CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42901
https://notcve.org/view.php?id=CVE-2023-42901
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. Se abordaron múltiples problemas de corrupción de memoria con una validación de entrada mejorada. Este problema se solucionó en macOS Sonoma 14.2. • http://seclists.org/fulldisclosure/2023/Dec/9 https://support.apple.com/en-us/HT214036 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42900
https://notcve.org/view.php?id=CVE-2023-42900
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data. El problema se solucionó con controles mejorados. Este problema se solucionó en macOS Sonoma 14.2. • http://seclists.org/fulldisclosure/2023/Dec/9 https://support.apple.com/en-us/HT214036 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-42886
https://notcve.org/view.php?id=CVE-2023-42886
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. A user may be able to cause unexpected app termination or arbitrary code execution. Se solucionó una lectura fuera de los límites con una verificación de los límites mejorada. Este problema se solucionó en macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. • http://seclists.org/fulldisclosure/2023/Dec/10 http://seclists.org/fulldisclosure/2023/Dec/11 http://seclists.org/fulldisclosure/2023/Dec/9 https://support.apple.com/en-us/HT214036 https://support.apple.com/en-us/HT214037 https://support.apple.com/en-us/HT214038 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-42890 – webkitgtk: processing malicious web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-42890
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 y iPadOS 17.2, tvOS 17.2. • http://seclists.org/fulldisclosure/2023/Dec/12 http://seclists.org/fulldisclosure/2023/Dec/13 http://seclists.org/fulldisclosure/2023/Dec/6 http://seclists.org/fulldisclosure/2023/Dec/7 http://seclists.org/fulldisclosure/2023/Dec/9 http://www.openwall.com/lists/oss-security/2023/12/18/1 https://security.gentoo.org/glsa/202401-33 https://support.apple.com/en-us/HT214035 https://support.apple.com/en-us/HT214036 https://support.apple.com/en-us/HT214039 https:/ • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42874
https://notcve.org/view.php?id=CVE-2023-42874
This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard. Se abordó un problema lógico con una mejor gestión del estado. Este problema se solucionó en macOS Sonoma 14.2. • http://seclists.org/fulldisclosure/2023/Dec/9 https://support.apple.com/en-us/HT214036 •