CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-2023-28319 – curl: use after free in SSH sha256 fingerprint check
https://notcve.org/view.php?id=CVE-2023-28319
26 May 2023 — A use after free vulnerability exists in curl
CVSS: 5.9EPSS: 0%CPEs: 14EXPL: 1CVE-2023-28320
https://notcve.org/view.php?id=CVE-2023-28320
26 May 2023 — A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. • http://seclists.org/fulldisclosure/2023/Jul/47 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 1CVE-2023-28321 – curl: IDN wildcard match may lead to Improper Cerificate Validation
https://notcve.org/view.php?id=CVE-2023-28321
26 May 2023 — An improper certificate validation vulnerability exists in curl
CVSS: 3.7EPSS: 0%CPEs: 16EXPL: 1CVE-2023-28322 – curl: more POST-after-PUT confusion
https://notcve.org/view.php?id=CVE-2023-28322
26 May 2023 — An information disclosure vulnerability exists in curl
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1763
https://notcve.org/view.php?id=CVE-2023-1763
17 May 2023 — Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software. • https://psirt.canon/advisory-information/cp2023-002 • CWE-522: Insufficiently Protected Credentials CWE-549: Missing Password Field Masking •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1764
https://notcve.org/view.php?id=CVE-2023-1764
17 May 2023 — Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software. • https://psirt.canon/advisory-information/cp2023-002 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 1CVE-2023-30774 – libtiff: heap buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value
https://notcve.org/view.php?id=CVE-2023-30774
09 May 2023 — A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. • http://seclists.org/fulldisclosure/2023/Oct/24 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-46720
https://notcve.org/view.php?id=CVE-2022-46720
08 May 2023 — An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to break out of its sandbox • https://support.apple.com/en-us/HT213530 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-23536
https://notcve.org/view.php?id=CVE-2023-23536
08 May 2023 — The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/HT213670 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-28178
https://notcve.org/view.php?id=CVE-2023-28178
08 May 2023 — A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to bypass Privacy preferences. • https://support.apple.com/en-us/HT213670 •