Page 17 of 11232 results (0.004 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2

CVE-2024-23738

https://notcve.org/view.php?id=CVE-2024-23738

An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute the report's accuracy ... the configuration does not enable remote code execution.." Un problema en Postman versión 10.22 y anteriores en macOS permite a un atacante remoto ejecutar código arbitrario a través de la configuración RunAsNode y enableNodeClilnspectArguments. • https://github.com/giovannipajeu1/CVE-2024-23738 https://github.com/V3x0r/CVE-2024-23738 https://www.electronjs.org/blog/statement-run-as-node-cves •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3

CVE-2024-23739

https://notcve.org/view.php?id=CVE-2024-23739

An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. Un problema en Discord para macOS versión 0.0.291 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de la configuración RunAsNode y enableNodeClilnspectArguments. • https://github.com/giovannipajeu1/CVE-2024-23739 https://github.com/giovannipajeu1/CVE-2024-23740 https://github.com/V3x0r/CVE-2024-23739 https://www.electronjs.org/blog/statement-run-as-node-cves •

CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 2

CVE-2024-23743

https://notcve.org/view.php?id=CVE-2024-23743

Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment." Un problema en Notion para macOS versión 3.1.0 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de los componentes RunAsNode y enableNodeClilnspectArguments. • https://github.com/giovannipajeu1/CVE-2024-23743 https://github.com/V3x0r/CVE-2024-23743 https://github.com/r3ggi/electroniz3r https://www.electronjs.org/blog/statement-run-as-node-cves • CWE-250: Execution with Unnecessary Privileges •

CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0

CVE-2024-23218

https://notcve.org/view.php?id=CVE-2024-23218

A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key. Se solucionó un problema del canal lateral de temporización con mejoras en el cálculo de tiempo constante en funciones criptográficas. Este problema se solucionó en macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3. • http://seclists.org/fulldisclosure/2024/Jan/33 http://seclists.org/fulldisclosure/2024/Jan/36 http://seclists.org/fulldisclosure/2024/Jan/39 http://seclists.org/fulldisclosure/2024/Jan/40 http://seclists.org/fulldisclosure/2024/Mar/22 http://seclists.org/fulldisclosure/2024/Mar/23 https://support.apple.com/en-us/HT214055 https://support.apple.com/en-us/HT214059 https://support.apple.com/en-us/HT214060 https://support.apple.com/en-us/HT214061 https://support.apple • CWE-203: Observable Discrepancy •

CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-42887

https://notcve.org/view.php?id=CVE-2023-42887

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2. An app may be able to read arbitrary files. Se solucionó un problema de acceso con restricciones adicionales de la sandbox. Este problema se solucionó en macOS Ventura 13.6.4, macOS Sonoma 14.2. • http://seclists.org/fulldisclosure/2024/Jan/37 https://support.apple.com/en-us/HT214036 https://support.apple.com/en-us/HT214058 https://support.apple.com/kb/HT214036 •