CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-40396
https://notcve.org/view.php?id=CVE-2023-40396
29 Jul 2024 — The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/HT213936 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27810 – Apple Security Advisory 05-13-2024-8
https://notcve.org/view.php?id=CVE-2024-27810
13 May 2024 — A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to read sensitive location information. Se solucionó un problema de manejo de rutas con una validación mejorada. Este problema se solucionó en iOS 17.5 y iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. • http://seclists.org/fulldisclosure/2024/May/10 • CWE-28: Path Traversal: '..\filedir' •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27847 – Apple Security Advisory 05-13-2024-4
https://notcve.org/view.php?id=CVE-2024-27847
13 May 2024 — This issue was addressed with improved checks This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to bypass Privacy preferences. Este problema se solucionó con comprobaciones mejoradas. Este problema se solucionó en iOS 17.5 y iPadOS 17.5, macOS Sonoma 14.5. Es posible que una aplicación pueda eludir las preferencias de privacidad. iOS 17.5 and iPadOS 17.5 addresses bypass and code execution vulnerabilities. • http://seclists.org/fulldisclosure/2024/May/10 • CWE-277: Insecure Inherited Permissions •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27796 – Apple Security Advisory 05-13-2024-4
https://notcve.org/view.php?id=CVE-2024-27796
13 May 2024 — The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to elevate privileges. El problema se solucionó con controles mejorados. Este problema se solucionó en iOS 17.5 y iPadOS 17.5, macOS Sonoma 14.5. • http://seclists.org/fulldisclosure/2024/May/10 • CWE-1325: Improperly Controlled Sequential Memory Allocation •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27841 – Apple Security Advisory 05-13-2024-4
https://notcve.org/view.php?id=CVE-2024-27841
13 May 2024 — The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en iOS 17.5 y iPadOS 17.5, macOS Sonoma 14.5. • http://seclists.org/fulldisclosure/2024/May/10 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 1CVE-2024-27821 – Apple Security Advisory 05-13-2024-4
https://notcve.org/view.php?id=CVE-2024-27821
13 May 2024 — A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output sensitive user data without consent. Se solucionó un problema de manejo de rutas con una validación mejorada. Este problema se solucionó en iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. • https://github.com/0xilis/CVE-2024-27821 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 2.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27835 – Apple Security Advisory 05-13-2024-2
https://notcve.org/view.php?id=CVE-2024-27835
13 May 2024 — This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen. Esta cuestión se abordó mediante una mejora de gestión de estado. Este problema se solucionó en iOS 17.5 y iPadOS 17.5. • http://seclists.org/fulldisclosure/2024/May/10 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27839 – Apple Security Advisory 05-13-2024-2
https://notcve.org/view.php?id=CVE-2024-27839
13 May 2024 — A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location. Se solucionó un problema de privacidad trasladando datos confidenciales a una ubicación más segura. Este problema se solucionó en iOS 17.5 y iPadOS 17.5. • http://seclists.org/fulldisclosure/2024/May/10 • CWE-203: Observable Discrepancy •
CVSS: 8.1EPSS: 1%CPEs: 7EXPL: 1CVE-2024-27804 – Apple Security Advisory 05-13-2024-8
https://notcve.org/view.php?id=CVE-2024-27804
13 May 2024 — The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en iOS 17.5 y iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. • https://github.com/R00tkitSMM/CVE-2024-27804 • CWE-1325: Improperly Controlled Sequential Memory Allocation •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27852 – Apple Security Advisory 05-13-2024-2
https://notcve.org/view.php?id=CVE-2024-27852
13 May 2024 — A privacy issue was addressed with improved client ID handling for alternative app marketplaces. This issue is fixed in iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages. Se solucionó un problema de privacidad mejorando el manejo de la identificación del cliente para mercados de aplicaciones alternativos. Este problema se solucionó en iOS 17.5 y iPadOS 17.5. • http://seclists.org/fulldisclosure/2024/May/10 •