CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-40417
https://notcve.org/view.php?id=CVE-2023-40417
A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing. Se solucionó un problema de gestión de ventanas mejorando la gestión del estado. Este problema se solucionó en Safari 17, iOS 17 y iPadOS 17, watchOS 10, macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/2 http://seclists.org/fulldisclosure/2023/Oct/3 http://seclists.org/fulldisclosure/2023/Oct/8 http://seclists.org/fulldisclosure/2023/Oct/9 https://support.apple.com/en-us/HT213937 https://support.apple.com/en-us/HT213938 https://support.apple.com/en-us/HT213940 https://support.apple.com/en-us/HT213941 •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 3CVE-2023-41993 – Apple Multiple Products WebKit Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41993
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. El problema se solucionó con controles mejorados. • https://github.com/po6ix/POC-for-CVE-2023-41993 https://github.com/J3Ss0u/CVE-2023-41993 https://github.com/0x06060606/CVE-2023-41993 https://security.gentoo.org/glsa/202401-33 https://security.netapp.com/advisory/ntap-20240426-0004 https://support.apple.com/en-us/HT213940 https://access.redhat.com/security/cve/CVE-2023-41993 https://bugzilla.redhat.com/show_bug.cgi?id=2240522 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-4781 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2023-4781
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. Desbordamiento de búfer basado en el heap en el repositorio de GitHub vim/vim anterior a la versión 9.0.1873. • http://seclists.org/fulldisclosure/2023/Oct/24 https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93 https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883 https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html https://support.apple.com/kb/HT213984 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2023-4733 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2023-4733
Use After Free in GitHub repository vim/vim prior to 9.0.1840. Use After Free en el repositorio de GitHub vim/vim anterior a 9.0.1840. • http://seclists.org/fulldisclosure/2023/Oct/24 https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ&# • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2023-4750 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2023-4750
Use After Free in GitHub repository vim/vim prior to 9.0.1857. Use After Free en el repositorio de GitHub vim/vim anterior a 9.0.1857. • http://seclists.org/fulldisclosure/2023/Oct/24 https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ&# • CWE-416: Use After Free •