CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28189
https://notcve.org/view.php?id=CVE-2023-28189
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to view sensitive information. • https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213675 https://support.apple.com/en-us/HT213677 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28190
https://notcve.org/view.php?id=CVE-2023-28190
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data. • https://support.apple.com/en-us/HT213670 •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27952
https://notcve.org/view.php?id=CVE-2023-27952
A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks. • https://support.apple.com/en-us/HT213670 https://support.apple.com/kb/HT214119 http://seclists.org/fulldisclosure/2024/Jul/18 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27938 – Apple GarageBand MIDI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-27938
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in GarageBand for macOS 10.4.8. Parsing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple GarageBand. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within a function in MACore.framework. • https://support.apple.com/en-us/HT213650 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27934
https://notcve.org/view.php?id=CVE-2023-27934
A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. • https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213677 • CWE-665: Improper Initialization •