@RISK: The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Apple Patches Everything. July 2024 Edition

Published: 2024-07-30

Last Updated: 2024-07-30 17:01:22 UTC

by Johannes Ullrich (Version: 1)

Yesterday, Apple released patches across all of its operating systems. A standalone patch for Safari was released to address WebKit problems in older macOS versions. Apple does not provide CVSS scores or severity ratings. The ratings below are based on my reading of the impact. However, the information isn’t always sufficient to accurately assign a rating.

One vulnerability, CVE-2024-23296, which can be used to bypass kernel protections via RTKit, is already being exploited. Apple patched this issue for newer operating systems in March, but it now releasing the patch for older macOS and iOS versions.

According to my count, these updates address 64 different vulnerabilities.

Read the full entry:

https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CrowdStrike Outage Themed Maldoc

Published: 2024-07-29

Last Updated: 2024-07-29 00:03:44 UTC

by Didier Stevens (Version: 1)

I found a malicious Word document with VBA code using the CrowdStrike outage for social engineering purposes. It's an .ASD file (AutoRecover file). My tool oledump.py can analyze it ...

Before I dive into the VBA code, I want to highlight the metadata of this document: ...

Read the full entry:

https://isc.sans.edu/diary/CrowdStrike+Outage+Themed+Maldoc/31116/

XWorm Hidden With Process Hollowing

Published: 2024-07-25

Last Updated: 2024-07-25 07:21:58 UTC

by Xavier Mertens (Version: 1)

XWorm is not a brand-new malware family. It's a common RAT (Remote Access Tool) re-use regularly in new campaigns. Yesterday, I found a sample that behaves like a dropper and runs the malware using the Process Hollowing technique. The sample is called ... . It's a .Net executable that is, strangely, not obfuscated. It's possible to disassemble it with ilspycmd ...

Read the full entry:

https://isc.sans.edu/diary/XWorm+Hidden+With+Process+Hollowing/31112/

Quickie: Password Cracking & Energy (2024.07.28)

https://isc.sans.edu/diary/Quickie+Password+Cracking+Energy/31122/

Create Your Own BSOD: NotMyFault (2024.07.27)

https://isc.sans.edu/diary/Create+Your+Own+BSOD+NotMyFault/31120/

ExelaStealer Delivered "From Russia With Love" (2024.07.26)

https://isc.sans.edu/diary/ExelaStealer+Delivered+From+Russia+With+Love/31118/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2023-45249 - Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, 5.1.1-71, 5.2.1-69, 5.3.1-53, and 5.4.4-132 is vulnerable to remote command execution due to default passwords.

Product: Acronis Cyber Infrastructure

CVSS Score: 9.8

** KEV since 2024-07-29 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45249

NVD References:

- https://security-advisory.acronis.com/advisories/SEC-6452

- https://www.securityweek.com/acronis-product-vulnerability-exploited-in-the-wild/

CVE-2024-37085 - VMware ESXi is vulnerable to an authentication bypass, allowing a malicious actor with AD permissions to gain full access to a previously configured host by recreating a deleted AD group.

Product: VMware ESXi

CVSS Score: 0

** KEV since 2024-07-30 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37085

ISC Podcast: https://isc.sans.edu/podcastdetail/9076

CVE-2024-3273 - D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L are vulnerable to a critical command injection flaw in the /cgi-bin/nas_sharing.cgi file via an unsupported HTTP GET Request Handler function, allowing remote attackers to exploit it even though the products are no longer supported by the vendor.

Product: D-Link

CVSS Score: 0

** KEV since 2024-04-11 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3273

ISC Podcast: https://isc.sans.edu/podcastdetail/9066

CVE-2024-41319 - TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.

Product: TOTOLINK A6000R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41319

NVD References:

- https://gist.github.com/yanggao017/40efb889800ae2691c38086ebf80c037

- https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_7_webcmd/README.md

CVE-2024-38164 - GroupMe is vulnerable to an improper access control issue that enables unauthenticated attackers to elevate privileges by tricking users into clicking on a malicious link.

Product: GroupMe

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38164

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38164

CVE-2024-6096 - Telerik Reporting versions prior to 18.1.24.709 are vulnerable to object injection attacks due to insecure type resolution.

Product: Progress Telerik Reporting

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6096

NVD References: https://docs.telerik.com/reporting/knowledge-base/unsafe-reflection-CVE-2024-6096

CVE-2024-6327 - Progress® Telerik® Report Server prior to 2024 Q2 (10.1.24.709) is vulnerable to remote code execution due to an insecure deserialization flaw.

Product: Progress Telerik Report Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6327

NVD References: https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-6327

NVD References: https://www.telerik.com/report-server

CVE-2024-41914 - EdgeConnect SD-WAN Orchestrator is vulnerable to stored cross-site scripting (XSS) attacks, allowing authenticated remote attackers to execute arbitrary script code in an administrative user's browser.

Product: Aruba Networks EdgeConnect SD-WAN Orchestrator

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41914

NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US

CVE-2024-40422 - Stitionai Devika v1 is vulnerable to a path traversal attack in the snapshot_path parameter of the /api/get-browser-snapshot endpoint, allowing attackers to access sensitive files on the server and potentially compromise system integrity.

Product: Stitionai Devika

CVSS Score: 9.1 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40422

NVD References:

- https://github.com/alpernae/CVE-2024-40422

- https://github.com/stitionai/devika

- https://github.com/stitionai/devika/pull/619

CVE-2024-41110 - Docker Engine has a security vulnerability that could allow an attacker to bypass authorization plugins under specific circumstances, with a low likelihood of exploitation.

Product: Docker Engine

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41110

NVD References:

- https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq

- https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin

CVE-2024-41551 - CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= .

Product: CampCodes Supplier Management System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41551

NVD References: https://github.com/Chencihai/Chencihai/blob/main/cve/supplier-management-system/SQLi-1.md

CVE-2024-41459 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex.

Product: Tenda FH1201

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41459

NVD References: https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/QuickIndex/QuickIndex.md

CVE-2024-41460 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/RouteStatic.

Product: Tenda FH1201

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41460

NVD References: https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/RouteStatic/README.md

CVE-2024-41461 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient.

Product: Tenda FH1201

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41461

NVD References: https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/DhcpListClient/README.md

CVE-2024-7081 - Itsourchcode Tailoring Management System 1.0 is vulnerable to remote SQL injection via the title argument in the expcatadd.php file (VDB-272366).

Product: Tailoring Management System Project

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7081

NVD References:

- https://github.com/zgg012/cve/issues/1

- https://vuldb.com/?ctiid.272366

- https://vuldb.com/?id.272366

- https://vuldb.com/?submit.379675

CVE-2024-37084 - Spring Cloud Data Flow versions prior to 2.11.4 allows a malicious user to write arbitrary files on the file system via a crafted upload request to the Skipper server api.

Product: Spring Cloud Data Flow Skipper

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37084

NVD References: https://spring.io/security/cve-2024-37084

CVE-2024-24621 - Softaculous Webuzo is vulnerable to an authentication bypass flaw allowing remote attackers to gain root access by exploiting the password reset feature.

Product: Softaculous Webuzo

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24621

NVD References: https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-authentication-bypass/

CVE-2024-41112 - streamlit-geospatial is vulnerable to remote code execution due to user input being passed to the `eval()` function in `pages/1_📷_Timelapse.py` prior to commit c4f81d9616d40c60584e36abb15300853a66e489.

Product: streamlit-geospatial

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41112

NVD References:

- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L373-L376

- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L380

- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489

- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/

CVE-2024-41113 - streamlit-geospatial prior to commit c4f81d9616d40c60584e36abb15300853a66e489 is vulnerable to remote code execution due to user input being passed to `eval()` function in `pages/1_📷_Timelapse.py`.

Product: streamlit-geospatial

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41113

NVD References:

- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L383-L388

- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L390-L393

- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L395

- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489

- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/

CVE-2024-41114 - streamlit-geospatial, a streamlit multipage app for geospatial applications, is vulnerable to remote code execution through user input in the `palette` variable on line 430 in `pages/1_📷_Timelapse.py` prior to commit c4f81d9616d40c60584e36abb15300853a66e489.

Product: streamlit streamlit-geospatial

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41114

NVD References:

- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L430

- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L435

- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489

- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/

CVE-2024-41115 - streamlit-geospatial's `palette` variable in `pages/1_📷_Timelapse.py` allows remote code execution via user input before commit c4f81d9616d40c60584e36abb15300853a66e489.

Product: streamlit-geospatial

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41115

NVD References:

- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L488

- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L493

- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489

- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/

CVE-2024-41116 - streamlit-geospatial prior to commit c4f81d9616d40c60584e36abb15300853a66e489 allows for remote code execution due to user input being directly used in the `eval()` function.

Product: streamlit-geospatial

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41116

NVD References:

- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L1254

- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L1345

- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489

- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/

CVE-2024-41117 - streamlit-geospatial is vulnerable to remote code execution due to user input being passed to the `eval()` function in `pages/10_🌍_Earth_Engine_Datasets.py` prior to commit c4f81d9616d40c60584e36abb15300853a66e489.

Product: streamlit-geospatial

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41117

NVD References:

- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/10_%F0%9F%8C%8D_Earth_Engine_Datasets.py#L115

- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/10_%F0%9F%8C%8D_Earth_Engine_Datasets.py#L126

- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489

- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/

CVE-2024-41119 - streamlit-geospatial allows for remote code execution due to a vulnerability in the `vis_params` variable in `8_🏜️_Raster_Data_Visualization.py` prior to commit c4f81d9616d40c60584e36abb15300853a66e489.

Product: streamlit-geospatial

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41119

NVD References:

- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/8_%F0%9F%8F%9C%EF%B8%8F_Raster_Data_Visualization.py#L80

- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/8_%F0%9F%8F%9C%EF%B8%8F_Raster_Data_Visualization.py#L86

- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489

- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/

CVE-2024-41120 - streamlit-geospatial allows for blind server-side request forgery due to user input being passed to the `gpd.read_file` method prior to commit c4f81d9616d40c60584e36abb15300853a66e489.

Product: streamlit-geospatial

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41120

NVD References:

- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/9_%F0%9F%94%B2_Vector_Data_Visualization.py#L63

- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/9_%F0%9F%94%B2_Vector_Data_Visualization.py#L87

- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489

- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/

CVE-2024-5670 - Mail SQR Expert and Mail Archiving Expert by Softnext are susceptible to unauthenticated remote attackers injecting arbitrary OS commands due to improper user input validation.

Product: Softnext Mail SQR Expert

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5670

NVD References:

- https://www.twcert.org.tw/en/cp-139-7959-09d0e-2.html

- https://www.twcert.org.tw/tw/cp-132-7958-817f4-1.html

CVE-2024-7201 - WinMatrix3 Web package from Simopro Technology is vulnerable to SQL injection due to lack of input validation, enabling unauthorized access to database contents.

Product: Simopro Technology WinMatrix3 Web package

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7201

NVD References:

- https://www.twcert.org.tw/en/cp-139-7961-c575f-2.html

- https://www.twcert.org.tw/tw/cp-132-7960-0ee18-1.html

CVE-2024-7202 - WinMatrix3 Web package from Simopro Technology is vulnerable to unauthenticated SQL injection attacks that can lead to unauthorized access and modification of database data.

Product: Simopro Technology WinMatrix3 Web package

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7202

NVD References:

- https://www.twcert.org.tw/en/cp-139-7963-44648-2.html

- https://www.twcert.org.tw/tw/cp-132-7962-dd216-1.html

CVE-2024-37906 - Admidio before version 4.3.9 is vulnerable to SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file, allowing compromise of the application's database through the `ecard_recipients `POST parameter.

Product: Admidio Application

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37906

NVD References:

- https://github.com/Admidio/admidio/commit/3ff02b0c64a6911ab3e81cd61077f392c0b25248

- https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3

CVE-2024-38529 - Admidio is vulnerable to Remote Code Execution due to lack of file extension verification in the Message module, allowing malicious PHP files to be uploaded and accessed publicly.

Product: Admidio Application

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38529

NVD References:

- https://github.com/Admidio/admidio/commit/3b1cc1cda05747edebe15f2825b79bc5a673d94c

- https://github.com/Admidio/admidio/security/advisories/GHSA-g872-jwwr-vggm

CVE-2024-41702 - SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product: SiberianCMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41702

NVD References: https://www.gov.il/en/Departments/faq/cve_advisories

CVE-2024-22064 - The ZTE ZXUN-ePDG product is vulnerable to information leakage due to its use of non-unique cryptographic keys during secure connections with mobile devices.

Product: ZTE ZXUN-ePDG

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22064

ISC Podcast: https://isc.sans.edu/podcastdetail/9076

CVE-2024-23296 - Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.

Product: Multiple Apple products

CVSS Score: 7.8

** KEV since 2024-03-06 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23296

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27834 - An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

Product: Apple iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27834

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27804 - An app may be able to execute arbitrary code with kernel privileges.

Product: iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27804

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27816 - An attacker may be able to access user data.

Product: iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27816

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27841 - An app may be able to disclose kernel memory.

Product: iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5.

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27841

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27839 - A malicious application may be able to determine a user's current location.

Product: iOS 17.5 and iPadOS 17.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27839

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27818 - An attacker may be able to cause unexpected app termination or arbitrary code execution.

Product: iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27818

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27810 - An app may be able to read sensitive location information.

Product: iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27810

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27852 - A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages.

Product: iOS 17.5 and iPadOS 17.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27852

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27835 - An attacker with physical access to an iOS device may be able to access notes from the lock screen.

Product: iOS 17.5 and iPadOS 17.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27835

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27803 - An attacker with physical access may be able to share items from the lock screen.

Product: iOS 17.5 and iPadOS 17.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27803

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27821 - A shortcut may output sensitive user data without consent.

Product: iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27821

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27847 - An app may be able to bypass Privacy preferences.

Product: iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27847

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27796 - An attacker may be able to elevate privileges.

Product: iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27796

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27789 - An app may be able to access user-sensitive data.

Product: iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Ventura 13.6.7, macOS Sonoma 14.4

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27789

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27837 - A local attacker may gain access to Keychain items.

Product: macOS Sonoma 14.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27837

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27825 - An app may be able to bypass certain Privacy preferences.

Product: macOS Sonoma 14.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27825

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27829 - Processing a file may lead to unexpected app termination or arbitrary code execution.

Product: macOS Sonoma 14.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27829

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-23236 - An app may be able to read arbitrary files.

Product: macOS Sonoma 14.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23236

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27827 - An app may be able to read arbitrary files.

Product: macOS Sonoma 14.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27827

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27822 - An app may be able to gain root privileges.

Product: macOS Sonoma 14.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27822

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27824 - An app may be able to elevate privileges.

Product: macOS Sonoma 14.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27824

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27813 - An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

Product: macOS Sonoma 14.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27813

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27843 - An app may be able to elevate privileges.

Product: macOS Sonoma 14.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27843

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27798 - An attacker may be able to elevate privileges.

Product: macOS Sonoma 14.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27798

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-27842 - An app may be able to execute arbitrary code with kernel privileges.

Product: macOS Sonoma 14.5

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27842

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/

CVE-2024-23229 - A malicious application may be able to access Find My data.

Product: macOS Monterey 12.7.5, macOS Ventura 13.6.5, macOS Sonoma 14.4

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23229

ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/