ByteOS Network

Vulnerability Details :

CVE-2024-44122

Assigner-apple

Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c

Published At-28 Oct, 2024 | 21:08

Updated At-03 Nov, 2025 | 22:07

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. An application may be able to break out of its sandbox.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:apple

Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c

Published At:28 Oct, 2024 | 21:08

Updated At:03 Nov, 2025 | 22:07

▼CVE Numbering Authority (CNA)

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. An application may be able to break out of its sandbox.

Affected Products

Vendor

Apple Inc.

Product

macOS

Versions

Affected

From unspecified before 15 (custom)

Vendor

Apple Inc.

Product

macOS

Versions

Affected

From unspecified before 14.7 (custom)

Vendor

Apple Inc.

Product

macOS

Versions

Affected

From unspecified before 13.7 (custom)

Problem Types

Type	CWE ID	Description
N/A	N/A	An application may be able to break out of its sandbox

Type: N/A

CWE ID: N/A

Description: An application may be able to break out of its sandbox

References

Hyperlink	Resource
https://support.apple.com/en-us/121238	N/A
https://support.apple.com/en-us/121570	N/A
https://support.apple.com/en-us/121568	N/A

Hyperlink: https://support.apple.com/en-us/121238

Resource: N/A

Hyperlink: https://support.apple.com/en-us/121570

Resource: N/A

Hyperlink: https://support.apple.com/en-us/121568

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Affected Products

Vendor

Apple Inc.

Product

macos

CPEs

cpe:2.3:o:apple:macos:15.0:-:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

15.0

Vendor

Apple Inc.

Product

macos

CPEs

cpe:2.3:o:apple:macos:13.7.1:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

13.7.1

Vendor

Apple Inc.

Product

macos

CPEs

cpe:2.3:o:apple:macos:14.7.1:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

14.7.1

Problem Types

Type	CWE ID	Description
CWE	CWE-693	CWE-693 Protection Mechanism Failure

Type: CWE

CWE ID: CWE-693

Description: CWE-693 Protection Mechanism Failure

Metrics

Version	Base score	Base severity	Vector
3.1	8.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
http://seclists.org/fulldisclosure/2024/Oct/13	N/A
http://seclists.org/fulldisclosure/2024/Oct/12	N/A

Hyperlink: http://seclists.org/fulldisclosure/2024/Oct/13

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2024/Oct/12

Resource: N/A

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:product-security@apple.com

Published At:28 Oct, 2024 | 21:15

Updated At:03 Nov, 2025 | 22:18

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. An application may be able to break out of its sandbox.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Secondary	3.1	8.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CPE Matches

Apple Inc.

>>macos>>Versions before 13.7.1(exclusive)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Apple Inc.

>>macos>>Versions from 14.0(inclusive) to 14.7.1(exclusive)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-693	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-693

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://support.apple.com/en-us/121238	product-security@apple.com	Release Notes Vendor Advisory
https://support.apple.com/en-us/121568	product-security@apple.com	Release Notes Vendor Advisory
https://support.apple.com/en-us/121570	product-security@apple.com	Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2024/Oct/12	af854a3a-2127-422b-91ae-364da2661108	N/A
http://seclists.org/fulldisclosure/2024/Oct/13	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: https://support.apple.com/en-us/121238

Source: product-security@apple.com

Resource:

Release Notes

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/121568

Source: product-security@apple.com

Resource:

Release Notes

Vendor Advisory

Hyperlink: https://support.apple.com/en-us/121570

Source: product-security@apple.com

Resource:

Release Notes

Vendor Advisory

Hyperlink: http://seclists.org/fulldisclosure/2024/Oct/12

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2024/Oct/13

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Similar CVEs

55Records found

CVE-2023-51748

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.10% / 27.11%

7 Day CHG~0.00%

Published-11 Jan, 2024 | 00:00

Updated-20 Jun, 2025 | 17:15

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.

Vendor-scalefusion n/a

Product-scalefusion n/a

CWE ID-CWE-693

Protection Mechanism Failure

CVE-2024-36242

Matching Score-4

Assigner-Intel Corporation

View Details

Matching Score-4

Assigner-Intel Corporation

CVSS Score-7.3||HIGH

EPSS-0.07% / 22.09%

7 Day CHG~0.00%

Published-13 Nov, 2024 | 21:11

Updated-15 Nov, 2024 | 14:00

Protection mechanism failure in the SPP for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

Vendor-n/a Intel Corporation

Product-Intel(R) Processors processors

CWE ID-CWE-693

Protection Mechanism Failure

CVE-2024-25744

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.05% / 14.66%

7 Day CHG~0.00%

Published-12 Feb, 2024 | 00:00

Updated-07 May, 2025 | 22:15

In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.

Vendor-n/a Linux Kernel Organization, Inc

Product-linux_kernel n/a

CWE ID-CWE-693

Protection Mechanism Failure

CVE-2024-20286

Matching Score-4

Assigner-Cisco Systems, Inc.

View Details

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-5.3||MEDIUM

EPSS-0.10% / 28.20%

7 Day CHG~0.00%

Published-28 Aug, 2024 | 16:37

Updated-22 Oct, 2024 | 14:44

Cisco NX-OS Software Python Parser Escape Vulnerability

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.  Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.

Vendor-Cisco Systems, Inc.

Product-n9k-c9232c n9k-c92348gc-x nexus_34200yc-sm nexus_93108tc-ex_switch nexus_93180lc-ex nexus_3132q-x nexus_3172tq nx-os nexus_3200 nexus_3636c-r nexus_9396tx_switch n9k-sup-b nexus_93128tx nexus_9336pq_aci_spine nexus_9372tx_switch nexus_9336pq_aci_spine_switch n9k-c9372px nexus_9336pq_aci n9k-x9732c-fx nexus_92160yc_switch n9k-c9504-fm-r nexus_9432pq n9k-c92304qc nexus_9364d-gx2a nexus_3016q nexus_3132q-v nexus_9332c nexus_92348gc-x nexus_3172tq-32t nexus_9336c-fx2 nexus_3524-x n9k-c93216tc-fx2 nexus_31108tc-v nexus_9372px-e_switch nexus_9636pq nexus_9348gc-fxp nexus_3172 nexus_9808 nexus_9272q nexus_9500_supervisor_b\+nexus_9500_4-slot n9k-sc-a nexus_93120tx_switch nexus_93180yc-fx nexus_3432d-s n9k-sup-b\+n9k-c93108tc-fx n9k-c93360yc-fx2 nexus_3232 nexus_3000 n9k-x9736c-fx nexus_3524 nexus_9000_in_standalone n9k-x9736c-ex nexus_3548-x\/xl nexus_9332d-gx2b nexus_3016 nexus_9364c-h1 nexus_9804 n9k-c9372tx nexus_92304qc n9k-c9396px nexus_93108tc-fx-24 nexus_93240tc-fx2 nexus_9000_in_standalone_nx-os_mode nexus_9500_supervisor_b nexus_9500_8-slot n9k-c9316d-gx nexus_3100 nexus_3048 nexus_9348gc-fx3ph nexus_3500_platform nexus_9372tx-e nexus_93360yc-fx2 nexus_3524-xl n9k-c93180yc-fx nexus_9396tx n9k-c9348gc-fxp nexus_3232c_nexus_92300yc_switch nexus_3064 n9k-c93128tx nexus_9716d-gx nexus_3500 n9k-x9788tc-fx n9k-c93600cd-gx nexus_9336c-fx2-e n9k-c93240yc-fx2 n9k-x9564tx nexus_9396px n9k-c93108tc-ex n9k-c9372tx-e n9k-x9464px nexus_9221c n9k-c9336c-fx2 nexus_3132q-x\/3132q-xl nexus_9372tx nexus_9348d-gx2a n9k-x9432c-s nexus_3064-t nexus_93600cd-gx nexus_3408-s nexus_9536pq nexus_9372px-e nexus_9336pq nexus_3600 nexus_9372tx-e_switch n9k-x9636c-r nexus_3400 n9k-c9364c-gx nexus_9332pq nexus_93108tc-ex nexus_9508 nexus_3100-v n9k-c9236c nexus_92304qc_switch nexus_93120tx n9k-x9400-8d nexus_9316d-gx nexus_3524-x\/xl n9k-c9332d-gx2b nexus_9504_switch nexus_9408 nexus_3100-z n9k-sup-a n9k-c9332pq n9k-x9464tx2 n9k-c93180yc-ex n9k-c9348d-gx2a n9k-x96136yc-r nexus_31128pq n9k-x9636q-r nexus_3548-xl nexus_93180yc-fx3s nexus_3164q nexus_9364c nexus_93400ld-h1 nexus_9800 nexus_3132c-z nexus_3172pq\/pq-xl n9k-x97284yc-fx n9k-c9364d-gx2a n9k-c9272q n9k-x9732c-ex nexus_93180yc-fx-24 nexus_3464c n9k-c9396tx nexus_93216tc-fx2 nexus_9232e nexus_36180yc-r n9k-c9504 nexus_93180tc-ex nexus_3264q nexus_34180yc nexus_9000v nexus_9300 nexus_31108pc-v n9k-x9400-22l n9k-x9636c-rx nexus_9500_supervisor_a\+nexus_3064-32t n9k-c93120tx n9k-c93180yc2-fx nexus_93180yc-fx3 nexus_9508_switch nexus_93180yc-ex-24 n9k-c9516 n9k-c9508 nexus_3100v nexus_3548 nexus_9736pq nexus_9396px_switch nexus_3132q n9k-c9372px-e n9k-x9400-16w n9k-x97160yc-ex nexus_9000_in_aci_mode nexus_9372px nexus_9364c-gx n9k-c9332c nexus_92160yc-x nexus_93180lc-ex_switch nexus_9372px_switch nexus_3000_series nexus_93108tc-ex-24 nexus_9332pq_switch n9k-c92300yc nexus_9500_16-slot nexus_3064x nexus_9000 nexus_31108pv-v nexus_9236c_switch nexus_9500 nexus_93108tc-fx3p nexus_9504 nexus_93108tc-fx nexus_3064t n9k-c9508-fm-r nexus_9500_supervisor_a nexus_9800_34-port_100g_and_14-port_400g_line_card nexus_92300yc nexus_3172pq nexus_3064-x nexus_9272q_switch nexus_3232c nexus_9200yc nexus_9200 nexus_93180yc-ex_switch nexus_93108tc-fx3 nexus_9348gc-fx3 nexus_9800_36-port_400g_line_card n9k-c9364c nexus_93128tx_switch nexus_3264c-e nexus_93240yc-fx2 n9k-c92160yc-x nexus_3548-x nexus_3132q-xl nexus_3172tq-xl nexus_93180yc-ex nexus_9516_switch nexus_9332d-h2r nexus_93128 nexus_93108tc-fx3h n9k-c93180lc-ex nexus_9236c n9k-sup-a\+n9k-x9564px nexus_93180yc-fx3h nexus_9516 nexus_3172pq-xl nexus_9500r Cisco NX-OS Software

CWE ID-CWE-693

Protection Mechanism Failure

CVE-2024-20284

Matching Score-4

Assigner-Cisco Systems, Inc.

View Details

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-5.3||MEDIUM

EPSS-0.10% / 28.20%

7 Day CHG~0.00%

Published-28 Aug, 2024 | 16:37

Updated-17 Oct, 2024 | 15:03

Cisco NX-OS Software Python Parser Escape Vulnerability

Vendor-Cisco Systems, Inc.

CWE ID-CWE-693

Protection Mechanism Failure

CVE-2024-44122

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Affected

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs