CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40435 – Apple Security Advisory 09-26-2023-6
https://notcve.org/view.php?id=CVE-2023-40435
26 Sep 2023 — This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials. Este problema se solucionó habilitando el tiempo de ejecución reforzado. Este problema se solucionó en Xcode 15. • http://seclists.org/fulldisclosure/2023/Oct/7 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-40391 – Apple Security Advisory 09-26-2023-9
https://notcve.org/view.php?id=CVE-2023-40391
26 Sep 2023 — The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en tvOS 17, iOS 17 y iPadOS 17, macOS Sonoma 14, Xcode 15. • http://seclists.org/fulldisclosure/2023/Oct/10 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-32396 – Apple Security Advisory 09-26-2023-8
https://notcve.org/view.php?id=CVE-2023-32396
26 Sep 2023 — This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges. Este problema se solucionó con controles mejorados. Este problema se solucionó en Xcode 15, tvOS 17, watchOS 10, iOS 17 y iPadOS 17, macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/10 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32920
https://notcve.org/view.php?id=CVE-2022-32920
06 Sep 2023 — The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information. El problema se solucionó con comprobaciones mejoradas. Este problema se ha solucionado en Xcode 14.0. • https://support.apple.com/en-us/HT213883 •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27945 – Apple Security Advisory 2023-05-18-4
https://notcve.org/view.php?id=CVE-2023-27945
08 May 2023 — This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A sandboxed app may be able to collect system logs. macOS Monterey 12.6.6 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213679 • CWE-125: Out-of-bounds Read •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27967
https://notcve.org/view.php?id=CVE-2023-27967
08 May 2023 — The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. • https://support.apple.com/en-us/HT213679 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42797 – Apple Security Advisory 2022-11-01-1
https://notcve.org/view.php?id=CVE-2022-42797
08 Nov 2022 — An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges. Xcode 14.1 addresses code execution vulnerabilities. • https://support.apple.com/en-us/HT213496 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 2CVE-2022-39253 – Git subject to exposure of sensitive information via local clone of symbolic links
https://notcve.org/view.php?id=CVE-2022-39253
18 Oct 2022 — Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via... • https://github.com/ssst0n3/docker-cve-2022-39253-poc • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 2%CPEs: 14EXPL: 0CVE-2022-39260 – Git vulnerable to Remote Code Execution via Heap overflow in `git shell`
https://notcve.org/view.php?id=CVE-2022-39260
18 Oct 2022 — Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Beca... • http://seclists.org/fulldisclosure/2022/Nov/1 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-29187 – Bypass of safe.directory protections in Git
https://notcve.org/view.php?id=CVE-2022-29187
12 Jul 2022 — Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch fo... • http://seclists.org/fulldisclosure/2022/Nov/1 • CWE-282: Improper Ownership Management CWE-427: Uncontrolled Search Path Element •