2361
|
4.4 |
MEDIUM
Local
|
apple
|
macos
|
This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15. An app with root privileges may be able to access private information.
|
NVD-CWE-noinfo
|
CVE-2024-44130
|
2024-09-25 03:49 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2362
|
6.5 |
MEDIUM
Adjacent
|
sonos
|
era_100_firmware
|
Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected install…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-5268
|
2024-09-25 03:47 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2363
|
4.3 |
MEDIUM
Adjacent
|
sonos
|
era_100_firmware
|
Sonos Era 100 SMB2 Message Handling Integer Underflow Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installa…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2024-5256
|
2024-09-25 03:41 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2364
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read sensitive location informa…
|
NVD-CWE-noinfo
|
CVE-2024-44181
|
2024-09-25 03:39 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2365
|
7.5 |
HIGH
Network
apple
|
macos
|
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. A logic issue existed where a process may be able to capture screen contents without user consent.
|
NVD-CWE-noinfo
|
CVE-2024-44189
|
2024-09-25 03:33 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2366
|
2.4 |
LOW
Physics
|
apple
|
iphone_os ipad_os
|
The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.
|
NVD-CWE-noinfo
|
CVE-2024-44139
|
2024-09-25 03:30 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2367
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information.
|
NVD-CWE-noinfo
|
CVE-2024-44134
|
2024-09-25 03:26 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2368
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. On MDM managed devices, an app may be able to bypass certain Privacy preferences.
|
NVD-CWE-noinfo
|
CVE-2024-44133
|
2024-09-25 03:24 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2369
|
6.1 |
MEDIUM
Network
|
likebtn
|
like_button_rating
|
Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button Rating allows Cross-Site Scripting (XSS).This issue affects Like Button Rating: from n/a through 2.6.54.
|
CWE-352
Origin Validation Error
|
CVE-2024-44064
|
2024-09-25 03:15 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2370
|
9.8 |
CRITICAL
Network
tenda
|
ac15_firmware
|
Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.
|
CWE-77
Command Injection
|
CVE-2023-36103
|
2024-09-25 03:10 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|