Security Vulnerabilities - CVEs Published In May 2024
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker may be able to access user data.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-05-14
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to elevate privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-05-14
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5. An attacker may be able to elevate privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-05-14
A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen.
CVSS Score
2.4
EPSS Score
0.0
Published
2024-05-14
The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows. Parsing a file may lead to an unexpected app termination or arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.004
Published
2024-05-14
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Ventura 13.6.7, macOS Sonoma 14.4. An app may be able to access user-sensitive data.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-05-14
Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by validating transactions before replying to client requests.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-05-14
A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below.
CVSS Score
6.7
EPSS Score
0.025
Published
2024-05-14
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2
This reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always move
on same heap. The basic problem here is that after the move the old
location is simply not available any more.
Some fixes were suggested, but essentially we should call the move
notification before actually moving things because only this way we have
the correct order for DMA-buf and VM move notifications as well.
Also rework the statistic handling so that we don't update the eviction
counter before the move.
v2: add missing NULL check
CVSS Score
5.5
EPSS Score
0.0
Published
2024-05-14
In the Linux kernel, the following vulnerability has been resolved:
firewire: nosy: ensure user_length is taken into account when fetching packet contents
Ensure that packet_buffer_get respects the user_length provided. If
the length of the head packet exceeds the user_length, packet_buffer_get
will now return 0 to signify to the user that no data were read
and a larger buffer size is required. Helps prevent user space overflows.
CVSS Score
7.1
EPSS Score
0.0
Published
2024-05-14