Security Vulnerabilities - CVEs Published In May 2024
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.
We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
CVSS Score
9.0
EPSS Score
0.736
Published
2024-05-14
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-05-14
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to elevate privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-05-14
This issue was addressed with improved checks This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to bypass Privacy preferences.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-05-14
A privacy issue was addressed with improved client ID handling for alternative app marketplaces. This issue is fixed in iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-05-14
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen.
CVSS Score
2.4
EPSS Score
0.001
Published
2024-05-14
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items.
CVSS Score
3.3
EPSS Score
0.001
Published
2024-05-14
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location.
CVSS Score
3.3
EPSS Score
0.001
Published
2024-05-14
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory.
CVSS Score
5.5
EPSS Score
0.002
Published
2024-05-14
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to bypass certain Privacy preferences.
CVSS Score
7.1
EPSS Score
0.0
Published
2024-05-14