CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2023-42839
https://notcve.org/view.php?id=CVE-2023-42839
21 Feb 2024 — This issue was addressed with improved state management. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data. Esta cuestión se abordó con una mejor gestión de estado. Este problema se solucionó en tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 y iPadOS 17.1. • https://support.apple.com/en-us/HT213982 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-42946
https://notcve.org/view.php?id=CVE-2023-42946
21 Feb 2024 — This issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to leak sensitive user information. Este problema se solucionó mejorando la redacción de información confidencial. Este problema se solucionó en tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 y iPadOS 17.1. • https://support.apple.com/en-us/HT213982 •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2023-42843 – webkit: visiting a malicious website may lead to address bar spoofing
https://notcve.org/view.php?id=CVE-2023-42843
21 Feb 2024 — An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing. Se solucionó un problema de interfaz de usuario inconsistente con una gestión de estado mejorada. Este problema se solucionó en iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. • http://www.openwall.com/lists/oss-security/2024/03/26/1 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.2EPSS: 0%CPEs: 7EXPL: 0CVE-2023-42834
https://notcve.org/view.php?id=CVE-2023-42834
21 Feb 2024 — A privacy issue was addressed with improved handling of files. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data. Se solucionó un problema de privacidad mejorando el manejo de archivos. Este problema se solucionó en watchOS 10.1, macOS Sonoma 14.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.1 y iPadOS 17.1. • https://support.apple.com/en-us/HT213982 •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-42928
https://notcve.org/view.php?id=CVE-2023-42928
21 Feb 2024 — The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.1 and iPadOS 17.1. An app may be able to gain elevated privileges. El problema se solucionó con comprobaciones de los límites mejoradas. Este problema se solucionó en iOS 17.1 y iPadOS 17.1. • https://support.apple.com/en-us/HT213982 •
CVSS: 7.8EPSS: 80%CPEs: 444EXPL: 14CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 42%CPEs: 2EXPL: 1CVE-2017-8665 – Xamarin Studio for Mac 6.2.1 (build 3) / 6.3 (build 863) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-8665
14 Aug 2017 — The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege Vulnerability." El componente de actualización Xamarin.iOS en sistemas con macOS permite que un atacante ejecute código arbitrario como root. Esto también se conoce como "Xamarin.iOS Elevation Of Privilege Vulnerability". • https://www.exploit-db.com/exploits/42454 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 252EXPL: 0CVE-2004-0081
https://notcve.org/view.php?id=CVE-2004-0081
18 Mar 2004 — OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. OpenSSL 0.9.6 anteriores a la 0.9.6d no manejan adecuadamente los tipos de mensajes desconocidos, lo que permite a atacantes remotos causar una denegación de servicios (por bucle infinito), como se demuestra utilizando la herramienta de testeo Codenomicon TLS. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt •
CVSS: 7.5EPSS: 0%CPEs: 245EXPL: 0CVE-2004-0112
https://notcve.org/view.php?id=CVE-2004-0112
17 Mar 2004 — The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. El código que une SSL/TLS en OpenSSL 0.9.7a, 0.9.7b y 0.9.7c, usando Kerberos, no comprueba adecuadamente la longitud de los tickets de Kerberos, lo que permite que atacantes remotos provoquen una dene... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 252EXPL: 0CVE-2004-0079
https://notcve.org/view.php?id=CVE-2004-0079
17 Mar 2004 — The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. La función do_change_cipher_spec en OpenSSL 0.9.6c hasta 0.9.6.k y 0.9.7a hasta 0.9.7c permite que atacantes remotos provoquen una denegación de servicio (caída) mediante una hábil unión SSL/TLS que provoca un puntero nulo. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc • CWE-476: NULL Pointer Dereference •