Topic

Mac

A collection of 49 issues

CVE-2022-20662 An attacker with physical access to Duo could bypass authentication.

Cisco has assigned this vulnerability the identifier Cisco IOS Software Security Advisory: Cisco Duo Mac OS X Vulnerability (CSC:H10786). Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. However, mitigations exist to limit the impact of this vulnerability. To help limit

CVE-2022-3201 In past DevTools, an attacker could convince a user to install a malicious extension, which could bypass navigation restrictions.

This issue was addressed by disabling installation of extensions from non-trusted sources such as the Chrome Web Store. We also enabled a warning message when attempting to install a malicious extension from an unknown source. An attacker who convinced a user to install a malicious extension from an unknown source

CVE-2022-38433 Adobe Photoshop versions 22.5.8 and earlier are affected by a Heap-based Buffer Overflow that could result in arbitrary code execution in the context of the current user.

On Mac OS X systems, the GoToMeeting application is prone to a Critical Vulnerability due to insecure use of HTTP proxies. A maliciously-crafted HTTP proxy request could be used to cause a crash or potentially execute arbitrary code with system privileges. Adobe recommends application users take the following precautions to

CVE-2022-38410 Adobe Illustrator versions 26.4 and earlier are affected by an out-of-bounds read vulnerability that could reveal sensitive memory.

In addition, Adobe applications are affected if they are installed on an affected version. Adobe Acrobat Reader versions earlier than 11.0 are affected if installed on an affected version. Adobe XMP Panels version earlier than 3.2 are affected if installed on an affected version. Adobe Connect versions earlier

CVE-2022-37957 Windows Kernel Elevation of Privilege Vulnerability

This issue was independently identified and confirmed by Intel, AMD, and ARM vendors. This issue does not apply to systems with hypervisors. A local user with a privileged account could use a privileged process to cause an out-of-bounds write, resulting in privilege escalation. An attacker could exploit these issues to

CVE-2022-35834 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability

This issue was publicly discovered on February 24, 2019. It is possible that a malicious user/process could send SQL statements to the SQL Server service that could be executed by a privileged user account. It is also possible that a malicious user/process could send SQL statements to the

CVE-2022-34721 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

This vulnerability is due to a logic flaw in the implementation of IKEv2. It could be exploited remotely via a man-in-the-middle (MitM) attack. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected device. The attacker could exploit this vulnerability to execute remote code on the

CVE-2022-37835 Torguard has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges.

The issue was discovered by researchers at Cisco Talos, and it affects all versions of Torguard, including the Windows and Mac versions. Depending on the settings of the server, this vulnerability could allow an attacker to read the contents of the server’s memory, obtain the server’s encryption keys,

CVE-2022-40323 SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241.

This was addressed in 22.1.66.13 and later. Cisco WebEx Teams does not support the use of XSS in any of its components. CVE-2023-40324 This was addressed in 23.1.66.13 and later. Cisco WebEx Teams does not support the use of XML external entities (XXE) in

CVE-2022-39832 An issue was discovered in PSPP 1.6.2

There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. It was discovered that there is a heap-based buffer overflow at the Parse data_in_bytes function in