Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-44141

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-24 Oct, 2024 | 16:40
Updated At-24 Oct, 2024 | 18:11
Rejected At-
Credits

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A person with physical access to an unlocked Mac may be able to gain root code execution.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:24 Oct, 2024 | 16:40
Updated At:24 Oct, 2024 | 18:11
Rejected At:
▼CVE Numbering Authority (CNA)

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A person with physical access to an unlocked Mac may be able to gain root code execution.

Affected Products
Vendor
Apple Inc.Apple
Product
macOS
Versions
Affected
  • From unspecified before 14.6 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AA person with physical access to an unlocked Mac may be able to gain root code execution
Type: N/A
CWE ID: N/A
Description: A person with physical access to an unlocked Mac may be able to gain root code execution
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/120911
N/A
Hyperlink: https://support.apple.com/en-us/120911
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Apple Inc.apple
Product
macos
CPEs
  • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 14.6 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-noinfoCWE-noinfo Not enough information
Type: CWE
CWE ID: CWE-noinfo
Description: CWE-noinfo Not enough information
Metrics
VersionBase scoreBase severityVector
3.16.6MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:24 Oct, 2024 | 17:15
Updated At:11 Dec, 2024 | 18:29

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A person with physical access to an unlocked Mac may be able to gain root code execution.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.8MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.6MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Apple Inc.
apple
>>macos>>Versions from 14.0(inclusive) to 14.6(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.apple.com/en-us/120911product-security@apple.com
Vendor Advisory
Hyperlink: https://support.apple.com/en-us/120911
Source: product-security@apple.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

86Records found
CVE-2024-44225
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.79%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:57
Updated-07 Jan, 2025 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to gain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacoswatchOSmacOSiPadOStvOSiOS and iPadOS
CVE-2024-44145
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.04% / 10.39%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-12 Dec, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadosmacOSiOS and iPadOSiphone_osipad_osmac_os
CVE-2024-44240
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.41%
||
7 Day CHG+0.02%
Published-28 Oct, 2024 | 21:08
Updated-12 Dec, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosvisionosmacoswatchOSmacOSvisionOStvOSiOS and iPadOS
CVE-2024-44256
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.03% / 5.33%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-12 Dec, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to break out of its sandbox.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmac_os
CVE-2024-44290
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.02% / 3.89%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:57
Updated-16 Dec, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1. An app may be able to determine a user’s current location.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadoswatchOSiOS and iPadOS
CVE-2024-40833
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 16.32%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 22:17
Updated-27 Oct, 2024 | 01:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadosmacOSiOS and iPadOS
CVE-2024-40867
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.09%
||
7 Day CHG+0.01%
Published-28 Oct, 2024 | 21:07
Updated-01 Nov, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOSiosipados
CVE-2024-40853
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 14.07%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-30 Oct, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to use Siri to enable Auto-Answer Calls.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CVE-2024-54500
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.80%
||
7 Day CHG+0.01%
Published-11 Dec, 2024 | 22:57
Updated-20 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted image may result in disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosvisionosmacoswatchOSmacOSiPadOSvisionOStvOSiOS and iPadOS
CVE-2024-54503
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.06% / 17.52%
||
7 Day CHG+0.01%
Published-11 Dec, 2024 | 22:59
Updated-13 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in mute being enabled.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CVE-2024-54498
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-3.72% / 87.50%
||
7 Day CHG+0.20%
Published-11 Dec, 2024 | 22:58
Updated-21 Dec, 2024 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to break out of its sandbox.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CVE-2024-54527
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.86%
||
7 Day CHG+0.01%
Published-11 Dec, 2024 | 22:58
Updated-16 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacostvOSmacOSwatchOSiOS and iPadOS
CVE-2024-54491
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.39%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:57
Updated-08 Jan, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was resolved by sanitizing logging This issue is fixed in macOS Sequoia 15.2. A malicious application may be able to determine a user's current location.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CVE-2024-54526
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.59%
||
7 Day CHG+0.01%
Published-11 Dec, 2024 | 22:57
Updated-16 Dec, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to access private information.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacostvOSmacOSwatchOSiOS and iPadOS
CVE-2024-44206
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.42% / 61.26%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 16:40
Updated-21 Nov, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be able to bypass some web content restrictions.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadostvosvisionossafarimacoswatchOSSafarimacOSvisionOStvOSiOS and iPadOS
CVE-2024-44159
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.10%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-01 Nov, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmacos
CVE-2024-44291
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.23%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:58
Updated-21 Dec, 2024 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CVE-2024-44299
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.21%
||
7 Day CHG+0.03%
Published-11 Dec, 2024 | 22:59
Updated-13 Dec, 2024 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CVE-2024-44300
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.14%
||
7 Day CHG+0.01%
Published-11 Dec, 2024 | 22:57
Updated-20 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access protected user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CVE-2024-44217
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.11% / 29.63%
||
7 Day CHG+0.01%
Published-28 Oct, 2024 | 21:08
Updated-12 Dec, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in iOS 18 and iPadOS 18. Password autofill may fill in passwords after failing authentication.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOSiphone_osipad_os
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-44197
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-2.7||LOW
EPSS-0.07% / 20.95%
||
7 Day CHG+0.01%
Published-28 Oct, 2024 | 21:08
Updated-14 Nov, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious app may be able to cause a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CVE-2024-44259
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.24% / 46.63%
||
7 Day CHG+0.04%
Published-28 Oct, 2024 | 21:07
Updated-11 Dec, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. An attacker may be able to misuse a trust relationship to download malicious content.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadossafarivisionosmacosvisionOSSafarimacOSiOS and iPadOSvisionosiosipados
CVE-2024-44231
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.87%
||
7 Day CHG+0.01%
Published-20 Dec, 2024 | 04:06
Updated-06 Jan, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. A person with physical access to a Mac may be able to bypass Login Window during a software update.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CVE-2024-44302
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.54%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-06 Dec, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted font may result in the disclosure of process memory.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosvisionosmacoswatchOSmacOSvisionOStvOSiOS and iPadOS
CVE-2024-44278
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.04%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:07
Updated-11 Dec, 2024 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A sandboxed app may be able to access sensitive user data in system logs.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadosvisionosmacosvisionOSwatchOSmacOSiOS and iPadOS
CVE-2024-44262
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.10%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:07
Updated-30 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved redaction of sensitive information. This issue is fixed in visionOS 2.1. A user may be able to view sensitive user information.

Action-Not Available
Vendor-Apple Inc.
Product-visionosvisionOS
CVE-2024-44267
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-2.7||LOW
EPSS-0.06% / 17.89%
||
7 Day CHG+0.01%
Published-28 Oct, 2024 | 21:08
Updated-30 Oct, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious application may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CVE-2024-44123
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-2.3||LOW
EPSS-0.02% / 4.28%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-06 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. A malicious app with root privileges may be able to access keyboard input and location information without user consent.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadosmacOSiOS and iPadOS
CVE-2024-44261
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 9.80%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-11 Dec, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CVE-2024-44295
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.7||HIGH
EPSS-0.03% / 6.06%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 21:08
Updated-12 Dec, 2024 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOSmac_os
CVE-2024-44243
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 20.10%
||
7 Day CHG+0.03%
Published-11 Dec, 2024 | 22:57
Updated-20 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2. An app may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CVE-2024-40240
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.07% / 22.24%
||
7 Day CHG~0.00%
Published-08 Nov, 2024 | 00:00
Updated-13 Nov, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect access control issue in HomeServe Home Repair' android app - 3.3.4 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function.

Action-Not Available
Vendor-homeserven/ahomeserveusa
Product-homeserven/ahomeserve
CVE-2024-40239
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.07% / 21.73%
||
7 Day CHG~0.00%
Published-08 Nov, 2024 | 00:00
Updated-13 Nov, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect access control issue in Life: Personal Diary, Journal android app 17.5.0 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function.

Action-Not Available
Vendor-hitbytesn/ahitbytestechnologies
Product-lifen/alife
CVE-2023-20589
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.08% / 24.96%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:04
Updated-13 Nov, 2024 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fTPM Voltage Fault Injection

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. 

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xathlon_gold_pro_3150ge_firmwareryzen_5_6600h_firmwareryzen_3_pro_3200ge_firmwareathlon_silver_3050u_firmwareathlon_silver_3050e_firmwareryzen_3_3200geryzen_5_pro_5645ryzen_3_3100_firmwareryzen_threadripper_2950x_firmwareryzen_7_7735hs_firmwareryzen_9_3900xryzen_5_pro_3350ge_firmwareryzen_9_5900x_firmwareryzen_7_4700geryzen_9_6900hx_firmwareathlon_gold_3150c_firmwareryzen_9_5980hxryzen_7_pro_7730uryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareathlon_pro_300geryzen_5_5600xryzen_9_5900_firmwareryzen_3_pro_7330uryzen_threadripper_pro_5995wxryzen_5_4600g_firmwareryzen_5_3600xt_firmwareryzen_3_5300geryzen_5_5600hsathlon_gold_pro_3150gryzen_3_4100_firmwareryzen_7_5825uryzen_7_5825u_firmwareryzen_5_3600x_firmwareryzen_7_4700gryzen_5_3400gryzen_threadripper_3960x_firmwareryzen_7_5800x3d_firmwareryzen_5_6600hryzen_threadripper_3960xryzen_threadripper_2950xryzen_9_6980hxryzen_threadripper_pro_3975wxathlon_pro_3145bryzen_5_5560uryzen_threadripper_pro_5945wxryzen_3_pro_3200geryzen_3_pro_3200g_firmwareryzen_3_4300g_firmwareryzen_3_pro_3200gryzen_3_3100ryzen_7_5700u_firmwareryzen_5_6600hsryzen_3_3200gathlon_silver_3050eryzen_7_pro_5845ryzen_9_5900hsryzen_3_4100ryzen_7_5700gryzen_threadripper_2920xryzen_9_5980hsryzen_5_pro_3350g_firmwareryzen_7_3800xt_firmwareryzen_3_5125c_firmwareryzen_9_6900hxryzen_5_5500u_firmwareryzen_7_5800h_firmwareryzen_9_6900hsryzen_threadripper_pro_5965wx_firmwareryzen_3_3300xryzen_7_3700xryzen_5_5500ryzen_3_5400uryzen_5_4600geathlon_pro_3045bathlon_gold_pro_3150geryzen_5_5600_firmwareryzen_7_5800xryzen_9_pro_5945ryzen_threadripper_3990x_firmwareryzen_9_3900athlon_gold_3150geathlon_silver_3050c_firmwareryzen_5_5600x_firmwareryzen_5_pro_3350gryzen_9_3900_firmwareryzen_7_3700x_firmwareryzen_7_5800x3dryzen_9_5900ryzen_3_5300gryzen_5_5600ge_firmwareryzen_9_5980hs_firmwareryzen_7_6800h_firmwareryzen_threadripper_3990xryzen_7_6800u_firmwareryzen_5_5600hs_firmwareryzen_5_3400g_firmwareryzen_3_7320uryzen_5_pro_7530uathlon_gold_3150uryzen_5_5600h_firmwareryzen_threadripper_pro_5955wxryzen_5_7520uryzen_3_4300geryzen_7_5700ryzen_5_5500uryzen_3_5400u_firmwareryzen_9_6900hs_firmwareathlon_silver_3050cryzen_7_5800ryzen_7_6800hs_firmwareryzen_7_3800xathlon_gold_3150g_firmwareryzen_5_7535uryzen_7_7735uryzen_9_5950xryzen_5_3600_firmwareryzen_5_5500_firmwareryzen_threadripper_2990wx_firmwareryzen_3_3300x_firmwareryzen_5_5600hryzen_7_6800hsryzen_5_pro_3400g_firmwareryzen_9_3900xt_firmwareryzen_3_5300u_firmwareryzen_5_7535u_firmwareryzen_7_6800uryzen_7_7736uryzen_3_5300uryzen_threadripper_pro_5945wx_firmwareryzen_5_5600gryzen_5_3600xtryzen_3_5425u_firmwareryzen_7_7735hsryzen_5_3500x_firmwareryzen_9_3900xtryzen_5_5600uryzen_threadripper_pro_5975wxathlon_pro_3045b_firmwareryzen_9_5900hx_firmwareryzen_5_3500xryzen_9_5950x_firmwareryzen_5_5600x3d_firmwareryzen_5_5600geryzen_threadripper_2970wx4700sryzen_7_5800x_firmwareryzen_3_5300ge_firmwareryzen_5_5625uryzen_5_6600uryzen_5_pro_3400gryzen_threadripper_2920x_firmwareryzen_7_5700geryzen_9_6980hs_firmwareryzen_3_4300gathlon_pro_3145b_firmwareryzen_3_5125cryzen_7_3800x_firmwareryzen_5_pro_3350ge4700s_firmwareryzen_9_6980hx_firmwareryzen_7_7735u_firmwareryzen_threadripper_pro_3945wx_firmwareryzen_7_pro_5845_firmwareryzen_7_4700g_firmwareryzen_9_5900hs_firmwareryzen_5_5600u_firmwareryzen_5_5600x3dryzen_5_3600xathlon_pro_300ge_firmwareryzen_3_3200g_firmwareryzen_5_6600u_firmwareryzen_3_7335uryzen_7_3800xtryzen_7_5700g_firmwareryzen_threadripper_pro_5975wx_firmwareryzen_7_5700_firmwareryzen_threadripper_2970wx_firmwareryzen_5_7535hs_firmwareryzen_9_3950x_firmwareryzen_9_pro_5945_firmwareryzen_5_7520u_firmwareryzen_threadripper_pro_3995wxryzen_5_7535hsathlon_gold_3150gryzen_5_4500_firmwareryzen_7_5700x_firmwareryzen_3_5300g_firmwareryzen_7_4700ge_firmwareryzen_threadripper_pro_3955wxryzen_7_5800u_firmwareryzen_7_7736u_firmwareryzen_9_3900x_firmwareryzen_3_7320u_firmwareryzen_5_6600hs_firmwareryzen_3_pro_7330u_firmwareryzen_5_pro_5645_firmwareathlon_silver_3050uryzen_3_5425uryzen_5_3500_firmwareryzen_5_4600gryzen_threadripper_pro_3955wx_firmwareryzen_7_5800_firmwareryzen_9_5980hx_firmwareryzen_3_5100_firmwareryzen_5_5560u_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_threadripper_pro_5965wxryzen_7_5800uryzen_9_5900hxathlon_gold_pro_3150g_firmwareathlon_gold_3150cryzen_5_5600g_firmwareryzen_5_pro_3400geathlon_gold_3150u_firmwareryzen_9_3950xryzen_3_4300ge_firmwareryzen_3_3200ge_firmwareryzen_threadripper_3970xryzen_5_5600ryzen_3_5100ryzen_threadripper_2990wxryzen_5_3500ryzen_7_5800hryzen_7_pro_7730u_firmwareryzen_threadripper_pro_3945wxryzen_5_pro_3400ge_firmwareryzen_5_3600ryzen_threadripper_3970x_firmwareryzen_5_4600ge_firmwareryzen_threadripper_pro_3975wx_firmwareryzen_7_5800hs_firmwareathlon_gold_3150ge_firmwareryzen_5_pro_7530u_firmwareryzen_threadripper_pro_5995wx_firmwareryzen_5_5625u_firmwareryzen_3_7335u_firmwareryzen_7_5700uryzen_7_5700ge_firmwareryzen_7_5700xryzen_9_6980hsryzen_7_6800hryzen_5_4500Ryzen™ PRO 3000 Series Desktop ProcessorsRyzen™ 7035 Series Processors with Radeon™ Graphics Ryzen™ Threadripper™ 5000 Series ProcessorsAthlon™ 3000 Series Mobile Processors with Radeon™ GraphicsRyzen™ PRO 7030 Series ProcessorsRyzen™ Threadripper™ 2000 Series Processors Ryzen™ 4000 Series Desktop Processors with Radeon™ GraphicsRyzen™ PRO 5000 Series Desktop ProcessorsRyzen™ 3000 Series Desktop ProcessorsRyzen™ PRO 3000 Series Processors with Radeon™ Vega GraphicsAthlon™ 3000 Series Processors with Radeon™ Graphics Ryzen™ PRO 5000 Series ProcessorsRyzen™ 3000 Series Desktop Processors with Radeon™ GraphicsRyzen™ PRO 6000 Series ProcessorsRyzen™ 5000 Series Desktop Processors with Radeon™ GraphicsRyzen™ PRO 4000 Series Desktop ProcessorsRyzen™ 7020 Series Processors with Radeon™ GraphicsRyzen™ Threadripper™ 3000 Series ProcessorsAthlon™ PRO 3000 Series Processors with Radeon™ Vega GraphicsRyzen™ 5000 Series Processors with Radeon™ GraphicsRyzen™ 7030 Series Processors with Radeon™ GraphicsRyzen™ 6000 Series Processors with Radeon™ GraphicsRyzen™ 5000 Series Desktop Processors
CVE-2022-26581
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.05% / 13.64%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-20 Nov, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The attacker must have physical USB access to the device in order to exploit this vulnerability.

Action-Not Available
Vendor-paxtechnologyn/apax
Product-a930paydroidn/aa930
CWE ID-CWE-862
Missing Authorization
CVE-2023-35818
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 34.47%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 00:00
Updated-31 Oct, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit another behavior in the chip to gain unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute stub code.

Action-Not Available
Vendor-espressifn/a
Product-esp32-mini-1u_firmwareesp32-devkitc_firmwareesp32-pico-v3-02esp32-wrover-ieesp32-mini-1esp32-wrover-ie_firmwareesp32-wroom-da_firmwareesp32-pico-v3-zero_firmwareesp32-wroom-daesp32-pico-d4esp32-pico-v3-zero-devkit_firmwareesp32-pico-kit_firmwareesp32-vaquita-dspgesp32-wroom-32e_firmwareesp32-u4wdh_firmwareesp32-pico-d4_firmwareesp32-pico-v3_firmwareesp32-u4wdhesp32-devkitcesp32-pico-mini-02u_firmwareesp32-wroom-32ueesp32-pico-v3-zeroesp32-mini-1_firmwareesp32-wrover-eesp32-pico-mini-02uesp32-d0wd-v3_firmwareesp32-d0wdr2-v3_firmwareesp32-vaquita-dspg_firmwareesp32-wroom-32ue_firmwareesp32-pico-kitesp32-pico-v3esp-eye_firmwareesp32-mini-1uesp32-pico-mini-02_firmwareesp32-devkitm-1_firmwareesp-eyeesp32-devkitm-1esp32-wrover-e_firmwareesp32-wroom-32eesp32-pico-v3-zero-devkitesp32-d0wdr2-v3esp32-pico-mini-02esp32-d0wd-v3esp32-pico-v3-02_firmwaren/a
  • Previous
  • 1
  • 2
  • Next
Details not found