EUVD-2025-12659

Malicious code in bioql PyPI...

Alibaba Cloud Linux 3 : 0134: grub2, mokutil, shim, and shim-unsigned-x64 (ALINUX3-SA-2022:0134)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0134 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3695: A crafted 16-bit grayscale...

CVE-2024-3572

The scrapy/scrapy project is vulnerable to XML External Entity XXE attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, ...

CVE-2024-44270

A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A sandboxed process may be able to circumvent sandbox restrictions...

CVE-2023-40398

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.4, macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A sandboxed process may be able to circumvent sandbox restrictions...

CVE-2024-27807

CVE-2024-27807 affects Apple’s Symptom Framework in iOS/iPadOS, where an untrusted input validation issue could allow an app to circumvent App Privacy Report logging. Public details confirm the root cause as insufficient input validation and the impact as bypassing privacy logging. Affected versi...

Design/Logic Flaw

Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the codechallenge parameter to the authorization request and adds the codeverifier parameter to the token request. Prior to...

Vulnerabilities fixed in Oracle Enterprise Manager

Vulnerabilities have been fixed in Oracle Enterprise Manager products. A malicious party can exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Oracle has fixed the...

CVE-2023-40455

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions...

CVE-2023-38586

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions...

Design/Logic Flaw

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions...

CVE-2023-40455

CVE-2023-40455 : A permissions issue in macOS Sonoma 14 allows a sandboxed process to potentially circumvent sandbox restrictions. The Red Hat/Apple records confirm a sandbox-escape risk, with the issue fixed in macOS Sonoma 14. CVSS data from the initial entry shows a critical severity (10.0) ac...

CVE-2023-40455

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions...

CVE-2023-38586

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions...

CVE-2023-32364

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions...

Code injection

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remot...

CVE-2022-32892

An access issue was addressed with improvements to the sandbox. This issue is fixed in Safari 16, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions...

createClaim can be circumvented

Lines of code Vulnerability details Impact VTVLVesting.sol has createClaim function for the admins to create claims. However, a malicious admin vector exists inside. The project gives some powerfull access to the admins for some reason as stated on the contest page. And a good intention is to emi...

Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability

In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions...