CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-27961
https://notcve.org/view.php?id=CVE-2023-27961
Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, watchOS 9.4, macOS Big Sur 11.7.5. Importing a maliciously crafted calendar invitation may exfiltrate user information. • https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213673 https://support.apple.com/en-us/HT213675 https://support.apple.com/en-us/HT213676 https://support.apple.com/en-us/HT213677 https://support.apple.com/en-us/HT213678 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-27963
https://notcve.org/view.php?id=CVE-2023-27963
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user. • https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213673 https://support.apple.com/en-us/HT213674 https://support.apple.com/en-us/HT213676 https://support.apple.com/en-us/HT213677 https://support.apple.com/en-us/HT213678 •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-27954 – webkitgtk: Website may be able to track sensitive user information
https://notcve.org/view.php?id=CVE-2023-27954
The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information. A vulnerability was found in WebKitGTK. This security issue leads to tracking sensitive user information via a website. • https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213671 https://support.apple.com/en-us/HT213673 https://support.apple.com/en-us/HT213674 https://support.apple.com/en-us/HT213676 https://support.apple.com/en-us/HT213678 https://access.redhat.com/security/cve/CVE-2023-27954 https://bugzilla.redhat.com/show_bug.cgi?id=2236844 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22610
https://notcve.org/view.php?id=CVE-2022-22610
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution. Se abordó un problema de corrupción de memoria con una administración de estados mejorada. Este problema ha sido corregido en macOS Monterey versión 12.3, Safari versión 15.4, watchOS versión 8.5, iOS versión 15.4 y iPadOS versión 15.4, tvOS versión 15.4. • https://support.apple.com/en-us/HT213182 https://support.apple.com/en-us/HT213183 https://support.apple.com/en-us/HT213186 https://support.apple.com/en-us/HT213187 https://support.apple.com/en-us/HT213193 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22624 – webkitgtk: Use-after-free leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-22624
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de uso de memoria previamente liberada con una administración de memoria mejorada. Este problema ha sido corregido en macOS Monterey versión 12.3, iOS versión 15.4 y iPadOS versión 15.4, tvOS versión 15.4, Safari versión 15.4. • https://support.apple.com/en-us/HT213182 https://support.apple.com/en-us/HT213183 https://support.apple.com/en-us/HT213186 https://support.apple.com/en-us/HT213187 https://access.redhat.com/security/cve/CVE-2022-22624 https://bugzilla.redhat.com/show_bug.cgi?id=2073893 • CWE-416: Use After Free •