CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-38605
https://notcve.org/view.php?id=CVE-2023-38605
06 Sep 2023 — This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location. Este problema se solucionó mejorando la redacción de información sensible. Este problema se solucionó en macOS Ventura 13.5. • https://support.apple.com/en-us/HT213843 •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-40392
https://notcve.org/view.php?id=CVE-2023-40392
06 Sep 2023 — A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information. Se solucionó un problema de privacidad mejorando la redacción de datos privados para las entradas de registro. Este problema se solucionó en macOS Ventura 13.5. • https://support.apple.com/en-us/HT213843 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48503 – webkitgtk: improper bounds checking leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-48503
14 Aug 2023 — The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution. El problema se solucionó con comprobaciones de límites mejoradas. Este problema se ha solucionado en tvOS 15.6, watchOS 8.7, iOS 15.6, iPadOS 15.6, macOS Monterey 12.5 and Safari 15.6. • https://support.apple.com/en-us/HT213340 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46725 – webkitgtk: Visiting a malicious website may lead to address bar spoofing.
https://notcve.org/view.php?id=CVE-2022-46725
14 Aug 2023 — A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing. Existía un problema de suplantación de identidad en el tratamiento de las URL. • http://www.openwall.com/lists/oss-security/2023/11/15/1 • CWE-20: Improper Input Validation •
CVSS: 2.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46724
https://notcve.org/view.php?id=CVE-2022-46724
14 Aug 2023 — This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lock screen. Este problema se solucionó restringiendo las opciones ofrecidas en un dispositivo bloqueado. Este problema se ha solucionado en iOS 16.4 y iPadOS 16.4. • https://support.apple.com/en-us/HT213676 • CWE-203: Observable Discrepancy •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-28198 – Apple Safari DFG Fixup Phase Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-28198
04 Aug 2023 — A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. Se ha solucionado un problema de use-after-free con una mejora en la gestión de memoria. Este problema se ha solucionado en iOS 16.4 y iPadOS 16.4, macOS Ventura 13.3. • http://www.openwall.com/lists/oss-security/2023/09/11/1 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-37285
https://notcve.org/view.php?id=CVE-2023-37285
28 Jul 2023 — An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/HT213842 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-38598
https://notcve.org/view.php?id=CVE-2023-38598
28 Jul 2023 — A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/HT213841 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-38604
https://notcve.org/view.php?id=CVE-2023-38604
28 Jul 2023 — An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/HT213841 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-38599 – webkitgtk: track sensitive user information
https://notcve.org/view.php?id=CVE-2023-38599
28 Jul 2023 — A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information. A flaw was found in WebKitGTK, which exists due to a logic issue in WebKit related to a user's privacy. A remote attacker may be able to track sensitive user information. • http://www.openwall.com/lists/oss-security/2023/08/02/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •