CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42792
https://notcve.org/view.php?id=CVE-2022-42792
23 Jun 2023 — This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information • https://support.apple.com/en-us/HT213489 • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-32434 – Apple Multiple Products Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-32434
23 Jun 2023 — An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. iOS 15.7.7 and iPadOS 15.7.7 addresses code execution and integer overf... • http://seclists.org/fulldisclosure/2023/Oct/20 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-32439 – Apple Multiple Products WebKit Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2023-32439
23 Jun 2023 — A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. A vulnerability was found in webkitgtk. • https://security.gentoo.org/glsa/202401-04 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-32435 – Apple Multiple Products WebKit Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2023-32435
23 Jun 2023 — A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. A vulnerability was found in webkitgtk. • https://support.apple.com/en-us/HT213670 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-32368 – Apple Security Advisory 2023-05-18-6
https://notcve.org/view.php?id=CVE-2023-32368
30 May 2023 — An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing a 3D model may result in disclosure of process memory. macOS Monterey 12.6.6 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213757 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32354 – Apple Security Advisory 2023-05-18-6
https://notcve.org/view.php?id=CVE-2023-32354
30 May 2023 — An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. An app may be able to disclose kernel memory. iOS 16.5 and iPadOS 16.5 addresses buffer overflow, bypass, code execution, out of bounds read, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213757 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32367 – Apple Security Advisory 2023-05-18-1
https://notcve.org/view.php?id=CVE-2023-32367
30 May 2023 — This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data. macOS Ventura 13.4 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213757 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-32392 – Apple Security Advisory 2023-05-18-6
https://notcve.org/view.php?id=CVE-2023-32392
30 May 2023 — A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information. macOS Monterey 12.6.6 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213757 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2023-32407 – Apple Security Advisory 2023-05-18-6
https://notcve.org/view.php?id=CVE-2023-32407
30 May 2023 — A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences. macOS Monterey 12.6.6 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://github.com/gergelykalman/CVE-2023-32407-a-macOS-TCC-bypass-in-Metal • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32415 – Apple Security Advisory 2023-05-18-6
https://notcve.org/view.php?id=CVE-2023-32415
30 May 2023 — This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information. macOS Ventura 13.4 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213757 • CWE-922: Insecure Storage of Sensitive Information •