124 matches found
CVE-2024-40833
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user...
CVE-2024-40833
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user...
CVE-2024-40833
CVE-2024-40833 is a logic-issue vulnerability fixed by Apple in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8, and iOS/iPadOS 16.7.9. The issue allows a Shortcut to access sensitive data from certain actions without user prompts. The description notes improved checks as the fix. ...
CVE-2024-40835
CVE-2024-40835 concerns a logic issue in Apple’s Shortcuts feature where a shortcut could access sensitive data with certain actions without prompting. Affected platforms include iOS 16.7.9 and iPadOS 16.7.9; iOS 17.6 and iPadOS 17.6; macOS Ventura 13.6.8; macOS Monterey 12.7.6; macOS Sonoma 14.6...
CVE-2024-40836
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. A shortcut may be able to use sensitive data with certain actions without prompting the user...
CVE-2024-40807
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user...
CVE-2024-40807
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS before version 16.7.9 and iPadOS before version 16.7.9, which stems from a...
CVE-2024-27855
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A shortcut may be able to use sensitive data with certain actions without prompting the user...
CVE-2024-27855
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. A shortcut may be able to use sensitive data with certain actions without prompting the user...
CVE-2023-6236 Eap: oidc app attempting to access the second tenant, the user should be prompted to log
A flaw was found in Red Hat Enterprise Application Platform 8. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in...
CVE-2023-6236 Eap: oidc app attempting to access the second tenant, the user should be prompted to log
A flaw was found in Red Hat Enterprise Application Platform 8. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in...
SUSE CVE-2024-2611
A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...
Code injection
When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content...
CVE-2024-23204
The issue was addressed with additional permissions checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, watchOS 10.3. A shortcut may be able to use sensitive data with certain actions without...
CVE-2024-23203
The issue was addressed with additional permissions checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.5. A shortcut may be able to use sensitive data with certain actions without prompting the user...
PT-2024-1807 · Apple · Macos Sonoma +3
Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.3 iOS versions prior to 17.3 iPadOS versions prior to 17.3 Description: The issue is related to errors in processing permissions in the Shortcuts component of iOS, macOS, and iPadOS operating systems. This ma...
Firefox 121 / Chrome 120 Denial Of Service Exploit
Minor firefox DoS - semi silently polluting /Downloads with files part 2 Tested on: firefox 121 and chrome 120 on GNU/linux Date: Thu Jan 18 08:38:28 AM UTC 2024 This is barely a DoS, but since it might affect Chrome too we decided to disclose it. If firefox user visits a specially crafted page,...
libreoffice: Remote documents loaded without prompt via IFrame
A vulnerability was found in LibreOffice. Improper access control in the editor components of The Document Foundation in LibreOffice allows an attacker to craft a document that causes external links to load without a prompt. In the affected versions of LibreOffice documents that used "floating...
libreoffice: Remote documents loaded without prompt via IFrame
A vulnerability was found in LibreOffice. Improper access control in the editor components of The Document Foundation in LibreOffice allows an attacker to craft a document that causes external links to load without a prompt. In the affected versions of LibreOffice documents that used "floating...