CVE-2024-44294

A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker with root privileges may be able to delete protected system files...

CVE-2024-44294

CVE-2024-44294 describes a path deletion vulnerability in macOS that could allow an attacker with root privileges to delete protected system files. The issue is mitigated by code changes that prevent vulnerable operations from running with elevated privileges. Apple fixed this in macOS Ventura 13...

CVE-2024-44258

CVE-2024-44258 affects Apple’s ManagedConfiguration framework and the profiled daemon. The issue arises during backup restoration when the destination path’s symlink status is not validated, potentially allowing written files to migrate into restricted, protected areas and modify system files. A ...

CVE-2024-44258

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files...

PT-2024-31117 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.1 macOS versions prior to 14.7.1 Description: A path deletion issue was addressed by preventing vulnerable code from running with privileges. An attacker with root privileges may be able to delete protected system...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS version 13.7.1, which originates from an attacker with root privileges who may be able to delete protected system files...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 18.1 and Apple iPadOS version 18.1, which stems from the fact that...

PT-2024-31087 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.1 macOS versions prior to 14.7.1 Description: A malicious app with root privileges may be able to modify the contents of system files. The issue was addressed by removing the vulnerable code. Recommendations: For...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS version 13.7.1, which originates from a malicious application with root privileges that may be able to modify the contents of system files...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 18.1 and Apple iPadOS version 18.1, which stems from the fact that...

PT-2024-31084

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.1 iPadOS versions prior to 18.1 iOS versions prior to 17.7.1 iPadOS versions prior to 17.7.1 visionOS versions prior to 2.1 tvOS versions prior to 18.1 Description This issue was addressed with improved handling of...

CVE-2024-48931

ZimaOS (fork of CasaOS) versions 1.2.4 and earlier are affected by an arbitrary file read vulnerability in the API endpoint /v3/file?token=&files=, caused by improper input validation on the files parameter. Authenticated users can manipulate the files value to access sensitive files outside the ...

CVE-2024-48931 ZimaOS Arbitrary File Read via Parameter Manipulation

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the ZimaOS API endpoint http:///v3/file?token=&files= is vulnerable to arbitrary file reading due to improper input validation. By manipulating the files...

CVE-2024-20370

A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to elevate their administrative privileges to root. The attacker would need...

CVE-2024-41717

CVE-2024-41717 affects Kieback&Peter DDC4000 series controllers (DDC4002, 4100, 4200, 4200-L, 4400 and related E-series) with a path traversal (CWE-22) vulnerability that allows an unauthenticated attacker to read files on the system. CVSSv3.1 base score 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H);...

UBUNTU-CVE-2024-49860

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...

Qnap QTS Path Traversal (CVE-2021-28798)

A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to modify files that impact system integrity. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.2.1630 Build 202104...

CVE-2024-9983 Ragic Enterprise Cloud Database - Arbitrary File Read through Path Traversal

Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files...

Ragic Enterprise Cloud Database 安全漏洞

Ragic Enterprise Cloud Database is an enterprise cloud database from Ragic, Inc. A security vulnerability exists in versions of Ragic Enterprise Cloud Database prior to 2024/08/08 09:45:25, which stems from failure to properly validate specific page parameters, allowing an unauthenticated, remote...

CVE-2024-9923

The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them...