Page 49 of 851 results (0.004 seconds)

CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression • https://support.apple.com/en-us/HT213488 https://support.apple.com/en-us/HT213603 https://support.apple.com/en-us/HT213604 •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/HT213603 https://support.apple.com/en-us/HT213604 https://support.apple.com/en-us/HT213605 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key • https://support.apple.com/en-us/HT213488 •

CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 1

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue. • http://www.openwall.com/lists/oss-security/2023/06/23/10 http://www.openwall.com/lists/oss-security/2023/06/26/1 https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2 https://github.com/OpenPrinting/cups/releases/tag/v2.4.6 https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25 https://lists.debian.org/debian-lts-announce/2023/06/msg00038.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7I7DWGYGE • CWE-416: Use After Free •

CVSS: 9.8EPSS: 2%CPEs: 9EXPL: 0

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. There is a use-after-free vulnerability in libIPTelephony.dylib inside the SIP message decoder (SipMessageDecoder::decode() function). The vulnerable library is present on both iOS and macOS and was confirmed on macOS Ventura 13.2.1. • https://support.apple.com/en-us/HT213757 https://support.apple.com/en-us/HT213758 https://support.apple.com/en-us/HT213759 https://support.apple.com/en-us/HT213760 https://support.apple.com/en-us/HT213761 https://support.apple.com/en-us/HT213764 https://support.apple.com/en-us/HT213765 • CWE-416: Use After Free •