CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-27953
https://notcve.org/view.php?id=CVE-2023-27953
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory. • https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213675 https://support.apple.com/en-us/HT213677 • CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27952
https://notcve.org/view.php?id=CVE-2023-27952
A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks. • https://support.apple.com/en-us/HT213670 https://support.apple.com/kb/HT214119 http://seclists.org/fulldisclosure/2024/Jul/18 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28192
https://notcve.org/view.php?id=CVE-2023-28192
A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information. • https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213675 https://support.apple.com/en-us/HT213677 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-28200
https://notcve.org/view.php?id=CVE-2023-28200
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory. • https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213673 https://support.apple.com/en-us/HT213675 https://support.apple.com/en-us/HT213677 https://support.apple.com/kb/HT213843 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27938 – Apple GarageBand MIDI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-27938
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in GarageBand for macOS 10.4.8. Parsing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple GarageBand. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within a function in MACore.framework. • https://support.apple.com/en-us/HT213650 • CWE-125: Out-of-bounds Read •