CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-27951 – Apple Security Advisory 2023-03-27-3
https://notcve.org/view.php?id=CVE-2023-27951
28 Mar 2023 — The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An archive may be able to bypass Gatekeeper. macOS Ventura 13.3 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213670 • CWE-863: Incorrect Authorization •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27952 – Apple Security Advisory 2023-03-27-3
https://notcve.org/view.php?id=CVE-2023-27952
28 Mar 2023 — A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks. macOS Sonoma 14.6 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, out of bounds access, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213670 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2023-27953 – Apple Security Advisory 2023-03-27-3
https://notcve.org/view.php?id=CVE-2023-27953
28 Mar 2023 — The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory. macOS Ventura 13.3 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213670 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-27955 – Apple Security Advisory 2023-03-27-3
https://notcve.org/view.php?id=CVE-2023-27955
28 Mar 2023 — The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, macOS Big Sur 11.7.5. An app may be able to read arbitrary files. iOS 16.4 and iPadOS 16.4 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213670 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-27958 – Apple Security Advisory 2023-03-27-3
https://notcve.org/view.php?id=CVE-2023-27958
28 Mar 2023 — The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory. macOS Ventura 13.3 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213670 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-27961 – Apple Security Advisory 2023-03-27-3
https://notcve.org/view.php?id=CVE-2023-27961
28 Mar 2023 — Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, watchOS 9.4, macOS Big Sur 11.7.5. Importing a maliciously crafted calendar invitation may exfiltrate user information. iOS 16.4 and iPadOS 16.4 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213670 • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-27962 – Apple Security Advisory 2023-03-27-3
https://notcve.org/view.php?id=CVE-2023-27962
28 Mar 2023 — A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to modify protected parts of the file system. macOS Ventura 13.3 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213670 • CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-27963 – Apple Security Advisory 2023-03-27-3
https://notcve.org/view.php?id=CVE-2023-27963
28 Mar 2023 — The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user. iOS 16.4 and iPadOS 16.4 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213670 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-27932 – webkitgtk: Same Origin Policy bypass via crafted web content
https://notcve.org/view.php?id=CVE-2023-27932
28 Mar 2023 — This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy. A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may bypass the same-origin Policy. • https://support.apple.com/en-us/HT213670 • CWE-346: Origin Validation Error CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23520
https://notcve.org/view.php?id=CVE-2023-23520
27 Feb 2023 — A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root. • https://support.apple.com/en-us/HT213599 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •