Security Vulnerabilities - CVEs Published In July 2024
Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the cmdagent executable. By creating a symbolic link, an attacker can abuse the agent to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22831.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-07-29
Comodo Internet Security Pro Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the update mechanism. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-19055.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-07-29
Comodo Firewall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the cmdagent executable. By creating a symbolic link, an attacker can abuse the application to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21794.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-07-29
A race condition was addressed with improved state handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.
CVSS Score
7.0
EPSS Score
0.0
Published
2024-07-29
The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to execute arbitrary code with kernel privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-07-29
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.4, macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A sandboxed process may be able to circumvent sandbox restrictions.
CVSS Score
8.8
EPSS Score
0.0
Published
2024-07-29
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions.
CVSS Score
6.3
EPSS Score
0.0
Published
2024-07-29
The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access Notes attachments.
CVSS Score
3.3
EPSS Score
0.0
Published
2024-07-29
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14. An app may be able to read sensitive location information.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-07-29
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14. A Wi-Fi password may not be deleted when activating a Mac in macOS Recovery.
CVSS Score
3.3
EPSS Score
0.0
Published
2024-07-29