SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 24ISSUE 30
@RISK: The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Apple Patches Everything. July 2024 Edition
Published: 2024-07-30
Last Updated: 2024-07-30 17:01:22 UTC
by Johannes Ullrich (Version: 1)
Yesterday, Apple released patches across all of its operating systems. A standalone patch for Safari was released to address WebKit problems in older macOS versions. Apple does not provide CVSS scores or severity ratings. The ratings below are based on my reading of the impact. However, the information isn’t always sufficient to accurately assign a rating.
One vulnerability, CVE-2024-23296, which can be used to bypass kernel protections via RTKit, is already being exploited. Apple patched this issue for newer operating systems in March, but it now releasing the patch for older macOS and iOS versions.
According to my count, these updates address 64 different vulnerabilities.
Read the full entry:
https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CrowdStrike Outage Themed Maldoc
Published: 2024-07-29
Last Updated: 2024-07-29 00:03:44 UTC
by Didier Stevens (Version: 1)
I found a malicious Word document with VBA code using the CrowdStrike outage for social engineering purposes. It's an .ASD file (AutoRecover file). My tool oledump.py can analyze it ...
Before I dive into the VBA code, I want to highlight the metadata of this document: ...
Read the full entry:
https://isc.sans.edu/diary/CrowdStrike+Outage+Themed+Maldoc/31116/
XWorm Hidden With Process Hollowing
Published: 2024-07-25
Last Updated: 2024-07-25 07:21:58 UTC
by Xavier Mertens (Version: 1)
XWorm is not a brand-new malware family. It's a common RAT (Remote Access Tool) re-use regularly in new campaigns. Yesterday, I found a sample that behaves like a dropper and runs the malware using the Process Hollowing technique. The sample is called ... . It's a .Net executable that is, strangely, not obfuscated. It's possible to disassemble it with ilspycmd ...
Read the full entry:
https://isc.sans.edu/diary/XWorm+Hidden+With+Process+Hollowing/31112/
Internet Storm Center Entries
Quickie: Password Cracking & Energy (2024.07.28)
https://isc.sans.edu/diary/Quickie+Password+Cracking+Energy/31122/
Create Your Own BSOD: NotMyFault (2024.07.27)
https://isc.sans.edu/diary/Create+Your+Own+BSOD+NotMyFault/31120/
ExelaStealer Delivered "From Russia With Love" (2024.07.26)
https://isc.sans.edu/diary/ExelaStealer+Delivered+From+Russia+With+Love/31118/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2023-45249 - Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, 5.1.1-71, 5.2.1-69, 5.3.1-53, and 5.4.4-132 is vulnerable to remote command execution due to default passwords.
Product: Acronis Cyber Infrastructure
CVSS Score: 9.8
** KEV since 2024-07-29 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45249
NVD References:
- https://security-advisory.acronis.com/advisories/SEC-6452
- https://www.securityweek.com/acronis-product-vulnerability-exploited-in-the-wild/
CVE-2024-37085 - VMware ESXi is vulnerable to an authentication bypass, allowing a malicious actor with AD permissions to gain full access to a previously configured host by recreating a deleted AD group.
Product: VMware ESXi
CVSS Score: 0
** KEV since 2024-07-30 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37085
ISC Podcast: https://isc.sans.edu/podcastdetail/9076
CVE-2024-3273 - D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L are vulnerable to a critical command injection flaw in the /cgi-bin/nas_sharing.cgi file via an unsupported HTTP GET Request Handler function, allowing remote attackers to exploit it even though the products are no longer supported by the vendor.
Product: D-Link
CVSS Score: 0
** KEV since 2024-04-11 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3273
ISC Podcast: https://isc.sans.edu/podcastdetail/9066
CVE-2024-41319 - TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.
Product: TOTOLINK A6000R
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41319
NVD References:
- https://gist.github.com/yanggao017/40efb889800ae2691c38086ebf80c037
- https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_7_webcmd/README.md
CVE-2024-38164 - GroupMe is vulnerable to an improper access control issue that enables unauthenticated attackers to elevate privileges by tricking users into clicking on a malicious link.
Product: GroupMe
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38164
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38164
CVE-2024-6096 - Telerik Reporting versions prior to 18.1.24.709 are vulnerable to object injection attacks due to insecure type resolution.
Product: Progress Telerik Reporting
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6096
NVD References: https://docs.telerik.com/reporting/knowledge-base/unsafe-reflection-CVE-2024-6096
CVE-2024-6327 - Progress® Telerik® Report Server prior to 2024 Q2 (10.1.24.709) is vulnerable to remote code execution due to an insecure deserialization flaw.
Product: Progress Telerik Report Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6327
NVD References: https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-6327
NVD References: https://www.telerik.com/report-server
CVE-2024-41914 - EdgeConnect SD-WAN Orchestrator is vulnerable to stored cross-site scripting (XSS) attacks, allowing authenticated remote attackers to execute arbitrary script code in an administrative user's browser.
Product: Aruba Networks EdgeConnect SD-WAN Orchestrator
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41914
NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US
CVE-2024-40422 - Stitionai Devika v1 is vulnerable to a path traversal attack in the snapshot_path parameter of the /api/get-browser-snapshot endpoint, allowing attackers to access sensitive files on the server and potentially compromise system integrity.
Product: Stitionai DevikaCVSS Score: 9.1 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40422NVD References: - https://github.com/alpernae/CVE-2024-40422- https://github.com/stitionai/devika- https://github.com/stitionai/devika/pull/619CVE-2024-41110 - Docker Engine has a security vulnerability that could allow an attacker to bypass authorization plugins under specific circumstances, with a low likelihood of exploitation.Product: Docker EngineCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41110NVD References: - https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq- https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-pluginCVE-2024-41551 - CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= .Product: CampCodes Supplier Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41551NVD References: https://github.com/Chencihai/Chencihai/blob/main/cve/supplier-management-system/SQLi-1.mdCVE-2024-41459 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex.Product: Tenda FH1201CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41459NVD References: https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/QuickIndex/QuickIndex.mdCVE-2024-41460 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/RouteStatic.Product: Tenda FH1201CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41460NVD References: https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/RouteStatic/README.mdCVE-2024-41461 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient.Product: Tenda FH1201CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41461NVD References: https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/DhcpListClient/README.mdCVE-2024-7081 - Itsourchcode Tailoring Management System 1.0 is vulnerable to remote SQL injection via the title argument in the expcatadd.php file (VDB-272366).Product: Tailoring Management System Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7081NVD References: - https://github.com/zgg012/cve/issues/1- https://vuldb.com/?ctiid.272366- https://vuldb.com/?id.272366- https://vuldb.com/?submit.379675CVE-2024-37084 - Spring Cloud Data Flow versions prior to 2.11.4 allows a malicious user to write arbitrary files on the file system via a crafted upload request to the Skipper server api.Product: Spring Cloud Data Flow SkipperCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37084NVD References: https://spring.io/security/cve-2024-37084CVE-2024-24621 - Softaculous Webuzo is vulnerable to an authentication bypass flaw allowing remote attackers to gain root access by exploiting the password reset feature.Product: Softaculous WebuzoCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24621NVD References: https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-authentication-bypass/CVE-2024-41112 - streamlit-geospatial is vulnerable to remote code execution due to user input being passed to the `eval()` function in `pages/1_📷_Timelapse.py` prior to commit c4f81d9616d40c60584e36abb15300853a66e489.Product: streamlit-geospatialCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41112NVD References: - https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L373-L376- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L380- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/CVE-2024-41113 - streamlit-geospatial prior to commit c4f81d9616d40c60584e36abb15300853a66e489 is vulnerable to remote code execution due to user input being passed to `eval()` function in `pages/1_📷_Timelapse.py`.Product: streamlit-geospatialCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41113NVD References: - https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L383-L388- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L390-L393- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L395- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/CVE-2024-411…
CVE-2024-41110 - Docker Engine has a security vulnerability that could allow an attacker to bypass authorization plugins under specific circumstances, with a low likelihood of exploitation.
Product: Docker Engine
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41110
NVD References:
- https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq
- https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin
CVE-2024-41551 - CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= .
Product: CampCodes Supplier Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41551
NVD References: https://github.com/Chencihai/Chencihai/blob/main/cve/supplier-management-system/SQLi-1.md
CVE-2024-41459 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex.
Product: Tenda FH1201
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41459
NVD References: https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/QuickIndex/QuickIndex.md
CVE-2024-41460 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/RouteStatic.
Product: Tenda FH1201
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41460
NVD References: https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/RouteStatic/README.md
CVE-2024-41461 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient.
Product: Tenda FH1201
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41461
NVD References: https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/DhcpListClient/README.md
CVE-2024-7081 - Itsourchcode Tailoring Management System 1.0 is vulnerable to remote SQL injection via the title argument in the expcatadd.php file (VDB-272366).
Product: Tailoring Management System Project
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7081
NVD References:
- https://github.com/zgg012/cve/issues/1
- https://vuldb.com/?ctiid.272366
CVE-2024-37084 - Spring Cloud Data Flow versions prior to 2.11.4 allows a malicious user to write arbitrary files on the file system via a crafted upload request to the Skipper server api.
Product: Spring Cloud Data Flow Skipper
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37084
NVD References: https://spring.io/security/cve-2024-37084
CVE-2024-24621 - Softaculous Webuzo is vulnerable to an authentication bypass flaw allowing remote attackers to gain root access by exploiting the password reset feature.
Product: Softaculous Webuzo
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24621
NVD References: https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-authentication-bypass/
CVE-2024-41112 - streamlit-geospatial is vulnerable to remote code execution due to user input being passed to the `eval()` function in `pages/1_📷_Timelapse.py` prior to commit c4f81d9616d40c60584e36abb15300853a66e489.
Product: streamlit-geospatial
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41112
NVD References:
- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489
- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/
CVE-2024-41113 - streamlit-geospatial prior to commit c4f81d9616d40c60584e36abb15300853a66e489 is vulnerable to remote code execution due to user input being passed to `eval()` function in `pages/1_📷_Timelapse.py`.
Product: streamlit-geospatial
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41113
NVD References:
- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489
- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/
CVE-2024-41114 - streamlit-geospatial, a streamlit multipage app for geospatial applications, is vulnerable to remote code execution through user input in the `palette` variable on line 430 in `pages/1_📷_Timelapse.py` prior to commit c4f81d9616d40c60584e36abb15300853a66e489.
Product: streamlit streamlit-geospatial
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41114
NVD References:
- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489
- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/
CVE-2024-41115 - streamlit-geospatial's `palette` variable in `pages/1_📷_Timelapse.py` allows remote code execution via user input before commit c4f81d9616d40c60584e36abb15300853a66e489.
Product: streamlit-geospatial
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41115
NVD References:
- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489
- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/
CVE-2024-41116 - streamlit-geospatial prior to commit c4f81d9616d40c60584e36abb15300853a66e489 allows for remote code execution due to user input being directly used in the `eval()` function.
Product: streamlit-geospatial
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41116
NVD References:
- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489
- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/
CVE-2024-41117 - streamlit-geospatial is vulnerable to remote code execution due to user input being passed to the `eval()` function in `pages/10_🌍_Earth_Engine_Datasets.py` prior to commit c4f81d9616d40c60584e36abb15300853a66e489.
Product: streamlit-geospatial
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41117
NVD References:
- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489
- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/
CVE-2024-41119 - streamlit-geospatial allows for remote code execution due to a vulnerability in the `vis_params` variable in `8_🏜️_Raster_Data_Visualization.py` prior to commit c4f81d9616d40c60584e36abb15300853a66e489.
Product: streamlit-geospatial
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41119
NVD References:
- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489
- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/
CVE-2024-41120 - streamlit-geospatial allows for blind server-side request forgery due to user input being passed to the `gpd.read_file` method prior to commit c4f81d9616d40c60584e36abb15300853a66e489.
Product: streamlit-geospatial
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41120
NVD References:
- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489
- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/
CVE-2024-5670 - Mail SQR Expert and Mail Archiving Expert by Softnext are susceptible to unauthenticated remote attackers injecting arbitrary OS commands due to improper user input validation.
Product: Softnext Mail SQR Expert
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5670
NVD References:
CVE-2024-7201 - WinMatrix3 Web package from Simopro Technology is vulnerable to SQL injection due to lack of input validation, enabling unauthorized access to database contents.
Product: Simopro Technology WinMatrix3 Web package
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7201
NVD References:
CVE-2024-7202 - WinMatrix3 Web package from Simopro Technology is vulnerable to unauthenticated SQL injection attacks that can lead to unauthorized access and modification of database data.
Product: Simopro Technology WinMatrix3 Web package
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7202
NVD References:
CVE-2024-37906 - Admidio before version 4.3.9 is vulnerable to SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file, allowing compromise of the application's database through the `ecard_recipients `POST parameter.
Product: Admidio Application
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37906
NVD References:
- https://github.com/Admidio/admidio/commit/3ff02b0c64a6911ab3e81cd61077f392c0b25248
- https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3
CVE-2024-38529 - Admidio is vulnerable to Remote Code Execution due to lack of file extension verification in the Message module, allowing malicious PHP files to be uploaded and accessed publicly.
Product: Admidio Application
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38529
NVD References:
- https://github.com/Admidio/admidio/commit/3b1cc1cda05747edebe15f2825b79bc5a673d94c
- https://github.com/Admidio/admidio/security/advisories/GHSA-g872-jwwr-vggm
CVE-2024-41702 - SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Product: SiberianCMS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41702
NVD References: https://www.gov.il/en/Departments/faq/cve_advisories
CVE-2024-22064 - The ZTE ZXUN-ePDG product is vulnerable to information leakage due to its use of non-unique cryptographic keys during secure connections with mobile devices.
Product: ZTE ZXUN-ePDG
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22064
ISC Podcast: https://isc.sans.edu/podcastdetail/9076
CVE-2024-23296 - Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
Product: Multiple Apple products
CVSS Score: 7.8
** KEV since 2024-03-06 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23296
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27834 - An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
Product: Apple iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27834
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27804 - An app may be able to execute arbitrary code with kernel privileges.
Product: iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27804
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27816 - An attacker may be able to access user data.
Product: iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27816
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27841 - An app may be able to disclose kernel memory.
Product: iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5.
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27841
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27839 - A malicious application may be able to determine a user's current location.
Product: iOS 17.5 and iPadOS 17.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27839
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27818 - An attacker may be able to cause unexpected app termination or arbitrary code execution.
Product: iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27818
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27810 - An app may be able to read sensitive location information.
Product: iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27810
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27852 - A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages.
Product: iOS 17.5 and iPadOS 17.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27852
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27835 - An attacker with physical access to an iOS device may be able to access notes from the lock screen.
Product: iOS 17.5 and iPadOS 17.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27835
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27803 - An attacker with physical access may be able to share items from the lock screen.
Product: iOS 17.5 and iPadOS 17.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27803
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27821 - A shortcut may output sensitive user data without consent.
Product: iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27821
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27847 - An app may be able to bypass Privacy preferences.
Product: iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27847
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27796 - An attacker may be able to elevate privileges.
Product: iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27796
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27789 - An app may be able to access user-sensitive data.
Product: iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Ventura 13.6.7, macOS Sonoma 14.4
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27789
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27837 - A local attacker may gain access to Keychain items.
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27837
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27825 - An app may be able to bypass certain Privacy preferences.
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27825
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27829 - Processing a file may lead to unexpected app termination or arbitrary code execution.
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27829
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-23236 - An app may be able to read arbitrary files.
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23236
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27827 - An app may be able to read arbitrary files.
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27827
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27822 - An app may be able to gain root privileges.
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27822
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27824 - An app may be able to elevate privileges.
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27824
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27813 - An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27813
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27843 - An app may be able to elevate privileges.
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27843
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27798 - An attacker may be able to elevate privileges.
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27798
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-27842 - An app may be able to execute arbitrary code with kernel privileges.
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27842
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CVE-2024-23229 - A malicious application may be able to access Find My data.
Product: macOS Monterey 12.7.5, macOS Ventura 13.6.5, macOS Sonoma 14.4
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23229
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Sponsors
Sevco Security
How does a vulnerability management program benefit from combining comprehensive and timely vulnerability and exploit data – like exploit maturity, type classifications, and real-time exploitation evidence – with native intelligence on asset criticality and business context to determine risk? Read Sevco’s latest blog to learn how these drive more proactive vulnerability management and prioritization.
SANS
Webcast: SANS 2024 Multicloud Survey: Securing Multiple Clouds Amid Constant Changes | August 28, 11:00AM ET | Kenneth G. Hartman and Simon Vernon share crucial insights into securing multiple cloud environments, exploring the latest survey results, best practices, and impact of different architecture strategies on security implementation. Reserve your seat today:
SANS
Webcast: SANS 2024 Multicloud Survey: Securing Multiple Clouds Amid Constant Changes | August 28, 11:00AM ET | Kenneth G. Hartman and Simon Vernon share crucial insights into securing multiple cloud environments, exploring the latest survey results, best practices, and impact of different architecture strategies on security implementation. Reserve your seat today:
SANS
Webcast: SANS 2024 Multicloud Survey: Securing Multiple Clouds Amid Constant Changes | August 28, 11:00AM ET | Kenneth G. Hartman and Simon Vernon share crucial insights into securing multiple cloud environments, exploring the latest survey results, best practices, and impact of different architecture strategies on security implementation. Reserve your seat today: