CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-23214
https://notcve.org/view.php?id=CVE-2024-23214
Processing maliciously crafted web content may lead to arbitrary code execution. • http://seclists.org/fulldisclosure/2024/Jan/33 http://seclists.org/fulldisclosure/2024/Jan/34 http://seclists.org/fulldisclosure/2024/Jan/36 https://support.apple.com/en-us/HT214059 https://support.apple.com/en-us/HT214061 https://support.apple.com/en-us/HT214063 https://support.apple.com/kb/HT214059 https://support.apple.com/kb/HT214061 https://support.apple.com/kb/HT214063 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2024-23208
https://notcve.org/view.php?id=CVE-2024-23208
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3. • https://github.com/hrtowii/CVE-2024-23208-test http://seclists.org/fulldisclosure/2024/Jan/33 http://seclists.org/fulldisclosure/2024/Jan/36 http://seclists.org/fulldisclosure/2024/Jan/39 http://seclists.org/fulldisclosure/2024/Jan/40 https://support.apple.com/en-us/HT214055 https://support.apple.com/en-us/HT214059 https://support.apple.com/en-us/HT214060 https://support.apple.com/en-us/HT214061 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42881
https://notcve.org/view.php?id=CVE-2023-42881
Processing a file may lead to unexpected app termination or arbitrary code execution. • https://support.apple.com/en-us/HT214036 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23209
https://notcve.org/view.php?id=CVE-2024-23209
Processing web content may lead to arbitrary code execution. • http://seclists.org/fulldisclosure/2024/Jan/36 https://support.apple.com/en-us/HT214061 •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-23213 – webkitgtk: Processing web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2024-23213
Processing web content may lead to arbitrary code execution. ... This flaw allows a remote attacker to trigger arbitrary code execution by persuading a victim to visit a specially crafted website. • http://seclists.org/fulldisclosure/2024/Jan/27 http://seclists.org/fulldisclosure/2024/Jan/33 http://seclists.org/fulldisclosure/2024/Jan/34 http://seclists.org/fulldisclosure/2024/Jan/36 http://seclists.org/fulldisclosure/2024/Jan/39 http://seclists.org/fulldisclosure/2024/Jan/40 http://www.openwall.com/lists/oss-security/2024/02/05/8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF https://lists.fedoraproject.org&# •