The vulnerability of the kernel of iOS operating systems, macOS Sonoma, iPadOS, tvOS, visionOS, and watchOS allows attackers to disclose protected information.

The vulnerability of the kernel of iOS, macOS Sonoma, iPadOS, tvOS, visionOS, and watchOS is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to disclose sensitive information that is protected by these systems...

The vulnerability of the Elasticsearch search system’s Remote Cluster Security component, related to incorrect authentication, allows a perpetrator to gain access to protected information.

The vulnerability of the Elasticsearch search system component related to Remote Cluster Security is linked to improper authentication. Exploiting this vulnerability can allow a malicious actor to gain access to protected information...

The vulnerability of Intel Xeon D microprogramming software, related to incorrect calculations, allows attackers to gain unauthorized access to protected information.

The vulnerability of Intel Xeon D microprogramming software is related to incorrect calculations. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

The vulnerability of the PowerScale OneFS operating system, related to the disclosure of information through registration files, allows a perpetrator to disclose protected information or increase their privileges.

The vulnerability of the PowerScale OneFS operating system is related to the disclosure of information through registration files. Exploiting this vulnerability can allow an attacker to disclose sensitive information or enhance their privileges...

The vulnerability of the cURL command-line utility lies in the lack of protection for service data, allowing attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the command-line tool cURL relates to the installation of “superbug files” in Curl, which are then transmitted back to a larger number of sources. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality and integrity of the protected informati...

Apple iOS 和 iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 16.7.3 and iPadOS version 16.7.3, which originates from an applicatio...

The vulnerability of cloud-based data storage software for IBM Watson CP4D Data Stores lies in the lack of encryption measures for protected data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of cloud-based data storage software for IBM Watson CP4D Data Stores lies in the lack of encryption measures for protected data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the PowerScale OneFS operating system, related to errors in audit log management, allows attackers to compromise the integrity and accessibility of protected information.

The vulnerability of the PowerScale OneFS operating system is related to errors in audit log management. Exploiting this vulnerability can allow an attacker to compromise the integrity and accessibility of protected information...

PT-2025-2513 · Qualcomm · Qualcomm Embedded Platform Microcode

Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform microcode affected versions not specified Description: The issue is related to the hab ioctl function in Qualcomm's microcode, which is vulnerable to a buffer overflow in memory. This can lead to the disclosure of...

CVE-2024-23275

A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to access protected user data...

The vulnerability of the automation-eda-controller/ansible-rulebook/ansible-automation-platform-installer package of the Red Hat Ansible Automation Platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the automation-eda-controller/ansible-rulebook/ansible-automation-platform-installer package of the Red Hat Ansible Automation Platform is related to the lack of origin verification in WebSockets, resulting from an incorrect restriction on the communication channel. Exploitin...

The vulnerability of the UHCI controller in VMware ESXi, Workstation, Fusion, and Cloud Foundation software products allows attackers to compromise protected information.

The vulnerability of the UHCI-based USB controller in VMware ESXi, Workstation, Fusion, and Cloud Foundation software products is related to the lack of protection for service data. Exploiting this vulnerability can allow attackers to disclose sensitive information that should be protected...

The vulnerability of the DNS server service in Windows operating systems allows a perpetrator to disclose protected information or cause service failures.

The vulnerability of the DNS server service in Windows operating systems is related to the lack of protection for service-related data. Exploiting this vulnerability can allow a attacker to disclose sensitive information or cause service failures...

PT-2024-2975 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the idxd component of the Linux kernel, where a pre-release silicon erratum workaround was leaked into upstream code, causing the WQCFG registers not to be...

The vulnerability of the Shortcuts component in iOS, macOS, and iPadOS operating systems allows attackers to disclose protected information.

The vulnerability of the Shortcuts component in iOS, macOS, and iPadOS systems is related to permission handling errors. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information...

The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Adobe Reader 2020 lies in their ability to read data beyond the buffer in memory, allowing attackers to gain unauthorized access to protected information.

The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Adobe Reader 2020 is related to the reading of data outside the buffer in memory when processing the numColorRecords parameter for OpenType font...

The vulnerability of the XWiki Platform, a platform for creating collaborative web applications, lies in the unencrypted storage of critical information, which allows attackers to disclose protected data.

The vulnerability of the XWiki Platform lies in the unencrypted storage of critical information. Exploiting this vulnerability could allow a malicious actor to disclose the protected data remotely...

The vulnerability of the 3D model texturing program Adobe Substance 3D Designer, related to reading data outside the buffer in memory, allows a hacker to gain unauthorized access to protected information.

The vulnerability of the 3D model texturing program Adobe Substance 3D Designer lies in the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially created file...

The vulnerability of the Solr software solution for enterprise resource planning by Apache OFBiz, which allows attackers to modify protected information

The vulnerability of the Solr software for enterprise resource planning software Apache OFBiz lies in the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to remotely modify protected information...

PT-2024-10063 · Qualcomm · Qualcomm Security Processor

Name of the Vulnerable Software and Affected Versions: Qualcomm security processor software affected versions not specified Description: The issue is related to memory corruption when allocating and accessing an entry in an SMEM partition continuously. This can lead to reading beyond the valid...