Page 439 of 37780 results (0.097 seconds)

CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0

An app may be able to execute arbitrary code with kernel privileges. • http://seclists.org/fulldisclosure/2024/May/12 https://support.apple.com/en-us/HT214106 https://support.apple.com/kb/HT214106 • CWE-358: Improperly Implemented Security Check for Standard •

CVSS: 8.1EPSS: 0%CPEs: -EXPL: 1

An app may be able to execute arbitrary code with kernel privileges. • https://github.com/R00tkitSMM/CVE-2024-27804 http://seclists.org/fulldisclosure/2024/May/10 http://seclists.org/fulldisclosure/2024/May/12 http://seclists.org/fulldisclosure/2024/May/16 http://seclists.org/fulldisclosure/2024/May/17 https://support.apple.com/en-us/HT214101 https://support.apple.com/en-us/HT214102 https://support.apple.com/en-us/HT214104 https://support.apple.com/en-us/HT214106 https://support.apple.com/kb/HT214101 https://support.apple.com/kb/ • CWE-1325: Improperly Controlled Sequential Memory Allocation •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

Processing a file may lead to unexpected app termination or arbitrary code execution. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. • http://seclists.org/fulldisclosure/2024/May/12 https://support.apple.com/en-us/HT214106 https://support.apple.com/kb/HT214106 • CWE-788: Access of Memory Location After End of Buffer •

CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0

An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. • http://seclists.org/fulldisclosure/2024/May/12 https://support.apple.com/en-us/HT214106 https://support.apple.com/kb/HT214106 •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. • https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •