CVE-2024-28089
https://notcve.org/view.php?id=CVE-2024-28089
This can cause a denial of service or lead to information disclosure. • https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-28089 https://github.com/actuator/cve/blob/main/Hitron/Hitron_DOM_XSS_POC.gif https://github.com/actuator/cve/blob/main/Hitron/Hitron_DOM_XSS_POC_DOS_ALT.gif • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-23286 – Apple macOS CoreGraphics Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23286
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. Processing an image may lead to arbitrary code execution. Se solucionó un problema de desbordamiento del búfer mejorando el manejo de la memoria. Este problema se solucionó en macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6, tvOS 17.4. • http://seclists.org/fulldisclosure/2024/Mar/21 http://seclists.org/fulldisclosure/2024/Mar/22 http://seclists.org/fulldisclosure/2024/Mar/23 http://seclists.org/fulldisclosure/2024/Mar/24 http://seclists.org/fulldisclosure/2024/Mar/25 http://seclists.org/fulldisclosure/2024/Mar/26 https://support.apple.com/en-us/HT214081 https://support.apple.com/en-us/HT214082 https://support.apple.com/en-us/HT214083 https://support.apple.com/en-us/HT214084 https://support.apple • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-23264 – Apple macOS Metal Framework PVR File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23264
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An application may be able to read restricted memory. Se solucionó un problema de validación con una mejor desinfección de los insumos. Este problema se solucionó en macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, iOS 16.7.6 y iPadOS 16.7.6, tvOS 17.4. • http://seclists.org/fulldisclosure/2024/Mar/21 http://seclists.org/fulldisclosure/2024/Mar/22 http://seclists.org/fulldisclosure/2024/Mar/23 http://seclists.org/fulldisclosure/2024/Mar/25 http://seclists.org/fulldisclosure/2024/Mar/26 https://support.apple.com/en-us/HT214081 https://support.apple.com/en-us/HT214082 https://support.apple.com/en-us/HT214083 https://support.apple.com/en-us/HT214084 https://support.apple.com/en-us/HT214085 https://support.apple.com •
CVE-2024-23257 – Apple macOS JP2 Image Parsing Uninitialized Pointer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23257
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 y iPadOS 16.7.6. • http://seclists.org/fulldisclosure/2024/Mar/21 http://seclists.org/fulldisclosure/2024/Mar/22 http://seclists.org/fulldisclosure/2024/Mar/23 http://seclists.org/fulldisclosure/2024/Mar/26 https://support.apple.com/en-us/HT214082 https://support.apple.com/en-us/HT214083 https://support.apple.com/en-us/HT214084 https://support.apple.com/en-us/HT214085 https://support.apple.com/en-us/HT214087 •
CVE-2024-26309
https://notcve.org/view.php?id=CVE-2024-26309
Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensitive information disclosure vulnerability. • https://archerirm.com https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/717102 •