CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48618 – Apple Multiple Products Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2022-48618
09 Jan 2024 — The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1. El problema se solucionó con controles mejorados. • https://support.apple.com/en-us/HT213530 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42940 – Apple Security Advisory 12-19-2023-1
https://notcve.org/view.php?id=CVE-2023-42940
19 Dec 2023 — A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content. Se solucionó un problema de representación de sesiones con un seguimiento de sesiones mejorado. Este problema se solucionó en macOS Sonoma 14.2.1. • http://seclists.org/fulldisclosure/2023/Dec/20 •
CVSS: 5.9EPSS: 74%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-40446
https://notcve.org/view.php?id=CVE-2023-40446
12 Dec 2023 — The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing maliciously crafted input may lead to arbitrary code execution in user-installed apps. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en macOS Monterey 12.7.1, iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1. • https://support.apple.com/en-us/HT213981 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-42891 – Apple Security Advisory 12-11-2023-6
https://notcve.org/view.php?id=CVE-2023-42891
12 Dec 2023 — An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to monitor keystrokes without user permission. Se solucionó un problema de autenticación con una gestión de estado mejorada. Este problema se solucionó en macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. • http://seclists.org/fulldisclosure/2023/Dec/10 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42901 – Apple Security Advisory 12-11-2023-4
https://notcve.org/view.php?id=CVE-2023-42901
12 Dec 2023 — Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. Se abordaron múltiples problemas de corrupción de memoria con una validación de entrada mejorada. Este problema se solucionó en macOS Sonoma 14.2. • http://seclists.org/fulldisclosure/2023/Dec/9 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42900 – Apple Security Advisory 12-11-2023-4
https://notcve.org/view.php?id=CVE-2023-42900
12 Dec 2023 — The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data. El problema se solucionó con controles mejorados. Este problema se solucionó en macOS Sonoma 14.2. • http://seclists.org/fulldisclosure/2023/Dec/9 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-42886 – Apple Security Advisory 12-11-2023-6
https://notcve.org/view.php?id=CVE-2023-42886
12 Dec 2023 — An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. A user may be able to cause unexpected app termination or arbitrary code execution. Se solucionó una lectura fuera de los límites con una verificación de los límites mejorada. Este problema se solucionó en macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. • http://seclists.org/fulldisclosure/2023/Dec/10 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-42890 – webkitgtk: processing malicious web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-42890
12 Dec 2023 — The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 y iPadOS 17.2, tvOS 17.2. • http://seclists.org/fulldisclosure/2023/Dec/12 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42874 – Apple Security Advisory 12-11-2023-4
https://notcve.org/view.php?id=CVE-2023-42874
12 Dec 2023 — This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard. Se abordó un problema lógico con una mejor gestión del estado. Este problema se solucionó en macOS Sonoma 14.2. • http://seclists.org/fulldisclosure/2023/Dec/9 •