Vulnerabilities found in Microsoft Windows

Microsoft fixes multiple vulnerabilities in Windows. A malicious party could potentially exploit the vulnerabilities to: - cause a denial-of-service, - bypass security measures, - execute arbitrary code, - obtain elevated privileges, - gain access to sensitive data. Below is a summary of the...

CVE-2020-10006

This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files...

CVE-2020-10006

This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files...

Design/Logic Flaw

This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files...

CVE-2020-10006

This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files...

CVE-2020-10006

CVE-2020-10006 affects macOS Big Sur 11.0.1 and earlier, where a malicious application could access restricted files due to entitlement weaknesses. The issue was addressed by improved entitlements in Big Sur 11.0.1. The primary sources indicate the fix is part of Apple’s security updates and spec...

PT-2020-11850 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.0.1 Description: A malicious application may be able to access restricted files due to this issue. The problem was addressed with improved entitlements. Recommendations: For versions prior to 11.0.1, update to macOS...

CVE-2018-4468

This issue was addressed by removing additional entitlements. This issue is fixed in macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra. A malicious application may be able to access restricted files...

CVE-2020-9898

This issue was addressed with improved entitlements. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A sandboxed process may be able to circumvent sandbox restrictions...

CVE-2020-9898

This issue was addressed with improved entitlements. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A sandboxed process may be able to circumvent sandbox restrictions...

Design/Logic Flaw

This issue was addressed with improved entitlements. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A sandboxed process may be able to circumvent sandbox restrictions...

CVE-2020-9898

CVE-2020-9898 affects Apple platforms and is a sandbox bypass issue. According to Apple and Red Hat entries, the vulnerability could allow a sandboxed process to circumvent sandbox restrictions. The CVE is fixed in macOS Catalina 10.15.6 and iOS/iPadOS 13.6, with corresponding Apple advisories (H...

CVE-2020-11977

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution...

Remote code execution

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution...

CVE-2020-11977

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution...

Arbitrary Code Execution

syncope-ext-flowable-bpmn is vulnerable to arbitrary code execution. An administrator with workflow entitlements can use Shell Service Tasks to perform arbitrary code execution when the Flowable extension is enabled...

Command Injection in entitlements

Versions of entitlements prior to 1.3.0 are vulnerable to Command Injection. The package does not validate input on the entitlements function and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system. Recommendation Upgrade to version 1.3.0 or later...

@cqingwang/react-native-update (>=14.0.5 <=15.0.3), @mervinzhu/react-native-update-pod (>=5.0.1 <=5.0.3) +23 more potentially affected by unknown CVE via entitlements (>=1.0.0 <=1.2.0)

entitlements NPM version =1.0.0, =14.0.5, =5.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =1.0.2, =1.0.0, =1.0.0, =1.4.1, =1.0.2, =1.0.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-G8VP-6HV4-M67C...

GHSA-G8VP-6HV4-M67C Command Injection in entitlements

Versions of entitlements prior to 1.3.0 are vulnerable to Command Injection. The package does not validate input on the entitlements function and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system. Recommendation Upgrade to version 1.3.0 or later...

ios-resources

PoC exploit for iOS device. The primary CVE ID is not explicitly mentioned, but the repository contains resources for iOS hacking, including ARMv8 instruction set documentation and assembly language crash course. The target product/service is the iOS operating system, and the vulnerability...