Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems from the U.S. company Apple Apple developed specifically for Mac computers. A security vulnerability exists in Apple macOS versions prior to Sequoia 15.7.3 that stems from a downgrade issue and could lead to accessing sensitive user data...

PT-2025-44893

Name of the Vulnerable Software and Affected Versions macOS versions prior to Sonoma 14.8.2 macOS versions prior to Sequoia 15.7.2 Description A flaw exists that could allow an application to access sensitive user data on Intel-based Mac computers. This issue is related to a downgrade scenario an...

PT-2025-44837

Name of the Vulnerable Software and Affected Versions macOS versions prior to 15.7.2 Description A flaw exists in macOS that could allow an application to access user-sensitive data due to a downgrade issue affecting Intel-based Mac computers. This issue was addressed with additional code-signing...

CVE-2025-24122

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system...

PT-2025-5296 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.3 macOS versions prior to 14.7.3 macOS versions prior to 15.3 Description: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue allows an app to...

CVE-2024-44280

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to modify protected parts of the file system...

CVE-2023-21115

In btmsecencryptchange of btmsec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CURL-CVE-2021-22946 Protocol downgrade required TLS bypassed

A user can tell curl to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server --ssl-reqd on the command line or CURLOPTUSESSL set to CURLUSESSLCONTROL or CURLUSESSLALL with libcurl. This requirement could be bypassed if the server would return a properly crafted but...

PT-2020-16748 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.3-25426-2 Description: The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. This is due to an algorithm downgrade...

nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state

A protocol downgrade flaw was found in Network Security Services NSS. After a HelloRetryRequest has been sent, the client may negotiate a lower protocol than TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data...

Scientific Linux Security Update : openssl on SL6.x i386/x86_64

A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the SSLOPNETSCAPEREUSECIPHERCHANGEBUG option, possibly forcing the clien...

CentOS Update for openssl CESA-2010:0977 centos4 i386

Check for the Version of openssl OpenVAS Vulnerability Test CentOS Update for openssl CESA-2010:0977 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...