CVE-2023-40392
https://notcve.org/view.php?id=CVE-2023-40392
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information. Se solucionó un problema de privacidad mejorando la redacción de datos privados para las entradas de registro. Este problema se solucionó en macOS Ventura 13.5. • https://support.apple.com/en-us/HT213843 https://support.apple.com/kb/HT213841 https://support.apple.com/kb/HT213842 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2023-38616
https://notcve.org/view.php?id=CVE-2023-38616
A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. La condición de ejecución se gestionó con un mejor manejo del estado. Este problema se solucionó en macOS Ventura 13.5. • https://support.apple.com/en-us/HT213843 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2023-40397 – webkitgtk: arbitrary javascript code execution
https://notcve.org/view.php?id=CVE-2023-40397
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution. El problema se solucionó mejorando las comprobaciones. Este problema se solucionó en macOS Ventura 13.5. • http://www.openwall.com/lists/oss-security/2023/09/11/1 https://security.gentoo.org/glsa/202401-04 https://support.apple.com/en-us/HT213843 https://access.redhat.com/security/cve/CVE-2023-40397 https://bugzilla.redhat.com/show_bug.cgi?id=2238945 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVE-2023-4781 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2023-4781
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. Desbordamiento de búfer basado en el heap en el repositorio de GitHub vim/vim anterior a la versión 9.0.1873. • http://seclists.org/fulldisclosure/2023/Oct/24 https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93 https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883 https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html https://support.apple.com/kb/HT213984 • CWE-122: Heap-based Buffer Overflow •
CVE-2023-4733 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2023-4733
Use After Free in GitHub repository vim/vim prior to 9.0.1840. Use After Free en el repositorio de GitHub vim/vim anterior a 9.0.1840. • http://seclists.org/fulldisclosure/2023/Oct/24 https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ • CWE-416: Use After Free •