|
319771
|
5.5 |
MEDIUM
Local
|
apple
|
ipados
iphone_os
macos
visionos
tvos
watchos
|
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-27880
|
2024-09-25 01:34 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319772
|
9.9 |
CRITICAL
Network
|
tuzitio
|
camaleon_cms
|
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authentic…
|
CWE-22
Path Traversal
|
CVE-2024-46986
|
2024-09-25 01:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319773
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file…
|
CWE-59
Link Following
|
CVE-2024-44178
|
2024-09-25 01:28 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319774
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A privacy issue was addressed by removing sensitive data. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.
|
NVD-CWE-noinfo
|
CVE-2024-44177
|
2024-09-25 01:28 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319775
|
7.7 |
HIGH
Network
|
tuzitio
|
camaleon_cms
|
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authentica…
|
CWE-22
Path Traversal
|
CVE-2024-46987
|
2024-09-25 01:27 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319776
|
4.6 |
MEDIUM
Physics
|
apple
|
ipados
iphone_os
watchos
|
This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, watchOS 11. An attacker with physical access to a locked device may …
|
NVD-CWE-noinfo
|
CVE-2024-44171
|
2024-09-25 01:22 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319777
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the fil…
|
NVD-CWE-noinfo
|
CVE-2024-44151
|
2024-09-25 01:21 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319778
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.
|
NVD-CWE-noinfo
|
CVE-2024-44153
|
2024-09-25 01:19 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319779
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted file may lead to unexpected app…
|
NVD-CWE-noinfo
|
CVE-2024-44154
|
2024-09-25 01:16 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319780
|
8.8 |
HIGH
Network
|
totolink
|
t10_firmware
|
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation o…
|
CWE-78
OS Command
|
CVE-2024-9001
|
2024-09-25 01:14 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
