CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-27963
https://notcve.org/view.php?id=CVE-2023-27963
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user. • https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213673 https://support.apple.com/en-us/HT213674 https://support.apple.com/en-us/HT213676 https://support.apple.com/en-us/HT213677 https://support.apple.com/en-us/HT213678 •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-27954 – webkitgtk: Website may be able to track sensitive user information
https://notcve.org/view.php?id=CVE-2023-27954
The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information. A vulnerability was found in WebKitGTK. This security issue leads to tracking sensitive user information via a website. • https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213671 https://support.apple.com/en-us/HT213673 https://support.apple.com/en-us/HT213674 https://support.apple.com/en-us/HT213676 https://support.apple.com/en-us/HT213678 https://access.redhat.com/security/cve/CVE-2023-27954 https://bugzilla.redhat.com/show_bug.cgi?id=2236844 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23494
https://notcve.org/view.php?id=CVE-2023-23494
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to cause a denial-of-service. • https://support.apple.com/en-us/HT213676 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23523
https://notcve.org/view.php?id=CVE-2023-23523
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup. • https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213676 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23525
https://notcve.org/view.php?id=CVE-2023-23525
This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. An app may be able to gain root privileges. • https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213675 https://support.apple.com/en-us/HT213676 •