ISHACK AI BOT

OS X update for AppSandbox (CVE-2024-44135) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected files within an App Sandbox container. Solution(s) apple-osx-upgrade-14_7 apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-44135 CVE - 2024-44135 https://support.apple.com/en-us/121238 https://support.apple.com/en-us/121247

OS X update for AppleVA (CVE-2024-27861) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory. Solution(s) apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-27861 CVE - 2024-27861 https://support.apple.com/en-us/121238

OS X update for AppleVA (CVE-2024-27860) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory. Solution(s) apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-27860 CVE - 2024-27860 https://support.apple.com/en-us/121238

OS X update for AppleMobileFileIntegrity (CVE-2024-40837) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data. Solution(s) apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-40837 CVE - 2024-40837 https://support.apple.com/en-us/121238

OS X update for ArchiveService (CVE-2024-44132) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox. Solution(s) apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-44132 CVE - 2024-44132 https://support.apple.com/en-us/121238

OS X update for AppleGraphicsControl (CVE-2024-44154) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted file may lead to unexpected app termination. Solution(s) apple-osx-upgrade-14_7 apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-44154 CVE - 2024-44154 https://support.apple.com/en-us/121238 https://support.apple.com/en-us/121247

OS X update for AppleMobileFileIntegrity (CVE-2024-44164) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:N) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to bypass Privacy preferences. Solution(s) apple-osx-upgrade-13_7 apple-osx-upgrade-14_7 apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-44164 CVE - 2024-44164 https://support.apple.com/en-us/121234 https://support.apple.com/en-us/121238 https://support.apple.com/en-us/121247

OS X update for AppleMobileFileIntegrity (CVE-2024-44168) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system. Solution(s) apple-osx-upgrade-13_7 apple-osx-upgrade-14_7 apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-44168 CVE - 2024-44168 https://support.apple.com/en-us/121234 https://support.apple.com/en-us/121238 https://support.apple.com/en-us/121247

OS X update for AppleGraphicsControl (CVE-2024-40845) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app termination. Solution(s) apple-osx-upgrade-14_7 apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-40845 CVE - 2024-40845 https://support.apple.com/en-us/121238 https://support.apple.com/en-us/121247

OS X update for Installer (CVE-2024-40861) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges. Solution(s) apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-40861 CVE - 2024-40861 https://support.apple.com/en-us/121238

OS X update for Kernel (CVE-2024-44191) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. An app may gain unauthorized access to Bluetooth. Solution(s) apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-44191 CVE - 2024-44191 https://support.apple.com/en-us/121238

OS X update for Maps (CVE-2024-44181) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read sensitive location information. Solution(s) apple-osx-upgrade-13_7 apple-osx-upgrade-14_7 apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-44181 CVE - 2024-44181 https://support.apple.com/en-us/121234 https://support.apple.com/en-us/121238 https://support.apple.com/en-us/121247

Apple Safari security update for CVE-2024-40866 Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 09/17/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing. Solution(s) apple-safari-upgrade-18 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2024-40866 CVE - 2024-40866 http://support.apple.com/en-us/121241

OS X update for System Settings (CVE-2024-44152) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data. Solution(s) apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-44152 CVE - 2024-44152 https://support.apple.com/en-us/121238

OS X update for Wi-Fi (CVE-2024-40856) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, tvOS 18, macOS Sequoia 15. An attacker may be able to force a device to disconnect from a secure network. Solution(s) apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-40856 CVE - 2024-40856 https://support.apple.com/en-us/121238

Red Hat: CVE-2024-45769: pcp: pmcd heap corruption through metric pmstore operations (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/17/2024 Created 09/20/2024 Added 09/20/2024 Modified 11/13/2024 Description A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash. Solution(s) redhat-upgrade-pcp redhat-upgrade-pcp-conf redhat-upgrade-pcp-debuginfo redhat-upgrade-pcp-debugsource redhat-upgrade-pcp-devel redhat-upgrade-pcp-devel-debuginfo redhat-upgrade-pcp-doc redhat-upgrade-pcp-export-pcp2elasticsearch redhat-upgrade-pcp-export-pcp2graphite redhat-upgrade-pcp-export-pcp2influxdb redhat-upgrade-pcp-export-pcp2json redhat-upgrade-pcp-export-pcp2openmetrics redhat-upgrade-pcp-export-pcp2spark redhat-upgrade-pcp-export-pcp2xml redhat-upgrade-pcp-export-pcp2zabbix redhat-upgrade-pcp-export-zabbix-agent redhat-upgrade-pcp-export-zabbix-agent-debuginfo redhat-upgrade-pcp-geolocate redhat-upgrade-pcp-gui redhat-upgrade-pcp-gui-debuginfo redhat-upgrade-pcp-import-collectl2pcp redhat-upgrade-pcp-import-collectl2pcp-debuginfo redhat-upgrade-pcp-import-ganglia2pcp redhat-upgrade-pcp-import-iostat2pcp redhat-upgrade-pcp-import-mrtg2pcp redhat-upgrade-pcp-import-sar2pcp redhat-upgrade-pcp-libs redhat-upgrade-pcp-libs-debuginfo redhat-upgrade-pcp-libs-devel redhat-upgrade-pcp-pmda-activemq redhat-upgrade-pcp-pmda-apache redhat-upgrade-pcp-pmda-apache-debuginfo redhat-upgrade-pcp-pmda-bash redhat-upgrade-pcp-pmda-bash-debuginfo redhat-upgrade-pcp-pmda-bcc redhat-upgrade-pcp-pmda-bind2 redhat-upgrade-pcp-pmda-bonding redhat-upgrade-pcp-pmda-bpf redhat-upgrade-pcp-pmda-bpf-debuginfo redhat-upgrade-pcp-pmda-bpftrace redhat-upgrade-pcp-pmda-cifs redhat-upgrade-pcp-pmda-cifs-debuginfo redhat-upgrade-pcp-pmda-cisco redhat-upgrade-pcp-pmda-cisco-debuginfo redhat-upgrade-pcp-pmda-dbping redhat-upgrade-pcp-pmda-denki redhat-upgrade-pcp-pmda-denki-debuginfo redhat-upgrade-pcp-pmda-dm redhat-upgrade-pcp-pmda-dm-debuginfo redhat-upgrade-pcp-pmda-docker redhat-upgrade-pcp-pmda-docker-debuginfo redhat-upgrade-pcp-pmda-ds389 redhat-upgrade-pcp-pmda-ds389log redhat-upgrade-pcp-pmda-elasticsearch redhat-upgrade-pcp-pmda-farm redhat-upgrade-pcp-pmda-farm-debuginfo redhat-upgrade-pcp-pmda-gfs2 redhat-upgrade-pcp-pmda-gfs2-debuginfo redhat-upgrade-pcp-pmda-gluster redhat-upgrade-pcp-pmda-gpfs redhat-upgrade-pcp-pmda-gpsd redhat-upgrade-pcp-pmda-hacluster redhat-upgrade-pcp-pmda-hacluster-debuginfo redhat-upgrade-pcp-pmda-haproxy redhat-upgrade-pcp-pmda-infiniband redhat-upgrade-pcp-pmda-infiniband-debuginfo redhat-upgrade-pcp-pmda-json redhat-upgrade-pcp-pmda-libvirt redhat-upgrade-pcp-pmda-lio redhat-upgrade-pcp-pmda-lmsensors redhat-upgrade-pcp-pmda-logger redhat-upgrade-pcp-pmda-logger-debuginfo redhat-upgrade-pcp-pmda-lustre redhat-upgrade-pcp-pmda-lustrecomm redhat-upgrade-pcp-pmda-lustrecomm-debuginfo redhat-upgrade-pcp-pmda-mailq redhat-upgrade-pcp-pmda-mailq-debuginfo redhat-upgrade-pcp-pmda-memcache redhat-upgrade-pcp-pmda-mic redhat-upgrade-pcp-pmda-mongodb redhat-upgrade-pcp-pmda-mounts redhat-upgrade-pcp-pmda-mounts-debuginfo redhat-upgrade-pcp-pmda-mssql redhat-upgrade-pcp-pmda-mysql redhat-upgrade-pcp-pmda-named redhat-upgrade-pcp-pmda-netcheck redhat-upgrade-pcp-pmda-netfilter redhat-upgrade-pcp-pmda-news redhat-upgrade-pcp-pmda-nfsclient redhat-upgrade-pcp-pmda-nginx redhat-upgrade-pcp-pmda-nvidia-gpu redhat-upgrade-pcp-pmda-nvidia-gpu-debuginfo redhat-upgrade-pcp-pmda-openmetrics redhat-upgrade-pcp-pmda-openvswitch redhat-upgrade-pcp-pmda-oracle redhat-upgrade-pcp-pmda-pdns redhat-upgrade-pcp-pmda-perfevent redhat-upgrade-pcp-pmda-perfevent-debuginfo redhat-upgrade-pcp-pmda-podman redhat-upgrade-pcp-pmda-podman-debuginfo redhat-upgrade-pcp-pmda-postfix redhat-upgrade-pcp-pmda-postgresql redhat-upgrade-pcp-pmda-rabbitmq redhat-upgrade-pcp-pmda-redis redhat-upgrade-pcp-pmda-resctrl redhat-upgrade-pcp-pmda-resctrl-debuginfo redhat-upgrade-pcp-pmda-roomtemp redhat-upgrade-pcp-pmda-roomtemp-debuginfo redhat-upgrade-pcp-pmda-rsyslog redhat-upgrade-pcp-pmda-samba redhat-upgrade-pcp-pmda-sendmail redhat-upgrade-pcp-pmda-sendmail-debuginfo redhat-upgrade-pcp-pmda-shping redhat-upgrade-pcp-pmda-shping-debuginfo redhat-upgrade-pcp-pmda-slurm redhat-upgrade-pcp-pmda-smart redhat-upgrade-pcp-pmda-smart-debuginfo redhat-upgrade-pcp-pmda-snmp redhat-upgrade-pcp-pmda-sockets redhat-upgrade-pcp-pmda-sockets-debuginfo redhat-upgrade-pcp-pmda-statsd redhat-upgrade-pcp-pmda-statsd-debuginfo redhat-upgrade-pcp-pmda-summary redhat-upgrade-pcp-pmda-summary-debuginfo redhat-upgrade-pcp-pmda-systemd redhat-upgrade-pcp-pmda-systemd-debuginfo redhat-upgrade-pcp-pmda-trace redhat-upgrade-pcp-pmda-trace-debuginfo redhat-upgrade-pcp-pmda-unbound redhat-upgrade-pcp-pmda-uwsgi redhat-upgrade-pcp-pmda-weblog redhat-upgrade-pcp-pmda-weblog-debuginfo redhat-upgrade-pcp-pmda-zimbra redhat-upgrade-pcp-pmda-zimbra-debuginfo redhat-upgrade-pcp-pmda-zswap redhat-upgrade-pcp-selinux redhat-upgrade-pcp-system-tools redhat-upgrade-pcp-system-tools-debuginfo redhat-upgrade-pcp-testsuite redhat-upgrade-pcp-testsuite-debuginfo redhat-upgrade-pcp-zeroconf redhat-upgrade-perl-pcp-logimport redhat-upgrade-perl-pcp-logimport-debuginfo redhat-upgrade-perl-pcp-logsummary redhat-upgrade-perl-pcp-mmv redhat-upgrade-perl-pcp-mmv-debuginfo redhat-upgrade-perl-pcp-pmda redhat-upgrade-perl-pcp-pmda-debuginfo redhat-upgrade-python3-pcp redhat-upgrade-python3-pcp-debuginfo References CVE-2024-45769 RHSA-2024:6837 RHSA-2024:6844 RHSA-2024:6847 RHSA-2024:6848 RHSA-2024:9452

OS X update for Notification Center (CVE-2024-40838) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/30/2025 Description A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user's device. Solution(s) apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-40838 CVE - 2024-40838 https://support.apple.com/en-us/121238

Aruba AOS-8: CVE-2024-42501: Authenticated Path Traversal Vulnerability Leads to a Remote Command Execution (RCE) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 09/17/2024 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants. Solution(s) aruba-aos-8-cve-2024-42501 References https://attackerkb.com/topics/cve-2024-42501 CVE - 2024-42501 https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04709.json

OS X update for NSColor (CVE-2024-44186) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data. Solution(s) apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-44186 CVE - 2024-44186 https://support.apple.com/en-us/121238

Aruba AOS-10: CVE-2024-42502: Authenticated Remote Command Execution (RCE) Vulnerability in the AOS Command Line Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 09/17/2024 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system. Solution(s) aruba-aos-10-cve-2024-42502 References https://attackerkb.com/topics/cve-2024-42502 CVE - 2024-42502 https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04709.json

OS X update for Dock (CVE-2024-44177) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description A privacy issue was addressed by removing sensitive data. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data. Solution(s) apple-osx-upgrade-13_7 apple-osx-upgrade-14_7 apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-44177 CVE - 2024-44177 https://support.apple.com/en-us/121234 https://support.apple.com/en-us/121238 https://support.apple.com/en-us/121247

OS X update for IOSurfaceAccelerator (CVE-2024-44169) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination. Solution(s) apple-osx-upgrade-13_7 apple-osx-upgrade-14_7 apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-44169 CVE - 2024-44169 https://support.apple.com/en-us/121234 https://support.apple.com/en-us/121238 https://support.apple.com/en-us/121247

OS X update for AppSandbox (CVE-2024-27795) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet. Solution(s) apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-27795 CVE - 2024-27795 https://support.apple.com/en-us/121238

Atlassian Bitbucket (CVE-2024-34750): DoS (Denial of Service) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/17/2024 Created 11/21/2024 Added 11/14/2024 Modified 12/13/2024 Description This High severity org.apache.tomcat.embed:tomcat-embed-core Dependency vulnerability was introduced in versions 8.9.0 and 8.19.0 of Bitbucket Data Center and Server. This org.apache.tomcat.embed:tomcat-embed-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has no impact to confidentiality, no impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.18 * Bitbucket Data Center and Server 8.19: Upgrade to a release greater than or equal to 8.19.7 Data Center |Affected versions|Fixed Versions| |from 8.19.0 to 8.19.6|8.19.7| |from 8.9.0 to 8.9.17|8.19.7 or 8.9.18| |Any earlier versions|8.19.7 or 8.9.18| Server |Affected versions|Fixed Versions| |from 8.9.0 to 8.9.17|8.9.18| |Any earlier versions|8.9.18| See the release notes (https://confluence.atlassian.com/bitbucketserver/release-notes). You can download the latest version of Bitbucket Data Center and Server from the download center (https://www.atlassian.com/software/bitbucket/download-archives). The National Vulnerability Database provides the following description for this vulnerability: Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue. Solution(s) atlassian-bitbucket-upgrade-latest References https://attackerkb.com/topics/cve-2024-34750 CVE - 2024-34750 https://jira.atlassian.com/browse/BSERV-19570

OS X update for Printing (CVE-2024-40826) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:P/A:N) Published 09/17/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview. Solution(s) apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-40826 CVE - 2024-40826 https://support.apple.com/en-us/121238