PT-2023-23779 · Apple · Ios +3

Name of the Vulnerable Software and Affected Versions: Apple macOS versions prior to 13.4 Apple macOS versions prior to 11.7.7 Apple macOS versions prior to 12.6.6 Apple iOS versions prior to 16.5 Apple iPadOS versions prior to 16.5 Apple tvOS versions prior to 16.5 Description: The issue allows ...

About the security content of iOS 16.5 and iPadOS 16.5

About the security content of iOS 16.5 and iPadOS 16.5 This document describes the security content of iOS 16.5 and iPadOS 16.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

CVE-2023-27945

This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A sandboxed app may be able to collect system logs...

CVE-2023-27945

This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A sandboxed app may be able to collect system logs...

Design/Logic Flaw

This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A sandboxed app may be able to collect system logs...

CVE-2023-27945

This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A sandboxed app may be able to collect system logs...

CVE-2023-27945

CVE-2023-27945 affects macOS and Xcode components where entitlements were improved to fix a privacy issue: a sandboxed app may be able to collect system logs due to entitlements handling. Affected products/versions listed in connected docs include Xcode 14.3, macOS Big Sur 11.7.7, and macOS Monte...

CVE-2023-27945

This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A sandboxed app may be able to collect system logs...

About the security content of Xcode 14.3

About the security content of Xcode 14.3 This document describes the security content of Xcode 14.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

Microsoft achieves first native Cloud Data Management Capabilities certification

Today, Microsoft announced the successful completion of the Cloud Data Management Capabilities CDMC 14 Key Controls and Automations certification, conducted by Accenture and Avanade, accelerating the industry’s move to the cloud. The 14 Key Controls and Automations are a part of the EDM Council’s...

CVE-2023-27574

ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODESIGNINGINJECTBASEENTITLEMENTS...

CVE-2023-27574

ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODESIGNINGINJECTBASEENTITLEMENTS...

PT-2023-21217 · Unknown · Shadowsocksx-Ng

Name of the Vulnerable Software and Affected Versions: ShadowsocksX-NG version 1.10.0 Description: The issue arises from ShadowsocksX-NG 1.10.0 being signed with com.apple.security.get-task-allow entitlements due to CODE SIGNING INJECT BASE ENTITLEMENTS. Recommendations: For ShadowsocksX-NG versi...

K49033153: Apache Syncope vulnerabilities CVE-2018-1321 and CVE-2018-1322

Security Advisory Description CVE-2018-1321 An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations XSLT to perform malicious operations,...

SUSE CVE-2014-3654

Multiple cross-site scripting XSS vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network RHN Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 kickstart/cobbler/CustomSnippetList.do, 2...

Vulnerability fixed in Azure Service Fabric

A vulnerability has been fixed in Microsoft Azure Service Fabric Container. The vulnerability potentially allows a malicious party to able to take over the vulnerable Service Fabric cluster. Azure Service Fabric Container: |----------------|------|-------------------------------------| | CVE ID |...

CVE-2022-42855

A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements...

CVE-2022-42855

A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements...

Code injection

A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements...

CVE-2022-42855

A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements...