CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2024-23208
https://notcve.org/view.php?id=CVE-2024-23208
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3. • https://github.com/hrtowii/CVE-2024-23208-test http://seclists.org/fulldisclosure/2024/Jan/33 http://seclists.org/fulldisclosure/2024/Jan/36 http://seclists.org/fulldisclosure/2024/Jan/39 http://seclists.org/fulldisclosure/2024/Jan/40 https://support.apple.com/en-us/HT214055 https://support.apple.com/en-us/HT214059 https://support.apple.com/en-us/HT214060 https://support.apple.com/en-us/HT214061 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42881
https://notcve.org/view.php?id=CVE-2023-42881
Processing a file may lead to unexpected app termination or arbitrary code execution. • https://support.apple.com/en-us/HT214036 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23209
https://notcve.org/view.php?id=CVE-2024-23209
Processing web content may lead to arbitrary code execution. • http://seclists.org/fulldisclosure/2024/Jan/36 https://support.apple.com/en-us/HT214061 •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-23213 – webkitgtk: Processing web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2024-23213
Processing web content may lead to arbitrary code execution. ... This flaw allows a remote attacker to trigger arbitrary code execution by persuading a victim to visit a specially crafted website. • http://seclists.org/fulldisclosure/2024/Jan/27 http://seclists.org/fulldisclosure/2024/Jan/33 http://seclists.org/fulldisclosure/2024/Jan/34 http://seclists.org/fulldisclosure/2024/Jan/36 http://seclists.org/fulldisclosure/2024/Jan/39 http://seclists.org/fulldisclosure/2024/Jan/40 http://www.openwall.com/lists/oss-security/2024/02/05/8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF https://lists.fedoraproject.org&# •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36177
https://notcve.org/view.php?id=CVE-2023-36177
An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API. Se descubrió un problema en badaix Snapcast versión 0.27.0, que permite a atacantes remotos ejecutar código arbitrario y obtener información confidencial a través de una solicitud manipulada en JSON-RPC-API. • http://snapcast.com https://oxnan.com/posts/Snapcast_jsonrpc_rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •