CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-23207 |
Description: This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to access sensitive user data.
EPSS Score: 0.07%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-23206 |
Description: An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user.
EPSS Score: 0.17%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-23205 |
Description: A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access sensitive user data.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-23204 |
Description: The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.
EPSS Score: 0.16%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-23203 |
Description: The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.
EPSS Score: 0.14%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-23201 |
Description: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.4, watchOS 10.3, tvOS 17.3, macOS Ventura 13.6.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. An app may be able to cause a denial-of-service.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-23193 |
Description: E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation requires good timing and modification of multiple request parameters. Please deploy the provided updates and patch releases. The cache for PDF exports now takes user session information into consideration when performing authorization decisions. No publicly available exploits are known.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-23188 |
Description: Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding attachment information to the web interface. No publicly available exploits are known.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-23187 |
Description: Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please deploy the provided updates and patch releases. CID replacement has been hardened to omit invalid identifiers. No publicly available exploits are known.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-23186 |
Description: E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding displayname information to the web interface. No publicly available exploits are known.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|