CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-27956 – Apple Security Advisory 2023-03-27-6
https://notcve.org/view.php?id=CVE-2023-27956
28 Mar 2023 — The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory. iOS 16.4 and iPadOS 16.4 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213670 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-27969 – Apple Security Advisory 2023-03-27-6
https://notcve.org/view.php?id=CVE-2023-27969
28 Mar 2023 — A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges. iOS 16.4 and iPadOS 16.4 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213670 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-23524
https://notcve.org/view.php?id=CVE-2023-23524
27 Feb 2023 — A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service. • https://support.apple.com/en-us/HT213632 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-46705 – webkitgtk: Visiting a malicious website may lead to address bar spoofing
https://notcve.org/view.php?id=CVE-2022-46705
27 Feb 2023 — A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing. A vulnerability was found in WebKitGTK. • http://www.openwall.com/lists/oss-security/2023/11/15/1 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-23503 – Apple Security Advisory 2023-01-23-7
https://notcve.org/view.php?id=CVE-2023-23503
24 Jan 2023 — A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass Privacy preferences. macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213598 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-23502 – Apple Security Advisory 2023-01-23-7
https://notcve.org/view.php?id=CVE-2023-23502
24 Jan 2023 — An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to determine kernel memory layout. macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213599 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2023-23504 – Apple Security Advisory 2023-01-23-7
https://notcve.org/view.php?id=CVE-2023-23504
24 Jan 2023 — The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code with kernel privileges. macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities. • https://github.com/zeroc00I/CVE-2023-23504 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-23519 – Apple macOS KTX Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-23519
24 Jan 2023 — A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing an image may lead to a denial-of-service. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within t... • https://support.apple.com/en-us/HT213599 • CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-23505 – Apple Security Advisory 2023-01-23-6
https://notcve.org/view.php?id=CVE-2023-23505
24 Jan 2023 — A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3 and iPadOS 16.3. An app may be able to access information about a user’s contacts. macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213598 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-23499 – Apple Security Advisory 2023-01-23-6
https://notcve.org/view.php?id=CVE-2023-23499
24 Jan 2023 — This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. An app may be able to access user-sensitive data. macOS Ventura 13.2 addresses buffer overflow, bypass, code execution, information leakage, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213599 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •