CVE-2023-42917 – Apple Multiple Products WebKit Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2023-42917
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Se solucionó una vulnerabilidad de corrupción de memoria con un bloqueo mejorado. • http://seclists.org/fulldisclosure/2023/Dec/12 http://seclists.org/fulldisclosure/2023/Dec/13 http://seclists.org/fulldisclosure/2023/Dec/3 http://seclists.org/fulldisclosure/2023/Dec/4 http://seclists.org/fulldisclosure/2023/Dec/5 http://seclists.org/fulldisclosure/2023/Dec/8 http://seclists.org/fulldisclosure/2024/Jan/35 http://www.openwall.com/lists/oss-security/2023/12/05/1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHH • CWE-787: Out-of-bounds Write •
CVE-2023-42916 – Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-42916
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Se solucionó una lectura fuera de los límites con una validación de entrada mejorada. • http://seclists.org/fulldisclosure/2023/Dec/12 http://seclists.org/fulldisclosure/2023/Dec/13 http://seclists.org/fulldisclosure/2023/Dec/3 http://seclists.org/fulldisclosure/2023/Dec/4 http://seclists.org/fulldisclosure/2023/Dec/5 http://seclists.org/fulldisclosure/2023/Dec/8 http://seclists.org/fulldisclosure/2024/Jan/35 http://www.openwall.com/lists/oss-security/2023/12/05/1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHH • CWE-125: Out-of-bounds Read •
CVE-2022-46298
https://notcve.org/view.php?id=CVE-2022-46298
Incomplete cleanup for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. La limpieza incompleta de algunos software Intel Unison puede permitir que un usuario privilegiado habilite potencialmente la denegación de servicio a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html • CWE-459: Incomplete Cleanup •
CVE-2022-46301
https://notcve.org/view.php?id=CVE-2022-46301
Improper Initialization for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. Una inicialización incorrecta de algunos software Intel Unison puede permitir que un usuario privilegiado habilite potencialmente la denegación de servicio a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html • CWE-665: Improper Initialization •
CVE-2022-46646
https://notcve.org/view.php?id=CVE-2022-46646
Exposure of sensitive information to an unauthorized actor for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. La exposición de información confidencial a un actor no autorizado para algún software Intel Unison puede permitir que un usuario autenticado potencialmente habilite la divulgación de información a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •