CVE-2025-24263

The CVE-2025-24263 entry concerns a privacy issue in macOS where sensitive user data could be observed by an unprivileged app. Apple fixed this by moving the data to a protected location, with the issue addressed in macOS Sequoia 15.4. The Apple advisory (Security Content) confirms the impact is ...

CVE-2024-40844

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to observe data displayed to the user by Shortcuts...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS version 13.7, which stems from the possibility that an application may be able to observe data displayed to the user by shortcuts...

CVE-2024-40844

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to observe data displayed to the user by Shortcuts...

CVE-2024-40844

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to observe data displayed to the user by Shortcuts...

PT-2024-16941 · Tibco Software · Tibco Activespaces - Enterprise Edition

Name of the Vulnerable Software and Affected Versions: TIBCO ActiveSpaces - Enterprise Edition versions 4.4.0 through 4.9.0 Description: The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active...

CVE-2024-25731

The Elink Smart eSmartCam com.cn.dq.ipc application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data e.g., over Wi-Fi...

Hardcoded credentials

The Elink Smart eSmartCam com.cn.dq.ipc application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data e.g., over Wi-Fi...

CVE-2023-32421

CVE-2023-32421 affects macOS Sonoma 14 where a privacy issue arose from improved handling of temporary files; an app may observe unprotected user data. The available connected data confirms the vulnerability is addressed in macOS Sonoma 14. Remediation is to run the fixed macOS Sonoma 14 release....

CVE-2023-32386

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to observe unprotected user data...

About the security content of macOS Ventura 13.4

About the security content of macOS Ventura 13.4 This document describes the security content of macOS Ventura 13.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...

CVE-2023-23522

Summary: CVE-2023-23522 is a macOS Ventura 13.2.1 vulnerability described as a privacy issue where an app could observe unprotected user data due to improved handling of temporary files. The issue is publicly documented across multiple sources, including Apple’s security content for Ventura 13.2....

CVE-2022-1342

A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive...

MDR Vendor Must-Haves, Part 1: Deep Observation of Real-Time Endpoint Data

This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Assessing Managed Detection and Response MDR vendors is no easy task. However, evaluating each based on...

CVE-2020-12037

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...

Design/Logic Flaw

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...

CVE-2001-1013

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/apacheuserdirenum.rb 2025-02-06 03:13:37+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:08:03+00:00| seen|...

Yxcms Logic Flaw Vulnerability

Yxcms building system compatible cell phone is a website creation system. A security vulnerability exists in the protected\apps\member\controller\shopcarController.php file in version 1.4.7 of the Yxcms building system compatible cell phone. The vulnerability can be exploited by an attacker to...

CVE-2010-1465

creationtimestamp| type| source ---|---|--- 2010-04-11 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/12152 2010-06-15 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16710 2018-05-29 15:50:33+00:00| seen|...