CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-40446
https://notcve.org/view.php?id=CVE-2023-40446
Processing maliciously crafted input may lead to arbitrary code execution in user-installed apps. • https://support.apple.com/en-us/HT213981 https://support.apple.com/en-us/HT213982 https://support.apple.com/en-us/HT213983 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42901
https://notcve.org/view.php?id=CVE-2023-42901
Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. • http://seclists.org/fulldisclosure/2023/Dec/9 https://support.apple.com/en-us/HT214036 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-42886
https://notcve.org/view.php?id=CVE-2023-42886
A user may be able to cause unexpected app termination or arbitrary code execution. • http://seclists.org/fulldisclosure/2023/Dec/10 http://seclists.org/fulldisclosure/2023/Dec/11 http://seclists.org/fulldisclosure/2023/Dec/9 https://support.apple.com/en-us/HT214036 https://support.apple.com/en-us/HT214037 https://support.apple.com/en-us/HT214038 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-42890 – webkitgtk: processing malicious web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-42890
Processing web content may lead to arbitrary code execution. ... This issue exists due to a boundary error when processing malicious HTML content in WebKit, which could result in memory corruption and arbitrary code execution on the target system. • http://seclists.org/fulldisclosure/2023/Dec/12 http://seclists.org/fulldisclosure/2023/Dec/13 http://seclists.org/fulldisclosure/2023/Dec/6 http://seclists.org/fulldisclosure/2023/Dec/7 http://seclists.org/fulldisclosure/2023/Dec/9 http://www.openwall.com/lists/oss-security/2023/12/18/1 https://security.gentoo.org/glsa/202401-33 https://support.apple.com/en-us/HT214035 https://support.apple.com/en-us/HT214036 https://support.apple.com/en-us/HT214039 https:/ • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42907
https://notcve.org/view.php?id=CVE-2023-42907
Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. • http://seclists.org/fulldisclosure/2023/Dec/9 https://support.apple.com/en-us/HT214036 • CWE-787: Out-of-bounds Write •