CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-42884 – Apple Security Advisory 12-11-2023-3
https://notcve.org/view.php?id=CVE-2023-42884
12 Dec 2023 — This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. An app may be able to disclose kernel memory. Este problema se solucionó mejorando la redacción de información confidencial. Este problema se solucionó en macOS Sonoma 14.2, iOS 17.2 y iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 y iPadOS 16.7.3. • http://seclists.org/fulldisclosure/2023/Dec/10 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42902 – Apple macOS VideoToolbox Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-42902
12 Dec 2023 — Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. Se abordaron múltiples problemas de corrupción de memoria con una validación de entrada mejorada. Este problema se solucionó en macOS Sonoma 14.2. • http://seclists.org/fulldisclosure/2023/Dec/9 • CWE-787: Out-of-bounds Write •
CVSS: 6.3EPSS: 0%CPEs: 9EXPL: 0CVE-2023-42914 – Apple Security Advisory 12-11-2023-8
https://notcve.org/view.php?id=CVE-2023-42914
12 Dec 2023 — The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to break out of its sandbox. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en macOS Sonoma 14.2, iOS 17.2 y iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 y iPadOS 16.7.3, macOS Monterey 12.7.2. • http://seclists.org/fulldisclosure/2023/Dec/10 •
CVSS: 6.3EPSS: 0%CPEs: 28EXPL: 8CVE-2023-45866 – bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution
https://notcve.org/view.php?id=CVE-2023-45866
07 Dec 2023 — Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. Bluetooth HID Hosts in BlueZ ... • https://github.com/pentestfunctions/BlueDucky • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42826 – Apple macOS Hydra Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-42826
07 Dec 2023 — The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to arbitrary code execution. El problema se solucionó con controles mejorados. Este problema se solucionó en macOS Sonoma 14. • https://support.apple.com/en-us/HT213940 •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2023-42917 – Apple Multiple Products WebKit Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2023-42917
30 Nov 2023 — A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Se solucionó una vulnerabilidad de corrupción de memoria con un bloqueo mejorado. • http://seclists.org/fulldisclosure/2023/Dec/12 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2023-42916 – Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-42916
30 Nov 2023 — An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Se solucionó una lectura fuera de los límites con una validación de entrada mejorada. • http://seclists.org/fulldisclosure/2023/Dec/12 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-42844 – Apple Security Advisory 10-25-2023-6
https://notcve.org/view.php?id=CVE-2023-42844
25 Oct 2023 — This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks. Este problema se solucionó mejorando el manejo de los enlaces simbólicos. Este problema se solucionó en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. • http://seclists.org/fulldisclosure/2023/Oct/21 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2023-42852 – webkitgtk: Processing web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-42852
25 Oct 2023 — A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution. Se solucionó un problema lógico con controles mejorados. Este problema se solucionó en iOS 17.1 y iPadOS 17.1, watchOS 10.1, iOS 16.7.2 y iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. • http://seclists.org/fulldisclosure/2023/Oct/19 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41989 – Apple Security Advisory 10-25-2023-4
https://notcve.org/view.php?id=CVE-2023-41989
25 Oct 2023 — The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to execute arbitrary code as root from the Lock Screen. El problema se solucionó restringiendo las opciones ofrecidas en un dispositivo bloqueado. Este problema se solucionó en macOS Sonoma 14.1. • http://seclists.org/fulldisclosure/2023/Oct/24 •