CVE-2024-40784 – Apple macOS ImageIO KTX Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-40784
The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • https://support.apple.com/en-us/HT214117 https://support.apple.com/en-us/HT214116 https://support.apple.com/en-us/HT214120 https://support.apple.com/en-us/HT214124 https://support.apple.com/en-us/HT214119 https://support.apple.com/en-us/HT214123 https://support.apple.com/en-us/HT214122 http://seclists.org/fulldisclosure/2024/Jul/16 http://seclists.org/fulldisclosure/2024/Jul/23 http://seclists.org/fulldisclosure/2024/Jul/21 http://seclists.org/fulldisclosure/202 •
CVE-2024-27877 – Apple macOS AppleVADriver Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-27877
The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • https://support.apple.com/en-us/HT214120 https://support.apple.com/en-us/HT214119 https://support.apple.com/en-us/HT214118 http://seclists.org/fulldisclosure/2024/Jul/20 http://seclists.org/fulldisclosure/2024/Jul/18 http://seclists.org/fulldisclosure/2024/Jul/19 •
CVE-2024-40789 – Apple WebKit WebCodecs VideoFrame Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-40789
The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • https://support.apple.com/en-us/HT214121 https://support.apple.com/en-us/HT214117 https://support.apple.com/en-us/HT214116 https://support.apple.com/en-us/HT214124 https://support.apple.com/en-us/HT214119 https://support.apple.com/en-us/HT214123 https://support.apple.com/en-us/HT214122 https://support.apple.com/kb/HT214121 http://seclists.org/fulldisclosure/2024/Jul/16 http://seclists.org/fulldisclosure/2024/Jul/15 http://seclists.org/fulldisclosure/2024/Jul/ • CWE-125: Out-of-bounds Read •
CVE-2024-27863
https://notcve.org/view.php?id=CVE-2024-27863
An information disclosure issue was addressed with improved private data redaction for log entries. • https://support.apple.com/en-us/HT214117 https://support.apple.com/en-us/HT214124 https://support.apple.com/en-us/HT214119 https://support.apple.com/en-us/HT214123 https://support.apple.com/en-us/HT214122 http://seclists.org/fulldisclosure/2024/Jul/16 http://seclists.org/fulldisclosure/2024/Jul/23 http://seclists.org/fulldisclosure/2024/Jul/21 http://seclists.org/fulldisclosure/2024/Jul/22 http://seclists.org/fulldisclosure/2024/Jul/18 •
CVE-2024-6620
https://notcve.org/view.php?id=CVE-2024-6620
A(n) attacker could potentially inject malicious code which may lead to information disclosure, session theft, or client-side request forgery. • https://sps.honeywell.com/us/en/support/productivity/cyber-security-notifications • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-602: Client-Side Enforcement of Server-Side Security •