CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-42854 – Apple Security Advisory 10-25-2023-6
https://notcve.org/view.php?id=CVE-2023-42854
25 Oct 2023 — This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to cause a denial-of-service to Endpoint Security clients. Este problema se solucionó eliminando el código vulnerable. Este problema se solucionó en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. • http://seclists.org/fulldisclosure/2023/Oct/21 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-40413 – Apple Security Advisory 10-25-2023-1
https://notcve.org/view.php?id=CVE-2023-40413
25 Oct 2023 — The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information. El problema se solucionó mejorando el manejo de los cachés. Este problema se solucionó en iOS 17.1 y iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 y iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. • http://seclists.org/fulldisclosure/2023/Oct/19 •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40425 – Apple Security Advisory 10-25-2023-6
https://notcve.org/view.php?id=CVE-2023-40425
25 Oct 2023 — A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.7.1. An app with root privileges may be able to access private information. Se solucionó un problema de privacidad mejorando la redacción de datos privados para las entradas de registro. Este problema se solucionó en macOS Monterey 12.7.1. • http://seclists.org/fulldisclosure/2023/Oct/21 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41077 – Apple Security Advisory 10-25-2023-5
https://notcve.org/view.php?id=CVE-2023-41077
25 Oct 2023 — The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.1. An app may be able to access protected user data. El problema se solucionó con controles mejorados. Este problema se solucionó en macOS Ventura 13.6.1. • http://seclists.org/fulldisclosure/2023/Oct/26 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-42856 – Apple macOS Hydra ABC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-42856
25 Oct 2023 — The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. • http://seclists.org/fulldisclosure/2023/Oct/21 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-42841 – Apple Security Advisory 10-25-2023-1
https://notcve.org/view.php?id=CVE-2023-42841
25 Oct 2023 — The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en macOS Sonoma 14.1, iOS 17.1 y iPadOS 17.1, iOS 16.7.2 y iPadOS 16.7.2, macOS Ventura 13.6.1. • http://seclists.org/fulldisclosure/2023/Oct/19 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-41975 – Apple Security Advisory 10-25-2023-6
https://notcve.org/view.php?id=CVE-2023-41975
25 Oct 2023 — This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access the microphone without the microphone use indicator being shown. Este problema se solucionó eliminando el código vulnerable. Este problema se solucionó en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. • http://seclists.org/fulldisclosure/2023/Oct/21 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-40416 – Apple Security Advisory 10-25-2023-1
https://notcve.org/view.php?id=CVE-2023-40416
25 Oct 2023 — The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. Processing an image may result in disclosure of process memory. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en iOS 17.1 y iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 y iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. • http://seclists.org/fulldisclosure/2023/Oct/19 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40421 – Apple Security Advisory 10-25-2023-6
https://notcve.org/view.php?id=CVE-2023-40421
25 Oct 2023 — A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access sensitive user data. Se solucionó un problema de permisos con restricciones adicionales. Este problema se solucionó en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. • http://seclists.org/fulldisclosure/2023/Oct/21 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40401 – Apple Security Advisory 10-25-2023-5
https://notcve.org/view.php?id=CVE-2023-40401
25 Oct 2023 — The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An attacker may be able to access passkeys without authentication. El problema se solucionó con comprobaciones de permisos adicionales. Este problema se solucionó en macOS Ventura 13.6.1. • http://seclists.org/fulldisclosure/2023/Oct/26 • CWE-306: Missing Authentication for Critical Function •