CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-28198 – Apple Safari DFG Fixup Phase Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-28198
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. Se ha solucionado un problema de use-after-free con una mejora en la gestión de memoria. Este problema se ha solucionado en iOS 16.4 y iPadOS 16.4, macOS Ventura 13.3. • http://www.openwall.com/lists/oss-security/2023/09/11/1 https://security.gentoo.org/glsa/202401-04 https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213676 https://access.redhat.com/security/cve/CVE-2023-28198 https://bugzilla.redhat.com/show_bug.cgi?id=2238943 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-37285
https://notcve.org/view.php?id=CVE-2023-37285
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/HT213842 https://support.apple.com/en-us/HT213843 https://support.apple.com/en-us/HT213844 https://support.apple.com/en-us/HT213845 https://support.apple.com/kb/HT213842 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-38598
https://notcve.org/view.php?id=CVE-2023-38598
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/HT213841 https://support.apple.com/en-us/HT213842 https://support.apple.com/en-us/HT213843 https://support.apple.com/en-us/HT213844 https://support.apple.com/en-us/HT213845 https://support.apple.com/en-us/HT213846 https://support.apple.com/en-us/HT213848 https://support.apple.com/kb/HT213841 https://support.apple.com/kb/HT213842 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.app • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-38604
https://notcve.org/view.php?id=CVE-2023-38604
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/HT213841 https://support.apple.com/en-us/HT213842 https://support.apple.com/en-us/HT213843 https://support.apple.com/en-us/HT213844 https://support.apple.com/en-us/HT213845 https://support.apple.com/en-us/HT213846 https://support.apple.com/en-us/HT213848 https://support.apple.com/kb/HT213841 https://support.apple.com/kb/HT213842 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.app • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-38599 – webkitgtk: track sensitive user information
https://notcve.org/view.php?id=CVE-2023-38599
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information. A flaw was found in WebKitGTK, which exists due to a logic issue in WebKit related to a user's privacy. A remote attacker may be able to track sensitive user information. • http://www.openwall.com/lists/oss-security/2023/08/02/1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER https://security.gentoo.org/glsa/202401-04 https://support.apple.com/en-us/HT213841 https://support.apple.com/en-us/HT213842 https://support.apple.com/en-us/HT213843 https://support.apple.com/en-us/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •