ?
EPSS score ?
Summary
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23233", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T16:14:58.693861Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-277", description: "CWE-277 Insecure Inherited Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-28T23:36:51.192Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.367Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.", }, ], problemTypes: [ { descriptions: [ { description: "Entitlements and privacy permissions granted to this app may be used by a malicious app", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:12.902Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23233", datePublished: "2024-03-08T01:35:52.165Z", dateReserved: "2024-01-12T22:22:21.480Z", dateUpdated: "2025-03-28T23:36:51.192Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23248
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23248", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-21T16:08:33.544191Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-404", description: "CWE-404 Improper Resource Shutdown or Release", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-07T18:35:39.329Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.135Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a file may lead to a denial-of-service or potentially disclose memory contents", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:09.017Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23248", datePublished: "2024-03-08T01:35:51.200Z", dateReserved: "2024-01-12T22:22:21.485Z", dateUpdated: "2025-02-13T17:34:15.475Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23270
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-27 20:04
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.166Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7.4", status: "affected", version: "0", versionType: "custom", }, { lessThan: "13.6.5", status: "affected", version: "13.0", versionType: "custom", }, { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23270", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-30T04:00:59.418738Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T20:04:13.760Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code with kernel privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:50.500Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23270", datePublished: "2024-03-08T01:35:35.392Z", dateReserved: "2024-01-12T22:22:21.492Z", dateUpdated: "2025-03-27T20:04:13.760Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23287
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-13 21:34
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23287", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-12T18:13:20.505379Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-377", description: "CWE-377 Insecure Temporary File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T21:34:35.535Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.143Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:26.025Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23287", datePublished: "2024-03-08T01:35:49.346Z", dateReserved: "2024-01-12T22:22:21.501Z", dateUpdated: "2025-03-13T21:34:35.535Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28826
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-28 19:26
Severity ?
EPSS score ?
Summary
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-28826", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T15:46:00.540088Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-28T19:26:04.805Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T13:51:38.763Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213984", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213984", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access sensitive user data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T22:08:02.664Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT213984", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/kb/HT213984", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2023-28826", datePublished: "2024-03-08T01:35:28.817Z", dateReserved: "2023-09-14T19:03:36.082Z", dateUpdated: "2025-03-28T19:26:04.805Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23257
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-27 21:15
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23257", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T15:33:52.302723Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T21:15:19.444Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.110Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory.", }, ], problemTypes: [ { descriptions: [ { description: "Processing an image may result in disclosure of process memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:51.146Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23257", datePublished: "2024-03-08T01:35:24.108Z", dateReserved: "2024-01-12T22:22:21.488Z", dateUpdated: "2025-03-27T21:15:19.444Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23274
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7.4", status: "affected", version: "12.0", versionType: "custom", }, { lessThan: "13.6.5", status: "affected", version: "13.0", versionType: "custom", }, { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23274", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-29T04:00:25.613353Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-75", description: "CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-30T14:50:15.454Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.114Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to elevate privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:09.318Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23274", datePublished: "2024-03-08T01:36:06.303Z", dateReserved: "2024-01-12T22:22:21.498Z", dateUpdated: "2025-02-13T17:39:23.015Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23279
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23279", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T15:23:10.341985Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-20T17:08:18.568Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.094Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:24.619Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23279", datePublished: "2024-03-08T01:36:13.690Z", dateReserved: "2024-01-12T22:22:21.499Z", dateUpdated: "2025-02-13T17:39:26.195Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23253
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to access a user's Photos Library.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:14.4:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23253", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-11T16:24:47.236323Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-23T15:19:33.282Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.124Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to access a user's Photos Library.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access a user's Photos Library", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:45.750Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23253", datePublished: "2024-03-08T01:36:02.562Z", dateReserved: "2024-01-12T22:22:21.487Z", dateUpdated: "2025-02-13T17:34:18.261Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-51384
Vulnerability from cvelistv5
Published
2023-12-18 00:00
Modified
2024-08-02 22:32
Severity ?
EPSS score ?
Summary
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:32:09.165Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.openssh.com/txt/release-9.6", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/12/18/2", }, { tags: [ "x_transferred", ], url: "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b", }, { name: "DSA-5586", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5586", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240105-0005/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214084", }, { name: "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:06.929696", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.openssh.com/txt/release-9.6", }, { url: "https://www.openwall.com/lists/oss-security/2023/12/18/2", }, { url: "https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b", }, { name: "DSA-5586", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5586", }, { url: "https://security.netapp.com/advisory/ntap-20240105-0005/", }, { url: "https://support.apple.com/kb/HT214084", }, { name: "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-51384", datePublished: "2023-12-18T00:00:00", dateReserved: "2023-12-18T00:00:00", dateUpdated: "2024-08-02T22:32:09.165Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23268
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7.4", status: "affected", version: "12.0", versionType: "custom", }, { lessThan: "13.6.5", status: "affected", version: "13.0", versionType: "custom", }, { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23268", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-29T04:00:22.447880Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-75", description: "CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-30T14:43:15.761Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.124Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to elevate privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:22.682Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23268", datePublished: "2024-03-08T01:35:48.416Z", dateReserved: "2024-01-12T22:22:21.491Z", dateUpdated: "2025-02-13T17:39:19.222Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23226
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-17 20:34
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.102Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23226", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-29T04:00:23.524335Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-17T20:34:57.389Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing web content may lead to arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:43.374Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23226", datePublished: "2024-03-08T01:35:41.905Z", dateReserved: "2024-01-12T22:22:21.478Z", dateUpdated: "2025-03-17T20:34:57.389Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23278
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "13.6", status: "affected", version: "13.0", versionType: "custom", }, { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "0", versionType: "custom", }, { lessThan: "17.4", status: "affected", version: "17.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "0", versionType: "custom", }, { lessThan: "17.4", status: "affected", version: "17.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23278", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T15:00:35.806636Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-31T19:24:11.849Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.157Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214085", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to break out of its sandbox", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:33.383Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "https://support.apple.com/kb/HT214085", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23278", datePublished: "2024-03-08T01:36:11.839Z", dateReserved: "2024-01-12T22:22:21.499Z", dateUpdated: "2025-02-13T17:39:25.638Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23239
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-03-13 21:07
Severity ?
EPSS score ?
Summary
A race condition was addressed with improved state handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to leak sensitive user information.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23239", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-13T21:01:31.786931Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T21:07:32.221Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.102Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A race condition was addressed with improved state handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to leak sensitive user information.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to leak sensitive user information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:04.045Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23239", datePublished: "2024-03-08T01:36:09.093Z", dateReserved: "2024-01-12T22:22:21.480Z", dateUpdated: "2025-03-13T21:07:32.221Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23284
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-28 20:45
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.132Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214089", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23284", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-07T04:00:29.525435Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-693", description: "CWE-693 Protection Mechanism Failure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-28T20:45:42.133Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may prevent Content Security Policy from being enforced", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-07T06:06:10.355Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214089", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23284", datePublished: "2024-03-08T01:35:43.782Z", dateReserved: "2024-01-12T22:22:21.499Z", dateUpdated: "2025-03-28T20:45:42.133Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23260
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
This issue was addressed by removing additional entitlements. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23260", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-14T17:52:26.435334Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-01T19:40:35.093Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.103Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed by removing additional entitlements. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:35.506Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23260", datePublished: "2024-03-08T01:35:19.521Z", dateReserved: "2024-01-12T22:22:21.489Z", dateUpdated: "2025-02-13T17:39:14.986Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23218
Vulnerability from cvelistv5
Published
2024-01-23 00:25
Modified
2025-02-13 17:33
Severity ?
EPSS score ?
Summary
A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.071Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214059", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214055", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214060", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214061", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jan/33", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jan/36", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jan/39", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jan/40", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214085", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-23218", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-23T16:07:56.317583Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-29T14:26:33.596Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T22:07:46.341Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214059", }, { url: "https://support.apple.com/en-us/HT214055", }, { url: "https://support.apple.com/en-us/HT214060", }, { url: "https://support.apple.com/en-us/HT214061", }, { url: "http://seclists.org/fulldisclosure/2024/Jan/33", }, { url: "http://seclists.org/fulldisclosure/2024/Jan/36", }, { url: "http://seclists.org/fulldisclosure/2024/Jan/39", }, { url: "http://seclists.org/fulldisclosure/2024/Jan/40", }, { url: "https://support.apple.com/kb/HT214082", }, { url: "https://support.apple.com/kb/HT214083", }, { url: "https://support.apple.com/kb/HT214085", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23218", datePublished: "2024-01-23T00:25:38.999Z", dateReserved: "2024-01-12T22:22:21.477Z", dateUpdated: "2025-02-13T17:33:58.730Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23293
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23293", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T14:00:43.055654Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-22T15:21:29.502Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.180Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker with physical access may be able to use Siri to access sensitive user data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:00.602Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23293", datePublished: "2024-03-08T01:35:30.712Z", dateReserved: "2024-01-12T22:22:21.501Z", dateUpdated: "2025-02-13T17:39:34.941Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23227
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to read sensitive location information.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.032Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23227", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-28T20:34:59.641464Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-07T15:37:29.253Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to read sensitive location information.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to read sensitive location information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:05.753Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23227", datePublished: "2024-03-08T01:35:34.462Z", dateReserved: "2024-01-12T22:22:21.478Z", dateUpdated: "2025-02-13T17:34:03.815Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23234
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:31.978Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7.4", status: "affected", version: "0", versionType: "custom", }, { lessThan: "13.6.5", status: "affected", version: "13.0", versionType: "custom", }, { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23234", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-30T04:01:01.866476Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-27T16:10:01.066Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to execute arbitrary code with kernel privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code with kernel privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:38.929Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23234", datePublished: "2024-03-08T01:36:20.258Z", dateReserved: "2024-01-12T22:22:21.480Z", dateUpdated: "2025-02-13T17:34:07.503Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23290
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23290", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T15:23:18.674222Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-922", description: "CWE-922 Insecure Storage of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-04T17:27:59.768Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.155Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:31.463Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23290", datePublished: "2024-03-08T01:35:58.743Z", dateReserved: "2024-01-12T22:22:21.501Z", dateUpdated: "2025-02-13T17:39:33.194Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23269
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.077Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23269", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T18:51:49.828003Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-01T20:55:57.224Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to modify protected parts of the file system", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:18.730Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23269", datePublished: "2024-03-08T01:35:59.717Z", dateReserved: "2024-01-12T22:22:21.492Z", dateUpdated: "2025-02-13T17:39:19.797Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-48795
Vulnerability from cvelistv5
Published
2023-12-18 00:00
Modified
2024-08-02 21:46
Severity ?
EPSS score ?
Summary
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:46:27.255Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", }, { tags: [ "x_transferred", ], url: "https://matt.ucc.asn.au/dropbear/CHANGES", }, { tags: [ "x_transferred", ], url: "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", }, { tags: [ "x_transferred", ], url: "https://www.netsarang.com/en/xshell-update-history/", }, { tags: [ "x_transferred", ], url: "https://www.paramiko.org/changelog.html", }, { tags: [ "x_transferred", ], url: "https://www.openssh.com/openbsd.html", }, { tags: [ "x_transferred", ], url: "https://github.com/openssh/openssh-portable/commits/master", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", }, { tags: [ "x_transferred", ], url: "https://www.bitvise.com/ssh-server-version-history", }, { tags: [ "x_transferred", ], url: "https://github.com/ronf/asyncssh/tags", }, { tags: [ "x_transferred", ], url: "https://gitlab.com/libssh/libssh-mirror/-/tags", }, { tags: [ "x_transferred", ], url: "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", }, { tags: [ "x_transferred", ], url: "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", }, { tags: [ "x_transferred", ], url: "https://www.openssh.com/txt/release-9.6", }, { tags: [ "x_transferred", ], url: "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", }, { tags: [ "x_transferred", ], url: "https://www.terrapin-attack.com", }, { tags: [ "x_transferred", ], url: "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", }, { tags: [ "x_transferred", ], url: "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", }, { tags: [ "x_transferred", ], url: "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", }, { tags: [ "x_transferred", ], url: "https://github.com/warp-tech/russh/releases/tag/v0.40.2", }, { tags: [ "x_transferred", ], url: "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/12/18/2", }, { tags: [ "x_transferred", ], url: "https://twitter.com/TrueSkrillor/status/1736774389725565005", }, { tags: [ "x_transferred", ], url: "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", }, { tags: [ "x_transferred", ], url: "https://github.com/paramiko/paramiko/issues/2337", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=38684904", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=38685286", }, { name: "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/18/3", }, { tags: [ "x_transferred", ], url: "https://github.com/mwiede/jsch/issues/457", }, { tags: [ "x_transferred", ], url: "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", }, { tags: [ "x_transferred", ], url: "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", }, { tags: [ "x_transferred", ], url: "https://github.com/advisories/GHSA-45x7-px36-x8w8", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/source-package/libssh2", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2023-48795", }, { tags: [ "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1217950", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { tags: [ "x_transferred", ], url: "https://bugs.gentoo.org/920280", }, { tags: [ "x_transferred", ], url: "https://ubuntu.com/security/CVE-2023-48795", }, { tags: [ "x_transferred", ], url: "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2023-48795", }, { tags: [ "x_transferred", ], url: "https://github.com/mwiede/jsch/pull/461", }, { tags: [ "x_transferred", ], url: "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", }, { tags: [ "x_transferred", ], url: "https://github.com/libssh2/libssh2/pull/1291", }, { tags: [ "x_transferred", ], url: "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", }, { tags: [ "x_transferred", ], url: "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", }, { tags: [ "x_transferred", ], url: "https://github.com/rapier1/hpn-ssh/releases", }, { tags: [ "x_transferred", ], url: "https://github.com/proftpd/proftpd/issues/456", }, { tags: [ "x_transferred", ], url: "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", }, { tags: [ "x_transferred", ], url: "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", }, { tags: [ "x_transferred", ], url: "https://oryx-embedded.com/download/#changelog", }, { tags: [ "x_transferred", ], url: "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", }, { tags: [ "x_transferred", ], url: "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", }, { tags: [ "x_transferred", ], url: "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", }, { tags: [ "x_transferred", ], url: "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", }, { tags: [ "x_transferred", ], url: "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", }, { tags: [ "x_transferred", ], url: "https://crates.io/crates/thrussh/versions", }, { tags: [ "x_transferred", ], url: "https://github.com/NixOS/nixpkgs/pull/275249", }, { name: "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/19/5", }, { tags: [ "x_transferred", ], url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", }, { tags: [ "x_transferred", ], url: "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", }, { name: "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/20/3", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", }, { tags: [ "x_transferred", ], url: "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", }, { tags: [ "x_transferred", ], url: "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/mina-sshd/issues/445", }, { tags: [ "x_transferred", ], url: "https://github.com/hierynomus/sshj/issues/916", }, { tags: [ "x_transferred", ], url: "https://github.com/janmojzis/tinyssh/issues/81", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/12/20/3", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", }, { tags: [ "x_transferred", ], url: "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", }, { name: "FEDORA-2023-0733306be9", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", }, { name: "DSA-5586", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5586", }, { tags: [ "x_transferred", ], url: "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", }, { tags: [ "x_transferred", ], url: "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", }, { tags: [ "x_transferred", ], url: "https://filezilla-project.org/versions.php", }, { tags: [ "x_transferred", ], url: "https://nova.app/releases/#v11.8", }, { tags: [ "x_transferred", ], url: "https://roumenpetrov.info/secsh/#news20231220", }, { tags: [ "x_transferred", ], url: "https://www.vandyke.com/products/securecrt/history.txt", }, { tags: [ "x_transferred", ], url: "https://help.panic.com/releasenotes/transmit5/", }, { tags: [ "x_transferred", ], url: "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", }, { tags: [ "x_transferred", ], url: "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", }, { tags: [ "x_transferred", ], url: "https://winscp.net/eng/docs/history#6.2.2", }, { tags: [ "x_transferred", ], url: "https://www.bitvise.com/ssh-client-version-history#933", }, { tags: [ "x_transferred", ], url: "https://github.com/cyd01/KiTTY/issues/520", }, { name: "DSA-5588", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5588", }, { tags: [ "x_transferred", ], url: "https://github.com/ssh-mitm/ssh-mitm/issues/165", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=38732005", }, { name: "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", }, { name: "GLSA-202312-16", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202312-16", }, { name: "GLSA-202312-17", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202312-17", }, { name: "FEDORA-2023-20feb865d8", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", }, { name: "FEDORA-2023-cb8c606fbb", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", }, { name: "FEDORA-2023-e77300e4b5", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", }, { name: "FEDORA-2023-b87ec6cf47", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", }, { name: "FEDORA-2023-153404713b", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240105-0004/", }, { name: "FEDORA-2024-3bb23c77f3", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", }, { name: "FEDORA-2023-55800423a8", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", }, { name: "FEDORA-2024-d946b9ad25", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", }, { name: "FEDORA-2024-71c2c6526c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", }, { name: "FEDORA-2024-39a8c72ea9", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", }, { tags: [ "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", }, { name: "FEDORA-2024-ae653fb07b", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", }, { name: "FEDORA-2024-2705241461", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", }, { name: "FEDORA-2024-fb32950d11", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", }, { name: "FEDORA-2024-7b08207cdb", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", }, { name: "FEDORA-2024-06ebb70bdd", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", }, { name: "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", }, { name: "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", }, { name: "FEDORA-2024-a53b24023d", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", }, { name: "FEDORA-2024-3fd1bc9276", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214084", }, { name: "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { name: "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", }, { name: "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/04/17/8", }, { name: "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/06/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-01T18:06:23.972272", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", }, { url: "https://matt.ucc.asn.au/dropbear/CHANGES", }, { url: "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", }, { url: "https://www.netsarang.com/en/xshell-update-history/", }, { url: "https://www.paramiko.org/changelog.html", }, { url: "https://www.openssh.com/openbsd.html", }, { url: "https://github.com/openssh/openssh-portable/commits/master", }, { url: "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", }, { url: "https://www.bitvise.com/ssh-server-version-history", }, { url: "https://github.com/ronf/asyncssh/tags", }, { url: "https://gitlab.com/libssh/libssh-mirror/-/tags", }, { url: "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", }, { url: "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", }, { url: "https://www.openssh.com/txt/release-9.6", }, { url: "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", }, { url: "https://www.terrapin-attack.com", }, { url: "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", }, { url: "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", }, { url: "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", }, { url: "https://github.com/warp-tech/russh/releases/tag/v0.40.2", }, { url: "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", }, { url: "https://www.openwall.com/lists/oss-security/2023/12/18/2", }, { url: "https://twitter.com/TrueSkrillor/status/1736774389725565005", }, { url: "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", }, { url: "https://github.com/paramiko/paramiko/issues/2337", }, { url: "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", }, { url: "https://news.ycombinator.com/item?id=38684904", }, { url: "https://news.ycombinator.com/item?id=38685286", }, { name: "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/12/18/3", }, { url: "https://github.com/mwiede/jsch/issues/457", }, { url: "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", }, { url: "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", }, { url: "https://github.com/advisories/GHSA-45x7-px36-x8w8", }, { url: "https://security-tracker.debian.org/tracker/source-package/libssh2", }, { url: "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", }, { url: "https://security-tracker.debian.org/tracker/CVE-2023-48795", }, { url: "https://bugzilla.suse.com/show_bug.cgi?id=1217950", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { url: "https://bugs.gentoo.org/920280", }, { url: "https://ubuntu.com/security/CVE-2023-48795", }, { url: "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", }, { url: "https://access.redhat.com/security/cve/cve-2023-48795", }, { url: "https://github.com/mwiede/jsch/pull/461", }, { url: "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", }, { url: "https://github.com/libssh2/libssh2/pull/1291", }, { url: "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", }, { url: "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", }, { url: "https://github.com/rapier1/hpn-ssh/releases", }, { url: "https://github.com/proftpd/proftpd/issues/456", }, { url: "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", }, { url: "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", }, { url: "https://oryx-embedded.com/download/#changelog", }, { url: "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", }, { url: "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", }, { url: "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", }, { url: "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", }, { url: "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", }, { url: "https://crates.io/crates/thrussh/versions", }, { url: "https://github.com/NixOS/nixpkgs/pull/275249", }, { name: "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/12/19/5", }, { url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", }, { url: "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", }, { name: "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/12/20/3", }, { url: "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", }, { url: "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", }, { url: "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", }, { url: "https://github.com/apache/mina-sshd/issues/445", }, { url: "https://github.com/hierynomus/sshj/issues/916", }, { url: "https://github.com/janmojzis/tinyssh/issues/81", }, { url: "https://www.openwall.com/lists/oss-security/2023/12/20/3", }, { url: "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", }, { url: "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", }, { name: "FEDORA-2023-0733306be9", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", }, { name: "DSA-5586", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5586", }, { url: "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", }, { url: "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", }, { url: "https://filezilla-project.org/versions.php", }, { url: "https://nova.app/releases/#v11.8", }, { url: "https://roumenpetrov.info/secsh/#news20231220", }, { url: "https://www.vandyke.com/products/securecrt/history.txt", }, { url: "https://help.panic.com/releasenotes/transmit5/", }, { url: "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", }, { url: "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", }, { url: "https://winscp.net/eng/docs/history#6.2.2", }, { url: "https://www.bitvise.com/ssh-client-version-history#933", }, { url: "https://github.com/cyd01/KiTTY/issues/520", }, { name: "DSA-5588", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5588", }, { url: "https://github.com/ssh-mitm/ssh-mitm/issues/165", }, { url: "https://news.ycombinator.com/item?id=38732005", }, { name: "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", }, { name: "GLSA-202312-16", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202312-16", }, { name: "GLSA-202312-17", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202312-17", }, { name: "FEDORA-2023-20feb865d8", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", }, { name: "FEDORA-2023-cb8c606fbb", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", }, { name: "FEDORA-2023-e77300e4b5", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", }, { name: "FEDORA-2023-b87ec6cf47", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", }, { name: "FEDORA-2023-153404713b", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", }, { url: "https://security.netapp.com/advisory/ntap-20240105-0004/", }, { name: "FEDORA-2024-3bb23c77f3", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", }, { name: "FEDORA-2023-55800423a8", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", }, { name: "FEDORA-2024-d946b9ad25", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", }, { name: "FEDORA-2024-71c2c6526c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", }, { name: "FEDORA-2024-39a8c72ea9", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", }, { url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", }, { name: "FEDORA-2024-ae653fb07b", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", }, { name: "FEDORA-2024-2705241461", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", }, { name: "FEDORA-2024-fb32950d11", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", }, { name: "FEDORA-2024-7b08207cdb", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", }, { name: "FEDORA-2024-06ebb70bdd", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", }, { name: "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", }, { name: "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", }, { name: "FEDORA-2024-a53b24023d", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", }, { name: "FEDORA-2024-3fd1bc9276", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", }, { url: "https://support.apple.com/kb/HT214084", }, { name: "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { name: "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", }, { name: "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/04/17/8", }, { name: "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/03/06/3", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-48795", datePublished: "2023-12-18T00:00:00", dateReserved: "2023-11-20T00:00:00", dateUpdated: "2024-08-02T21:46:27.255Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23258
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
An out-of-bounds read was addressed with improved input validation. This issue is fixed in visionOS 1.1, macOS Sonoma 14.4. Processing an image may lead to arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23258", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-30T04:01:00.739791Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-25T16:10:52.485Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.080Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An out-of-bounds read was addressed with improved input validation. This issue is fixed in visionOS 1.1, macOS Sonoma 14.4. Processing an image may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing an image may lead to arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:37.170Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23258", datePublished: "2024-03-08T01:36:03.493Z", dateReserved: "2024-01-12T22:22:21.488Z", dateUpdated: "2025-02-13T17:34:21.334Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23259
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-03-28 23:19
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23259", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T16:11:48.549633Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-28T23:19:58.776Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.176Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.", }, ], problemTypes: [ { descriptions: [ { description: "Processing web content may lead to a denial-of-service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:42.285Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23259", datePublished: "2024-03-08T01:36:21.185Z", dateReserved: "2024-01-12T22:22:21.488Z", dateUpdated: "2025-03-28T23:19:58.776Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23205
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:33
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access sensitive user data.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:31.837Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23205", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-05T20:03:02.768427Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-922", description: "CWE-922 Insecure Storage of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-20T15:41:30.858Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access sensitive user data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access sensitive user data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:21.048Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23205", datePublished: "2024-03-08T01:35:46.579Z", dateReserved: "2024-01-12T22:22:21.476Z", dateUpdated: "2025-02-13T17:33:51.048Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23275
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-03-27 14:29
Severity ?
EPSS score ?
Summary
A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to access protected user data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23275", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-12T18:13:13.376117Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T14:29:34.074Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.168Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to access protected user data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access protected user data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:45.432Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23275", datePublished: "2024-03-08T01:36:18.366Z", dateReserved: "2024-01-12T22:22:21.498Z", dateUpdated: "2025-03-27T14:29:34.074Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23276
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-19 15:55
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.261Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7.4", status: "affected", version: "0", versionType: "custom", }, { lessThan: "13.6.5", status: "affected", version: "13.0", versionType: "custom", }, { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23276", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-12T04:00:33.466496Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-19T15:55:10.784Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to elevate privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:49.367Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23276", datePublished: "2024-03-08T01:35:18.583Z", dateReserved: "2024-01-12T22:22:21.498Z", dateUpdated: "2025-03-19T15:55:10.784Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23216
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:33
Severity ?
EPSS score ?
Summary
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to overwrite arbitrary files.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:31.962Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7", status: "affected", version: "12.0", versionType: "custom", }, { lessThan: "13.6", status: "affected", version: "13.0", versionType: "custom", }, { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23216", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-12T18:11:26.025017Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-28T14:09:29.822Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to overwrite arbitrary files.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to overwrite arbitrary files", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:40.565Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23216", datePublished: "2024-03-08T01:35:25.068Z", dateReserved: "2024-01-12T22:22:21.477Z", dateUpdated: "2025-02-13T17:33:57.500Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23299
Vulnerability from cvelistv5
Published
2024-06-10 19:20
Modified
2024-08-20 15:10
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to break out of its sandbox.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.261Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7.4", status: "affected", version: "0", versionType: "custom", }, { lessThan: "13.6.5", status: "affected", version: "13.0", versionType: "custom", }, { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23299", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-20T14:00:04.414834Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-250", description: "CWE-250 Execution with Unnecessary Privileges", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-20T15:10:10.174Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to break out of its sandbox.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to break out of its sandbox", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-10T19:20:57.952Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23299", datePublished: "2024-06-10T19:20:57.952Z", dateReserved: "2024-01-12T22:22:21.502Z", dateUpdated: "2024-08-20T15:10:10.174Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23232
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-27 20:46
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4. An app may be able to capture a user's screen.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23232", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T15:34:07.051922Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-922", description: "CWE-922 Insecure Storage of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T20:46:41.458Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.081Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4. An app may be able to capture a user's screen.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to capture a user's screen", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:27.565Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23232", datePublished: "2024-03-08T01:35:56.823Z", dateReserved: "2024-01-12T22:22:21.479Z", dateUpdated: "2025-03-27T20:46:41.458Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23242
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
A privacy issue was addressed by not logging contents of text fields. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to view Mail data.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23242", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T15:21:43.014765Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532 Insertion of Sensitive Information into Log File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-04T21:22:04.085Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.157Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed by not logging contents of text fields. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to view Mail data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to view Mail data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:58.984Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23242", datePublished: "2024-03-08T01:36:08.176Z", dateReserved: "2024-01-12T22:22:21.482Z", dateUpdated: "2025-02-13T17:34:11.302Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23201
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:33
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.4, watchOS 10.3, tvOS 17.3, macOS Ventura 13.6.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. An app may be able to cause a denial-of-service.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23201", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T15:45:11.114817Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-276", description: "CWE-276 Incorrect Default Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-01T15:10:28.785Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.051Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214059", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214055", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214060", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214061", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214060", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214059", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214061", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214055", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.4, watchOS 10.3, tvOS 17.3, macOS Ventura 13.6.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. An app may be able to cause a denial-of-service.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to cause a denial-of-service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T22:07:55.363Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214059", }, { url: "https://support.apple.com/en-us/HT214055", }, { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214060", }, { url: "https://support.apple.com/en-us/HT214061", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/kb/HT214060", }, { url: "https://support.apple.com/kb/HT214059", }, { url: "https://support.apple.com/kb/HT214061", }, { url: "https://support.apple.com/kb/HT214055", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23201", datePublished: "2024-03-08T01:35:23.180Z", dateReserved: "2024-01-12T22:22:21.475Z", dateUpdated: "2025-02-13T17:33:49.280Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23263
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:16.7:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "16.7", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:16.7:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "16.7", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "14.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "webkitgtk", vendor: "webkitgtk", versions: [ { lessThan: "2.45.2", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "safari", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23263", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-18T04:00:44.910447Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-06T14:06:07.414Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.071Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214089", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may prevent Content Security Policy from being enforced", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-07T06:06:05.876Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214089", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23263", datePublished: "2024-03-08T01:36:19.295Z", dateReserved: "2024-01-12T22:22:21.490Z", dateUpdated: "2025-02-13T17:39:16.216Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-42816
Vulnerability from cvelistv5
Published
2024-01-10 22:03
Modified
2025-02-13 16:33
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:19:05.129Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213488", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to modify protected parts of the file system", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:10.936Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213488", }, { url: "https://support.apple.com/kb/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2022-42816", datePublished: "2024-01-10T22:03:49.458Z", dateReserved: "2022-10-11T16:52:53.371Z", dateUpdated: "2025-02-13T16:33:22.424Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23265
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:1.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "13.6", status: "affected", version: "0", versionType: "custom", }, { lessThan: "14.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23265", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T15:03:28.697942Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-31T18:06:57.257Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.131Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to cause unexpected system termination or write kernel memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:43.897Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23265", datePublished: "2024-03-08T01:35:55.871Z", dateReserved: "2024-01-12T22:22:21.490Z", dateUpdated: "2025-02-13T17:39:17.449Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23277
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-13 17:06
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23277", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T14:20:08.272349Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T17:06:27.891Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.127Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:02.470Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23277", datePublished: "2024-03-08T01:35:27.903Z", dateReserved: "2024-01-12T22:22:21.498Z", dateUpdated: "2025-03-13T17:06:27.891Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23286
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. Processing an image may lead to arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "custom", }, { lessThan: "16.7", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7", status: "affected", version: "12.0", versionType: "custom", }, { lessThan: "13.6", status: "affected", version: "13.0", versionType: "custom", }, { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "custom", }, { lessThan: "16.7", status: "affected", version: "16.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23286", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-11T04:01:01.218461Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-30T15:25:19.865Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.209Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. Processing an image may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing an image may lead to arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:10.565Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23286", datePublished: "2024-03-08T01:36:00.661Z", dateReserved: "2024-01-12T22:22:21.500Z", dateUpdated: "2025-02-13T17:39:30.696Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23267
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-13 13:27
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to bypass certain Privacy preferences.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.087Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23267", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-28T15:44:46.855450Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T13:27:39.186Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to bypass certain Privacy preferences.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to bypass certain Privacy preferences", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:33.763Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23267", datePublished: "2024-03-08T01:35:40.987Z", dateReserved: "2024-01-12T22:22:21.491Z", dateUpdated: "2025-03-13T13:27:39.186Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23249
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.139Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23249", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-05T20:01:58.683872Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-404", description: "CWE-404 Improper Resource Shutdown or Release", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-04T21:02:04.658Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents.", }, ], problemTypes: [ { descriptions: [ { description: "Processing a file may lead to a denial-of-service or potentially disclose memory contents", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:04.057Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23249", datePublished: "2024-03-08T01:35:57.762Z", dateReserved: "2024-01-12T22:22:21.486Z", dateUpdated: "2025-02-13T17:34:16.148Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23225
Vulnerability from cvelistv5
Published
2024-03-05 19:24
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:12.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7.4", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "13.6.5", status: "affected", version: "13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23225", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-28T13:58:10.651057Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-03-06", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-23225", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-28T13:58:44.770Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.048Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214088", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214087", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/19", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/18", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:12.747Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/kb/HT214083", }, { url: "https://support.apple.com/kb/HT214088", }, { url: "https://support.apple.com/kb/HT214084", }, { url: "https://support.apple.com/kb/HT214086", }, { url: "https://support.apple.com/kb/HT214085", }, { url: "https://support.apple.com/kb/HT214087", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/19", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/18", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23225", datePublished: "2024-03-05T19:24:12.330Z", dateReserved: "2024-01-12T22:22:21.478Z", dateUpdated: "2025-02-13T17:34:02.577Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23292
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-27 20:22
Severity ?
EPSS score ?
Summary
This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access information about a user's contacts.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23292", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T15:32:21.572694Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T20:22:36.525Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.159Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access information about a user's contacts.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access information about a user's contacts", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:28.460Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23292", datePublished: "2024-03-08T01:35:44.713Z", dateReserved: "2024-01-12T22:22:21.501Z", dateUpdated: "2025-03-27T20:22:36.525Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-51385
Vulnerability from cvelistv5
Published
2023-12-18 00:00
Modified
2024-08-02 22:32
Severity ?
EPSS score ?
Summary
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:32:09.069Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.openssh.com/txt/release-9.6", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/12/18/2", }, { tags: [ "x_transferred", ], url: "https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a", }, { name: "DSA-5586", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5586", }, { tags: [ "x_transferred", ], url: "https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html", }, { name: "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", }, { name: "[oss-security] 20231226 CVE-2023-51385, CVE-2023-6004: OpenSSH, libssh: Security weakness in ProxyCommand handling", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/26/4", }, { name: "GLSA-202312-17", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202312-17", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240105-0005/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214084", }, { name: "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:08.727930", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.openssh.com/txt/release-9.6", }, { url: "https://www.openwall.com/lists/oss-security/2023/12/18/2", }, { url: "https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a", }, { name: "DSA-5586", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5586", }, { url: "https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html", }, { name: "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", }, { name: "[oss-security] 20231226 CVE-2023-51385, CVE-2023-6004: OpenSSH, libssh: Security weakness in ProxyCommand handling", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/12/26/4", }, { name: "GLSA-202312-17", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202312-17", }, { url: "https://security.netapp.com/advisory/ntap-20240105-0005/", }, { url: "https://support.apple.com/kb/HT214084", }, { name: "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-51385", datePublished: "2023-12-18T00:00:00", dateReserved: "2023-12-18T00:00:00", dateUpdated: "2024-08-02T22:32:09.069Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23244
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-13 20:33
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4. An app from a standard user account may be able to escalate privilege after admin user login.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.105Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7.4", status: "affected", version: "0", versionType: "custom", }, { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23244", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-30T04:01:05.809509Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T20:33:11.673Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4. An app from a standard user account may be able to escalate privilege after admin user login.", }, ], problemTypes: [ { descriptions: [ { description: "An app from a standard user account may be able to escalate privilege after admin user login", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:14.844Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23244", datePublished: "2024-03-08T01:35:47.494Z", dateReserved: "2024-01-12T22:22:21.483Z", dateUpdated: "2025-03-13T20:33:11.673Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-48554
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:17:55.372Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugs.astron.com/view.php?id=310", }, { name: "DSA-5489", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5489", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231116-0002/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214088", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214086", }, { name: "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { name: "20240313 APPLE-SA-03-07-2024-6 tvOS 17.4", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { name: "20240313 APPLE-SA-03-07-2024-5 watchOS 10.4", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T22:07:17.737915", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugs.astron.com/view.php?id=310", }, { name: "DSA-5489", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5489", }, { url: "https://security.netapp.com/advisory/ntap-20231116-0002/", }, { url: "https://support.apple.com/kb/HT214081", }, { url: "https://support.apple.com/kb/HT214088", }, { url: "https://support.apple.com/kb/HT214084", }, { url: "https://support.apple.com/kb/HT214086", }, { name: "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { name: "20240313 APPLE-SA-03-07-2024-6 tvOS 17.4", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { name: "20240313 APPLE-SA-03-07-2024-5 watchOS 10.4", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-48554", datePublished: "2023-08-22T00:00:00", dateReserved: "2023-07-23T00:00:00", dateUpdated: "2024-08-03T15:17:55.372Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-42853
Vulnerability from cvelistv5
Published
2024-02-21 06:41
Modified
2025-03-27 14:49
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-42853", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-21T15:25:09.119309Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T14:49:38.987Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T19:30:24.698Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213984", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213985", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213983", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:19.354Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT213984", }, { url: "https://support.apple.com/en-us/HT213985", }, { url: "https://support.apple.com/en-us/HT213983", }, { url: "https://support.apple.com/kb/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2023-42853", datePublished: "2024-02-21T06:41:56.156Z", dateReserved: "2023-09-14T19:05:11.451Z", dateUpdated: "2025-03-27T14:49:38.987Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23289
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical access to a device may be able to use Siri to access private calendar information.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23289", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T14:58:26.390845Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-06T15:31:14.739Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.208Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical access to a device may be able to use Siri to access private calendar information.", }, ], problemTypes: [ { descriptions: [ { description: "A person with physical access to a device may be able to use Siri to access private calendar information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:24.406Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23289", datePublished: "2024-03-08T01:35:36.328Z", dateReserved: "2024-01-12T22:22:21.501Z", dateUpdated: "2025-02-13T17:39:32.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23264
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An application may be able to read restricted memory.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23264", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-12T15:41:26.141786Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-21T19:24:54.827Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.171Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An application may be able to read restricted memory.", }, ], problemTypes: [ { descriptions: [ { description: "An application may be able to read restricted memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:47.181Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23264", datePublished: "2024-03-08T01:35:53.088Z", dateReserved: "2024-01-12T22:22:21.490Z", dateUpdated: "2025-02-13T17:39:16.817Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23294
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-28 23:37
Severity ?
EPSS score ?
Summary
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4. Processing malicious input may lead to code execution.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.236Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23294", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-29T04:00:24.565049Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-28T23:37:44.309Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4. Processing malicious input may lead to code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing malicious input may lead to code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:27.699Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23294", datePublished: "2024-03-08T01:35:26.964Z", dateReserved: "2024-01-12T22:22:21.502Z", dateUpdated: "2025-03-28T23:37:44.309Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23255
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. Photos in the Hidden Photos Album may be viewed without authentication.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.121Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23255", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-05T14:47:13.410010Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-05T14:47:23.273Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. Photos in the Hidden Photos Album may be viewed without authentication.", }, ], problemTypes: [ { descriptions: [ { description: "Photos in the Hidden Photos Album may be viewed without authentication", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:41.681Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23255", datePublished: "2024-03-08T01:36:16.498Z", dateReserved: "2024-01-12T22:22:21.487Z", dateUpdated: "2025-02-13T17:34:19.515Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-0258
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-03-17 15:10
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T17:41:16.421Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-0258", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-11T04:01:22.658760Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-17T15:10:31.385Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:22.766Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-0258", datePublished: "2024-03-08T01:36:10.920Z", dateReserved: "2024-01-05T23:15:07.340Z", dateUpdated: "2025-03-17T15:10:31.385Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23281
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4. An app may be able to access sensitive user data.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.124Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23281", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T18:39:28.031788Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-05T21:14:03.101Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4. An app may be able to access sensitive user data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access sensitive user data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:55.682Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23281", datePublished: "2024-03-08T01:36:10.006Z", dateReserved: "2024-01-12T22:22:21.499Z", dateUpdated: "2025-02-13T17:39:27.331Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.