CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44260 – Apple Security Advisory 10-28-2024-5
https://notcve.org/view.php?id=CVE-2024-44260
28 Oct 2024 — This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious app with root privileges may be able to modify the contents of system files. macOS Sonoma 14.7.1 addresses buffer overflow, bypass, information leakage, out of bounds access, out of bounds read, and out of bounds write vulnerabilities. • https://support.apple.com/en-us/121568 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44237 – Apple macOS ICC Profile Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-44237
28 Oct 2024 — An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to unexpected app termination. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin... • https://support.apple.com/en-us/121568 • CWE-125: Out-of-bounds Read •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44295 – Apple Security Advisory 10-28-2024-5
https://notcve.org/view.php?id=CVE-2024-44295
28 Oct 2024 — This issue was addressed with additional entitlement checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to modify protected parts of the file system. macOS Sonoma 14.7.1 addresses buffer overflow, bypass, information leakage, out of bounds access, out of bounds read, and out of bounds write vulnerabilities. • https://support.apple.com/en-us/121568 •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-44145
https://notcve.org/view.php?id=CVE-2024-44145
28 Oct 2024 — This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen. • https://support.apple.com/en-us/121238 •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44256 – Apple Security Advisory 10-28-2024-5
https://notcve.org/view.php?id=CVE-2024-44256
28 Oct 2024 — The issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to break out of its sandbox. macOS Sonoma 14.7.1 addresses buffer overflow, bypass, information leakage, out of bounds access, out of bounds read, and out of bounds write vulnerabilities. • https://support.apple.com/en-us/121568 •
CVSS: 9.8EPSS: 1%CPEs: 42EXPL: 0CVE-2024-40782 – webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management
https://notcve.org/view.php?id=CVE-2024-40782
29 Jul 2024 — A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service. • https://support.apple.com/en-us/HT214121 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27886 – Apple Security Advisory 09-16-2024-10
https://notcve.org/view.php?id=CVE-2024-27886
29 Jul 2024 — A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.4. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode. macOS Ventura 13.7 addresses buffer overflow, bypass, out of bounds access, out of bounds read, and spoofing vulnerabilities. • https://support.apple.com/en-us/HT214084 • CWE-783: Operator Precedence Logic Error •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42959
https://notcve.org/view.php?id=CVE-2023-42959
29 Jul 2024 — A race condition was addressed with improved state handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/HT213940 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.0EPSS: 0%CPEs: 25EXPL: 0CVE-2021-3187
https://notcve.org/view.php?id=CVE-2021-3187
11 Dec 2023 — An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.) Se descubrió un problema en BeyondTrust Privilege Management para Mac anterior a la versión 5.7. Un usuario autenticado y sin privil... • https://www.beyondtrust.com/docs/release-notes/privilege-management/index.htm •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34045 – VMware Fusion installer local privilege escalation
https://notcve.org/view.php?id=CVE-2023-34045
20 Oct 2023 — VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. VMware Fusion (13.x anterior a 13.5) contiene una vulne... • https://www.vmware.com/security/advisories/VMSA-2023-0022.html • CWE-269: Improper Privilege Management •