About the security content of macOS Sequoia 15.4

About the security content of macOS Sequoia 15.4 This document describes the security content of macOS Sequoia 15.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...

CVE-2024-43169 IBM Engineering Requirements Management DOORS Next file download

IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code...

CVE-2024-43169

CVE-2024-43169 affects IBM Engineering Requirements Management DOORS Next versions 7.0.2, 7.0.3, and 7.1. The IBM security bulletin identifies the vulnerability as a Reflected File Download where a user could download a malicious file without verifying code integrity. The IBM CVSS context lists a...

CVE-2022-1823

Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin Living off the land attack. This could result in the user gaining elevated permissions and being able to execu...

The vulnerability of the AppleMobileFileIntegrity component in the MacOS operating system allows a perpetrator to gain access to read and modify data.

The vulnerability of the AppleMobileFileIntegrity component in MacOS operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to gain access to read and modify data...

PT-2025-5278 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.3 macOS versions prior to 14.7.3 macOS versions prior to 15.3 Description: A logic issue was addressed with improved restrictions, which may allow an app to access information about a user's contacts. The issue is...

CVE-2024-55566

ColPack 1.0.10 through 9a7293a has a predictable temporary file located under /tmp with a name derived from an unseeded RNG. The impact can be overwriting files or making ColPack graphing unavailable to other users...

CVE-2024-48974

The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This...

CVE-2024-48974 Life2000 Ventilator does not perform proper file integrity checks when adopting firmware updates

The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This...

CVE-2024-48974

The CVE-2024-48974 entry concerns Baxter Life2000 ventilators, where the firmware update process does not perform proper file integrity checks on the update file. The underlying consequence is that an attacker could push a compromised or illegitimate firmware image, enabling unauthorized changes ...

CVE-2024-48974 Life2000 Ventilator does not perform proper file integrity checks when adopting firmware updates

The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This...

CVE-2024-7048

In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this...

CVE-2024-7048

In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this...

CVE-2024-47563

A vulnerability has been identified in SINEC Security Monitor All versions V4.9.0. The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unauthenticated remote attacker to create files in writable...

Fortinet FortiOS Access Control Error Vulnerability (CNVD-2024-37339)

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An access control error...

CVE-2024-36505

An improper access control vulnerability CWE-284 in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system via another hypothetical exploit to bypass the file integrity...

CVE-2024-36505

An improper access control vulnerability CWE-284 in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system via another hypothetical exploit to bypass the file integrity...

CVE-2024-36505

An improper access control vulnerability CWE-284 in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system via another hypothetical exploit to bypass the file integrity...

CVE-2024-36505

FortiOS contains an improper access control vulnerability (CWE-284) that could allow an attacker who already has write access to bypass the real-time file integrity checking system. Affected versions: FortiOS 7.4.0–7.4.3, 7.2.5–7.2.7, 7.0.12–7.0.14, and all 6.4.x. Root cause: bypass of file integ...

Fortinet Fortigate Real-time file system integrity checking write protection bypass (FG-IR-24-012)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-012 advisory. - An improper access control vulnerability CWE-284 in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14...