CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32405 – Apple Security Advisory 2023-05-18-3
https://notcve.org/view.php?id=CVE-2023-32405
30 May 2023 — A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to gain root privileges. macOS Monterey 12.6.6 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213758 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2023-32407 – Apple Security Advisory 2023-05-18-6
https://notcve.org/view.php?id=CVE-2023-32407
30 May 2023 — A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences. macOS Monterey 12.6.6 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://github.com/gergelykalman/CVE-2023-32407-a-macOS-TCC-bypass-in-Metal • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-32410 – Apple Security Advisory 2023-05-18-3
https://notcve.org/view.php?id=CVE-2023-32410
30 May 2023 — An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to leak sensitive kernel state. macOS Monterey 12.6.6 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213758 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-32411 – Apple Security Advisory 2023-05-18-6
https://notcve.org/view.php?id=CVE-2023-32411
30 May 2023 — This issue was addressed with improved entitlements. This issue is fixed in tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences. macOS Monterey 12.6.6 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213757 •
CVSS: 10.0EPSS: 1%CPEs: 9EXPL: 1CVE-2023-32412 – Apple Security Advisory 2023-05-18-6
https://notcve.org/view.php?id=CVE-2023-32412
30 May 2023 — A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. There is a use-after-free vulnerability in libIPTelephony.dylib inside the SIP message decoder (SipMessageDecoder::decode() function). The vulnerable library is present on both iO... • https://packetstorm.news/files/id/172990 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2023-32413 – Apple macOS /dev/fd Race Condition Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-32413
30 May 2023 — A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to gain root privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability... • https://github.com/synacktiv/CVE-2023-32413 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-32352 – Apple Security Advisory 2023-05-18-1
https://notcve.org/view.php?id=CVE-2023-32352
30 May 2023 — A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may bypass Gatekeeper checks. macOS Monterey 12.6.6 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213757 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32355 – Apple Security Advisory 2023-05-18-3
https://notcve.org/view.php?id=CVE-2023-32355
30 May 2023 — A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system. macOS Monterey 12.6.6 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213758 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-32357 – Apple Security Advisory 2023-05-18-6
https://notcve.org/view.php?id=CVE-2023-32357
30 May 2023 — An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permission is revoked. macOS Monterey 12.6.6 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213757 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32360 – cups: Information leak through Cups-Get-Document operation
https://notcve.org/view.php?id=CVE-2023-32360
30 May 2023 — An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents. A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach. • https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •