CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-38610
https://notcve.org/view.php?id=CVE-2023-38610
10 Jan 2024 — A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory. Se solucionó un problema de corrupción de memoria eliminando el código vulnerable. Este problema se solucionó en macOS Sonoma 14, iOS 17 y iPadOS 17. • https://support.apple.com/en-us/HT213938 • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42940 – Apple Security Advisory 12-19-2023-1
https://notcve.org/view.php?id=CVE-2023-42940
19 Dec 2023 — A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content. Se solucionó un problema de representación de sesiones con un seguimiento de sesiones mejorado. Este problema se solucionó en macOS Sonoma 14.2.1. • http://seclists.org/fulldisclosure/2023/Dec/20 •
CVSS: 5.9EPSS: 56%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-42891 – Apple Security Advisory 12-11-2023-6
https://notcve.org/view.php?id=CVE-2023-42891
12 Dec 2023 — An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to monitor keystrokes without user permission. Se solucionó un problema de autenticación con una gestión de estado mejorada. Este problema se solucionó en macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. • http://seclists.org/fulldisclosure/2023/Dec/10 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42901 – Apple Security Advisory 12-11-2023-4
https://notcve.org/view.php?id=CVE-2023-42901
12 Dec 2023 — Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. Se abordaron múltiples problemas de corrupción de memoria con una validación de entrada mejorada. Este problema se solucionó en macOS Sonoma 14.2. • http://seclists.org/fulldisclosure/2023/Dec/9 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42900 – Apple Security Advisory 12-11-2023-4
https://notcve.org/view.php?id=CVE-2023-42900
12 Dec 2023 — The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data. El problema se solucionó con controles mejorados. Este problema se solucionó en macOS Sonoma 14.2. • http://seclists.org/fulldisclosure/2023/Dec/9 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-42886 – Apple Security Advisory 12-11-2023-6
https://notcve.org/view.php?id=CVE-2023-42886
12 Dec 2023 — An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. A user may be able to cause unexpected app termination or arbitrary code execution. Se solucionó una lectura fuera de los límites con una verificación de los límites mejorada. Este problema se solucionó en macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. • http://seclists.org/fulldisclosure/2023/Dec/10 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2023-42890 – webkitgtk: processing malicious web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-42890
12 Dec 2023 — The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 y iPadOS 17.2, tvOS 17.2. • http://seclists.org/fulldisclosure/2023/Dec/12 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42874 – Apple Security Advisory 12-11-2023-4
https://notcve.org/view.php?id=CVE-2023-42874
12 Dec 2023 — This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard. Se abordó un problema lógico con una mejor gestión del estado. Este problema se solucionó en macOS Sonoma 14.2. • http://seclists.org/fulldisclosure/2023/Dec/9 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42907 – Apple Security Advisory 12-11-2023-4
https://notcve.org/view.php?id=CVE-2023-42907
12 Dec 2023 — Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. Se abordaron múltiples problemas de corrupción de memoria con una validación de entrada mejorada. Este problema se solucionó en macOS Sonoma 14.2. • http://seclists.org/fulldisclosure/2023/Dec/9 • CWE-787: Out-of-bounds Write •