Grav File Upload Path Traversal

Summary Grav is vulnerable to a file upload path traversal vulnerability, that can allow an adversary to replace or create files with extensions such as .json, .zip, .css, .gif, etc. This vulnerabiltiy can allow attackers to inject arbitrary code on the server, undermine integrity of backup files...

CVE-2024-23294

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4. Processing malicious input may lead to code execution...

CVE-2024-23294

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4. Processing malicious input may lead to code execution...

CVE-2024-23288

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to elevate privileges...

CVE-2024-23246

This CVE-2024-23246 affects Apple platforms where sandbox escapes were possible in the affected components. According to the public description, the issue was addressed by removing the vulnerable code and is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, and iOS...

CVE-2024-23246

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to break out of its sandbox...

CVE-2024-23294

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4. Processing malicious input may lead to code execution...

NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2023-1849 NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability February 29, 2024 CVE Number CVE-2024-0071 SUMMARY An out-of-bounds read vulnerability exists in the Shader functionality of NVIDIA D3D10 Driver, Version 546.01, 31.0.15.4601. A...

Flashcard Quiz App v1.0 - (card) SQL Injection Vulnerability

Exploit Title: Flashcard Quiz App v1.0 - 'card' SQL Injection Application: Flashcard Quiz App Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/17160/flashcard-quiz-app-using-php-and-mysql-source-code.htm...

Simple Inventory Management System v1.0 - (email) SQL Injection Vulnerability

Exploit Title: Simple Inventory Management System v1.0 - 'email' SQL Injection Application: Simple Inventory Management System Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

CVE-2023-40528

This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences...

CVE-2023-42831

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user...

CVE-2023-42828

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges...

CVE-2023-38610

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory...

Code injection

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges...

CVE-2023-42828

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges...

CVE-2023-42828

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges...

CVE-2023-40385

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on...

CVE-2023-42831

CVE-2023-42831 affects Apple operating systems, with remediation in macOS Big Sur 11.7.9, iOS 15.7.8, iPadOS 15.7.8, macOS Monterey 12.6.8, and macOS Ventura 13.5. The issue was addressed by removing the vulnerable code, and may allow an app to fingerprint the user.

CVE-2023-42831

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user...