EUVD-2025-12659

Malicious code in bioql PyPI...

The vulnerability of the Dante proxy server, related to deficiencies in the authentication mechanism, allows attackers to circumvent existing security restrictions.

The vulnerability of the Dante proxy server is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions remotely...

Alibaba Cloud Linux 3 : 0134: grub2, mokutil, shim, and shim-unsigned-x64 (ALINUX3-SA-2022:0134)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0134 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3695: A crafted 16-bit grayscale...

CVE-2024-3572

The scrapy/scrapy project is vulnerable to XML External Entity XXE attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, ...

CVE-2024-44270

A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A sandboxed process may be able to circumvent sandbox restrictions...

CVE-2023-40398

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.4, macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A sandboxed process may be able to circumvent sandbox restrictions...

CVE-2024-27807

CVE-2024-27807 affects Apple’s Symptom Framework in iOS/iPadOS, where an untrusted input validation issue could allow an app to circumvent App Privacy Report logging. Public details confirm the root cause as insufficient input validation and the impact as bypassing privacy logging. Affected versi...

The vulnerability in the implementation of the Secure Boot protocol for operating systems with Windows, which allows attackers to circumvent existing security restrictions.

The vulnerability of the Secure Boot protocol for operating systems running Windows is related to a breach in the data protection mechanism. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...

Design/Logic Flaw

Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the codechallenge parameter to the authorization request and adds the codeverifier parameter to the token request. Prior to...

Vulnerabilities fixed in Oracle Enterprise Manager

Vulnerabilities have been fixed in Oracle Enterprise Manager products. A malicious party can exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Oracle has fixed the...

CVE-2023-40455

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions...

CVE-2023-38586

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions...

Design/Logic Flaw

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions...

CVE-2023-40455

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions...

CVE-2023-40455

CVE-2023-40455 : A permissions issue in macOS Sonoma 14 allows a sandboxed process to potentially circumvent sandbox restrictions. The Red Hat/Apple records confirm a sandbox-escape risk, with the issue fixed in macOS Sonoma 14. CVSS data from the initial entry shows a critical severity (10.0) ac...

CVE-2023-38586

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions...

CVE-2023-32364

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions...

Code injection

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions...

The vulnerability of the Remote Desktop Client on the Microsoft Windows operating system allows attackers to circumvent existing security restrictions.

The vulnerability of the Remote Desktop Client on the Microsoft Windows operating system relates to security configuration errors. Exploiting this vulnerability can allow a malicious actor to circumvent existing security restrictions remotely...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remot...