Security Vulnerabilities - CVEs Published In July 2024
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14. A Wi-Fi password may not be deleted when activating a Mac in macOS Recovery.
CVSS Score
3.3
EPSS Score
0.002
Published
2024-07-29
This issue was addressed with improved data protection. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to access edited photos saved to a temporary directory.
CVSS Score
3.3
EPSS Score
0.001
Published
2024-07-29
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10. An app may be able to read sensitive location information.
CVSS Score
3.3
EPSS Score
0.001
Published
2024-07-29
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.4. An app may be able to gain elevated privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-07-29
A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the `dangerouslySetInnerHTML` function in React, which is susceptible to XSS attacks. An attacker can exploit this vulnerability by injecting malicious scripts into the logs, which will be executed when a user views the logs-tab.
CVSS Score
7.2
EPSS Score
0.003
Published
2024-07-29
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers can upload files at an arbitrary path.
CVSS Score
7.5
EPSS Score
0.005
Published
2024-07-29
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-07-29
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php.
CVSS Score
8.8
EPSS Score
0.009
Published
2024-07-29
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php.
CVSS Score
9.8
EPSS Score
0.009
Published
2024-07-29
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-07-29