CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27791
https://notcve.org/view.php?id=CVE-2024-27791
24 Apr 2024 — The issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, tvOS 17.3, macOS Ventura 13.6.4, iOS 16.7.5 and iPadOS 16.7.5, macOS Monterey 12.7.3, macOS Sonoma 14.3. An app may be able to corrupt coprocessor memory. El problema se solucionó con controles mejorados. Este problema se solucionó en iOS 17.3 y iPadOS 17.3, tvOS 17.3, macOS Ventura 13.6.4, iOS 16.7.5 y iPadOS 16.7.5, macOS Monterey 12.7.3, macOS Sonoma 14.3. • https://support.apple.com/en-us/HT214055 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-42974
https://notcve.org/view.php?id=CVE-2023-42974
28 Mar 2024 — A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code with kernel privileges. Se solucionó una condición de ejecución con un mejor manejo del estado. Este problema se solucionó en macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 y iPadOS 17.2, iOS 16.7.3 y iPadOS 16.7.3, macOS Sonoma 14.2. • https://support.apple.com/en-us/HT214034 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.1EPSS: 1%CPEs: 30EXPL: 0CVE-2024-23263 – webkit: processing malicious web content prevents Content Security Policy from being enforced
https://notcve.org/view.php?id=CVE-2024-23263
08 Mar 2024 — A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Se abordó un problema de lógica con una validación mejorada. Este problema se solucionó en tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6, Safari ... • http://seclists.org/fulldisclosure/2024/Mar/20 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-23255 – Apple Security Advisory 03-07-2024-2
https://notcve.org/view.php?id=CVE-2024-23255
08 Mar 2024 — An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. Photos in the Hidden Photos Album may be viewed without authentication. Se solucionó un problema de autenticación con una gestión de estado mejorada. Este problema se solucionó en macOS Sonoma 14.4, iOS 17.4 y iPadOS 17.4. • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 2%CPEs: 34EXPL: 0CVE-2024-23280 – webkit: maliciously crafted webpage may be able to fingerprint the user
https://notcve.org/view.php?id=CVE-2024-23280
08 Mar 2024 — An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user. Se solucionó un problema de inyección con una validación mejorada. Este problema se solucionó en Safari 17.4, macOS Sonoma 14.4, iOS 17.4 y iPadOS 17.4, watchOS 10.4, tvOS 17.4. • http://seclists.org/fulldisclosure/2024/Mar/20 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-23297 – Apple Security Advisory 03-07-2024-6
https://notcve.org/view.php?id=CVE-2024-23297
08 Mar 2024 — The issue was addressed with improved checks. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. A malicious application may be able to access private information. El problema se solucionó con controles mejorados. Este problema se solucionó en tvOS 17.4, iOS 17.4 y iPadOS 17.4, watchOS 10.4. • http://seclists.org/fulldisclosure/2024/Mar/24 •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-23278 – Apple Security Advisory 03-07-2024-2
https://notcve.org/view.php?id=CVE-2024-23278
08 Mar 2024 — The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox. El problema se solucionó con controles mejorados. Este problema se solucionó en macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6, tvOS 17.4. • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-0258 – Apple Security Advisory 03-07-2024-2
https://notcve.org/view.php?id=CVE-2024-0258
08 Mar 2024 — The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en tvOS 17.4, iOS 17.4 y iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2024-23239 – Apple Security Advisory 03-07-2024-2
https://notcve.org/view.php?id=CVE-2024-23239
08 Mar 2024 — A race condition was addressed with improved state handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to leak sensitive user information. Se solucionó una condición de ejecución con un mejor manejo del estado. Este problema se solucionó en tvOS 17.4, iOS 17.4 y iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-23242 – Apple Security Advisory 03-07-2024-2
https://notcve.org/view.php?id=CVE-2024-23242
08 Mar 2024 — A privacy issue was addressed by not logging contents of text fields. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to view Mail data. Se solucionó un problema de privacidad al no registrar el contenido de los campos de texto. Este problema se solucionó en macOS Sonoma 14.4, iOS 17.4 y iPadOS 17.4. • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-532: Insertion of Sensitive Information into Log File •