Szolgáltatóknak

The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.

The affected product sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so. This could serve as a backdoor and lead to a malicious actor...

Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud.

The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the service communications.

In its default configuration, the affected product transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of...

The vulnerability allows an unauthenticated attacker to access information in PAM database.

An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request.

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address.

A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server.

An improper input validation the CSRF filter results in unsanitized user input written to the application logs.