CVE Catalog

A vulnerability exists in IBM QRadar SIEM versions 7.5 through 7.5.0 UP9 IF03, where sensitive data is transmitted in cleartext. This lack of encryption could allow an unauthorized actor to intercept security-critical information using man-in-the-middle techniques.

An argument injection vulnerability has been identified in WatchGuard Fireware OS versions prior to 12.8.1, 12.1.4, and 12.5.10. This vulnerability allows an authenticated remote attacker with unprivileged credentials to upload or read files to limited, arbitrary locations on WatchGuard Firebox and XTM appliances. The issue arises in the 'diagnose' and 'import pac' commands, where user-supplied arguments are not properly sanitized before being executed, leading to unauthorized file access or modification.

A vulnerability in Anubis, a tool designed to protect against AI scrapers, allows attackers to bypass bot protection mechanisms. This issue arises from the server accepting client-specified difficulty values for proof-of-work challenges, which can be manipulated to ease the scraping process. The vulnerability is present in versions prior to v1.11.0-37-gd98d70a.

A vulnerability in CMSimple version 5.16 allows users to read the source code of the CMS by manipulating the file name in the file parameter of a GET request. This issue arises from improper handling of file parameters, which can be exploited to access sensitive information.

A broken access control vulnerability in CMSimple version 5.16 allows users to edit the log.php file through the print page. This issue can be exploited by logging in as an administrator, navigating to the settings log, and manipulating the file parameter to bypass restrictions. The vulnerability could be used to inject arbitrary PHP code into the log.php file.

A vulnerability in CMSimple version 5.16 exists due to insecure permissions, allowing remote attackers to access sensitive information. This is achieved by sending a crafted script to the functionality that downloads PHP backup files.

A vulnerability in CMSimple version 5.16 allows remote attackers to obtain sensitive information. This is achieved by sending a crafted script to the 'validate link' function, which is susceptible to server-side request forgery (SSRF) attacks.

A Cross-Site Request Forgery (CSRF) vulnerability exists in LifestyleStore version 1.0. This vulnerability allows remote attackers to perform unauthorized actions on behalf of authenticated users, which could lead to unauthorized account changes or data exposure.

A privilege escalation vulnerability exists in youdiancms versions through 9.5.20. The issue arises in the index.php file, where the sessionID parameter can be manipulated by remote attackers to escalate privileges.

A denial-of-service vulnerability has been identified in Axiros AXESS Auto Configuration Server (ACS) versions 3.11.0, 4.0.0, and 5.0.0 through 5.2.0. The issue arises from unsanitized user input in the TR069 API, which allows remote unauthenticated attackers to send crafted TR069 requests that cause a permanent denial-of-service condition on TCP ports 9675 or 7547. This issue requires manual intervention to resolve, as rebooting the server or service does not restore normal functionality.

A vulnerability exists in Couchbase Server versions 7.6.x prior to 7.6.3, allowing users with the security_admin_local role to create new users in groups assigned the admin role.

A vulnerability in the BYD QIN PLUS DM-i vehicle's Dilink OS version 3.0_13.1.7.2204050.1 has been identified, allowing unauthorized access to system logcat logs. This incorrect access control enables apps to bypass permission restrictions and access sensitive vehicle data, such as location, fuel consumption, VIN, and mileage, which could be uploaded to an external server.

A cross-site scripting vulnerability has been identified in AdGuard Application versions through 7.18.1 (4778). This vulnerability allows an attacker to execute arbitrary code by sending a crafted payload to the fontMatrix component.

A null pointer dereference vulnerability has been identified in the AirPlay feature of Apple macOS Sequoia 15.3, iOS 18.3, and iPadOS 18.3. This vulnerability allows a remote attacker to cause a denial-of-service condition by exploiting inadequate input validation.

A vulnerability in the PackageKit component of macOS Ventura, Sequoia, and Sonoma allows local attackers to elevate privileges. This issue was addressed with improved validation and additional restrictions.

A vulnerability exists in the WebKit component of Apple macOS Ventura, Sequoia, and Sonoma, allowing applications to bypass user privacy preferences. This issue is linked to improper validation, which could enable apps to access sensitive data or manipulate privacy settings inappropriately.

A vulnerability exists in macOS Sequoia and Safari that allows a malicious application to bypass authentication for browser extensions. This issue arises from inadequate data redaction in system logging, which could potentially be exploited to manipulate or deceive extension authentication processes.

A type confusion vulnerability has been identified in multiple Apple operating systems, including iPadOS 18.3, macOS Sonoma 14.7.3, visionOS 2.3, watchOS 11.3, and tvOS 18.3. This vulnerability allows for memory corruption, which can be exploited to cause an unexpected termination of the affected application. The issue arises within the CoreMedia framework and related components, where improper input validation can be exploited to manipulate process memory, leading to application crashes.

A memory corruption vulnerability has been identified in the WebKit component of multiple Apple operating systems, including visionOS, iOS, iPadOS, macOS Sequoia, watchOS, and tvOS, all in version 18.3. This vulnerability allows processing of maliciously crafted web content to cause an unexpected process crash. The issue was addressed with improved state management.

A vulnerability in the CoreAudio and CoreMedia components of multiple Apple operating systems, including iPadOS, macOS, watchOS, and tvOS, allows for an unexpected app termination. This issue arises from improper input validation when parsing certain files, creating a potential denial-of-service scenario.

A vulnerability in the CoreAudio and CoreMedia components of multiple Apple operating systems, including iPadOS, macOS, watchOS, and tvOS, allows for parsing certain files in a way that causes an unexpected termination of the application. This issue stems from inadequate input validation, which has been addressed in the latest updates.

A validation issue allowing arbitrary code execution with kernel privileges has been identified in multiple Apple products, including iPadOS, macOS, watchOS, and tvOS. This vulnerability arises from a logic flaw that has been addressed with improved validation. Notably, there are reports suggesting that this vulnerability may have been actively exploited in versions of iOS prior to 17.2.

A denial-of-service vulnerability has been identified in the WebKit component of various Apple operating systems, including visionOS 2.3, Safari 18.3, iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, and tvOS 18.3. This vulnerability arises from improper memory handling when processing web content, which can lead to unexpected application termination or system resource exhaustion.

A vulnerability allowing privilege escalation has been identified in the Xsan component of Apple macOS Ventura 13.7.3, macOS Sequoia 15.3, and macOS Sonoma 14.7.3. This vulnerability arises from an integer overflow issue that was addressed through improved input validation.

A vulnerability in the WebKit component of Apple products, including macOS Ventura, macOS Sonoma, visionOS, and several iOS and iPadOS versions, allows for an out-of-bounds write. This issue could lead to memory corruption or unexpected termination of the system. The vulnerability was addressed with improved input validation.

A buffer overflow vulnerability has been identified in Apple macOS Sequoia, specifically in version 15.3. This issue allows an application with root privileges to execute arbitrary code with kernel privileges. The vulnerability arises from a validation issue that was addressed with improved memory handling.

A buffer overflow vulnerability has been identified in the SMB component of Apple macOS Sequoia, specifically in version 15.3. This vulnerability allows a malicious application with root privileges to execute arbitrary code with kernel privileges. The issue arises from improper memory handling, which could be exploited to corrupt kernel memory or cause unexpected system termination.

A memory corruption vulnerability has been identified in the SMB (Server Message Block) implementation of macOS Ventura 13.7.3, macOS Sequoia 15.3, and macOS Sonoma 14.7.3. This vulnerability allows an application to cause unexpected system termination or corrupt kernel memory. The issue stems from improper memory handling, which could be exploited to manipulate process memory, potentially leading to arbitrary code execution with kernel privileges.

A command injection vulnerability has been identified in Apple WebKit. This issue arises when a URL is copied from the Web Inspector, potentially leading to unauthorized command execution. The vulnerability is present in WebKit versions bundled with macOS Sequoia 15.3, Safari 18.3, iOS 18.3, and iPadOS 18.3. The root cause of this vulnerability is a privacy issue related to the handling of files, which has been addressed in the latest updates.

A vulnerability allowing an out-of-bounds read has been identified, which could lead to the unauthorized disclosure of user information. This issue affects multiple Apple operating systems, including iPadOS, macOS Ventura, macOS Sonoma, watchOS, and tvOS. The vulnerability arises from insufficient bounds checking when parsing certain files, potentially allowing for the exploitation of memory management flaws.

A privacy vulnerability in the Messages app on Apple macOS Ventura 13.7.3, macOS Sequoia 15.3, and macOS Sonoma 14.7.3 allows user contact information to be exposed in system logging when a conversation is deleted. This issue arises from inadequate redaction of sensitive information, particularly related to contacts, which can inadvertently be revealed through log entries.

A privacy vulnerability allows an app to access a contact's phone number from system logs. This issue affects multiple Apple platforms, including macOS Sequoia 15.3, iOS 18.3, and iPadOS 18.3. The vulnerability arises from inadequate redaction of private data in log entries, which could enable unauthorized access to sensitive information.

A vulnerability in WebKit allows for user fingerprinting via a maliciously crafted webpage. This issue is present in WebKit components of macOS Sequoia 15.3, Safari 18.3, iOS 18.3, iPadOS 18.3, and visionOS 2.3. The vulnerability arises from inadequate access restrictions to the file system, which could be exploited to gather information about the user without their consent.

A vulnerability allowing access to the Photos app while it is locked has been identified in iOS 18.3 and iPadOS 18.3. This issue arises from an authentication flaw that could be exploited by an attacker with physical access to an unlocked device.

A vulnerability in iCloud on macOS Sequoia 15.3 allows files downloaded from the internet to bypass the quarantine flag, which is intended to protect users from potentially harmful content. This issue was addressed with improved state management.

A denial-of-service vulnerability has been identified in the 'sips' component of Apple macOS Ventura, macOS Sequoia, and macOS Sonoma. This vulnerability arises from improper handling of maliciously crafted files, which can lead to unexpected application termination.

A vulnerability in the Spotlight feature of Apple macOS Ventura 13.7.3, macOS Sequoia 15.3, and macOS Sonoma 14.7.3, could allow a malicious application to leak sensitive user information. This issue was addressed by improving state management.

A type confusion vulnerability has been identified in the AirPlay feature of multiple Apple products, including iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3, watchOS 11.3, and tvOS 18.3. This vulnerability allows a remote attacker on the same local network to corrupt process memory, potentially leading to arbitrary code execution or causing an application to terminate unexpectedly.

A vulnerability exists in the Login Window component of macOS Ventura 13.7.3, macOS Sequoia 15.3, and macOS Sonoma 14.7.3, allowing a malicious application to create symbolic links to protected areas of the disk. This issue arises from inadequate validation of symlinks, which could potentially be exploited to access or modify sensitive system files.

A vulnerability in macOS Sequoia 15.3 allows an application to gain elevated privileges. This issue arises from a permissions flaw that has been addressed with improved message validation.

A vulnerability allowing unauthorized access to user-sensitive data has been identified in macOS Sequoia 15.3. This issue arises from inadequate privacy controls, which may permit applications to access protected information.

A denial-of-service vulnerability has been identified in the AirPlay feature of multiple Apple operating systems, including visionOS 2.3, iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, and tvOS 18.3. This vulnerability allows an attacker on the local network to cause an unexpected app termination or disrupt the normal functioning of the device.

A vulnerability exists in the Apple Mobile File Integrity framework across multiple macOS versions, including Ventura 13.7.3, Sequoia 15.3, and Sonoma 14.7.3. This vulnerability allows applications to modify protected areas of the file system, potentially leading to unauthorized changes or data manipulation. The issue stems from inadequate permissions checks, which have been addressed in the latest macOS updates.

A type confusion vulnerability in the AirPlay feature has been identified, which can lead to an unexpected termination of the app using AirPlay. This issue is present in several Apple operating systems, including visionOS 2.3, iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, and tvOS 18.3. The vulnerability can be exploited by a remote attacker on the same local network, potentially causing the app to crash.

A vulnerability in WebKit, the engine that powers Safari, has been identified, which can lead to address bar spoofing. This issue is present in Safari 18.2 and earlier versions, as well as in macOS Ventura, macOS Sonoma, and iOS 18.2 and earlier. The vulnerability arises when a user visits a malicious website, potentially misleading them about the authenticity or security of the site.

A denial-of-service vulnerability has been identified in the AirPlay feature of various Apple products, including iPadOS, macOS Ventura, macOS Sonoma, visionOS, and tvOS. This vulnerability allows an attacker on the local network to cause an unexpected app termination by exploiting a type confusion issue. The problem has been addressed with improved input validation and memory handling.

A vulnerability in the AirPlay feature across multiple Apple platforms, including visionOS, iOS, iPadOS, macOS Sequoia, watchOS, and tvOS, allows an attacker on the local network to exploit input validation issues. This exploitation could lead to unexpected termination of applications, corruption of process memory, or even cause the system to terminate unexpectedly. The vulnerability arises from improper handling of input, which could be manipulated to disrupt normal application or system processes.

A vulnerability exists in the CoreMedia and CoreAudio frameworks of multiple Apple operating systems, including iPadOS, macOS Ventura, macOS Sonoma, watchOS, and tvOS. This vulnerability allows for parsing certain files in a way that can cause an application to terminate unexpectedly. The issue has been attributed to a type confusion problem, which has been addressed with improved validation checks.

A vulnerability exists in the CoreMedia and CoreAudio frameworks of multiple Apple operating systems, including iPadOS, macOS Ventura, macOS Sonoma, watchOS, and tvOS. This vulnerability allows for parsing certain files in a way that causes an unexpected termination of the application. The issue has been attributed to a type confusion problem, which has been addressed with improved validation checks.

A vulnerability exists in macOS Ventura, Sequoia, and Sonoma on Intel-based Mac computers, allowing apps to modify protected parts of the file system. This issue was addressed with additional code-signing restrictions.