CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-23517 – webkitgtk: memory corruption issue leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-23517
24 Jan 2023 — The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. • https://support.apple.com/en-us/HT213599 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-23518 – webkitgtk: memory corruption issue leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-23518
24 Jan 2023 — The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. • https://support.apple.com/en-us/HT213599 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-23519 – Apple macOS KTX Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-23519
24 Jan 2023 — A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing an image may lead to a denial-of-service. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within t... • https://support.apple.com/en-us/HT213599 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 54%CPEs: 8EXPL: 19CVE-2023-22809 – sudo 1.8.0 to 1.9.12p1 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-22809
18 Jan 2023 — In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. En S... • https://packetstorm.news/files/id/172509 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-42856 – Apple iOS Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2022-42856
15 Dec 2022 — A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. Se abordó un problema lógico con una mejor gestión del estado. • http://seclists.org/fulldisclosure/2022/Dec/21 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.0EPSS: 4%CPEs: 9EXPL: 1CVE-2022-42864 – Apple Security Advisory 2022-12-13-6
https://notcve.org/view.php?id=CVE-2022-42864
15 Dec 2022 — A race condition was addressed with improved state handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges. Se solucionó una condición de ejecución con un mejor manejo del estado. Este problema se solucionó en tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 y iPadOS 15.7.2, iOS 16.2... • https://github.com/Muirey03/CVE-2022-42864 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32833
https://notcve.org/view.php?id=CVE-2022-32833
15 Dec 2022 — An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history. Existía un problema con las rutas de archivo utilizadas para almacenar datos del sitio web. • https://support.apple.com/en-us/HT213446 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32860
https://notcve.org/view.php?id=CVE-2022-32860
15 Dec 2022 — An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, macOS Big Sur 11.6.8. An app may be able to execute arbitrary code with kernel privileges. Se solucionó una escritura fuera de los límites con una validación de entrada mejorada. Este problema se solucionó en iOS 15.6 y iPadOS 15.6, macOS Monterey 12.5, macOS Big Sur 11.6.8. • https://support.apple.com/en-us/HT213344 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32942 – Apple Security Advisory 2022-12-13-6
https://notcve.org/view.php?id=CVE-2022-32942
15 Dec 2022 — The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. An app may be able to execute arbitrary code with kernel privileges. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. • http://seclists.org/fulldisclosure/2022/Dec/23 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42805
https://notcve.org/view.php?id=CVE-2022-42805
15 Dec 2022 — An integer overflow was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. Se solucionó un desbordamiento de enteros con una validación de entrada mejorada. Este problema se solucionó en iOS 15.6, iPadOS 15.6 y macOS Monterey 12.5. • https://support.apple.com/en-us/HT213345 • CWE-190: Integer Overflow or Wraparound •