3375 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 25EXPL: 0

An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.) Se descubrió un problema en BeyondTrust Privilege Management para Mac anterior a la versión 5.7. Un usuario autenticado y sin privilegios puede elevar sus privilegios ejecutando un script malicioso (que se ejecuta como raíz desde un directorio temporal) durante el tiempo de instalación. • https://www.beyondtrust.com/docs/release-notes/privilege-management/index.htm https://www.beyondtrust.com/trust-center/security-advisories/bt22-06 •

CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0

A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges. Se ha solucionado un problema de confusión de tipos mejorando la gestión de estados. Este problema se ha corregido en la actualización de seguridad 2022-003 Catalina, macOS Monterey 12.3 y macOS Big Sur 11.6.5. • https://support.apple.com/en-us/HT213183 https://support.apple.com/en-us/HT213184 https://support.apple.com/en-us/HT213185 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software. • https://psirt.canon/advisory-information/cp2023-002 https://psirt.canon/hardening • CWE-522: Insufficiently Protected Credentials CWE-549: Missing Password Field Masking •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software. • https://psirt.canon/advisory-information/cp2023-002 https://psirt.canon/hardening • CWE-326: Inadequate Encryption Strength •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

This issue was addressed by removing the vulnerable code. This issue is fixed in GarageBand for macOS 10.4.8. An app may be able to gain elevated privileges during the installation of GarageBand. • https://support.apple.com/en-us/HT213650 •