CVE-2024-0045
https://notcve.org/view.php?id=CVE-2024-0045
This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7d0f696f450241d8ba7a168ba14fa7b75032f0c9 https://source.android.com/security/bulletin/2024-03-01 • CWE-20: Improper Input Validation •
CVE-2024-28089
https://notcve.org/view.php?id=CVE-2024-28089
This can cause a denial of service or lead to information disclosure. • https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-28089 https://github.com/actuator/cve/blob/main/Hitron/Hitron_DOM_XSS_POC.gif https://github.com/actuator/cve/blob/main/Hitron/Hitron_DOM_XSS_POC_DOS_ALT.gif • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-23286 – Apple macOS CoreGraphics Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23286
The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • http://seclists.org/fulldisclosure/2024/Mar/21 http://seclists.org/fulldisclosure/2024/Mar/22 http://seclists.org/fulldisclosure/2024/Mar/23 http://seclists.org/fulldisclosure/2024/Mar/24 http://seclists.org/fulldisclosure/2024/Mar/25 http://seclists.org/fulldisclosure/2024/Mar/26 https://support.apple.com/en-us/HT214081 https://support.apple.com/en-us/HT214082 https://support.apple.com/en-us/HT214083 https://support.apple.com/en-us/HT214084 https://support.apple • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-23264 – Apple macOS Metal Framework PVR File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23264
The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • http://seclists.org/fulldisclosure/2024/Mar/21 http://seclists.org/fulldisclosure/2024/Mar/22 http://seclists.org/fulldisclosure/2024/Mar/23 http://seclists.org/fulldisclosure/2024/Mar/25 http://seclists.org/fulldisclosure/2024/Mar/26 https://support.apple.com/en-us/HT214081 https://support.apple.com/en-us/HT214082 https://support.apple.com/en-us/HT214083 https://support.apple.com/en-us/HT214084 https://support.apple.com/en-us/HT214085 https://support.apple.com •
CVE-2024-23257 – Apple macOS JP2 Image Parsing Uninitialized Pointer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23257
Crafted data in a JP2 image can trigger access to a pointer prior to initialization. • http://seclists.org/fulldisclosure/2024/Mar/21 http://seclists.org/fulldisclosure/2024/Mar/22 http://seclists.org/fulldisclosure/2024/Mar/23 http://seclists.org/fulldisclosure/2024/Mar/26 https://support.apple.com/en-us/HT214082 https://support.apple.com/en-us/HT214083 https://support.apple.com/en-us/HT214084 https://support.apple.com/en-us/HT214085 https://support.apple.com/en-us/HT214087 •