CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-42833 – webkitgtk: Processing web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-42833
10 Jan 2024 — A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution. Se solucionó un problema de corrección con controles mejorados. Este problema se solucionó en macOS Sonoma 14, Safari 17, iOS 17 y iPadOS 17. • http://www.openwall.com/lists/oss-security/2024/02/05/8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38612
https://notcve.org/view.php?id=CVE-2023-38612
10 Jan 2024 — The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. An app may be able to access protected user data. El problema se solucionó con controles mejorados. Este problema se solucionó en macOS Monterey 12.7, iOS 16.7 y iPadOS 16.7, iOS 17 y iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. • https://support.apple.com/en-us/HT213927 •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-42832
https://notcve.org/view.php?id=CVE-2023-42832
10 Jan 2024 — A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to gain root privileges. Se solucionó una condición de ejecución con un mejor manejo del estado. Este problema se solucionó en macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. • https://support.apple.com/en-us/HT213843 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40439
https://notcve.org/view.php?id=CVE-2023-40439
10 Jan 2024 — A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information. Se solucionó un problema de privacidad mejorando la redacción de datos privados para las entradas de registro. Este problema se solucionó en iOS 16.6 y iPadOS 16.6, macOS Ventura 13.5. • https://support.apple.com/en-us/HT213841 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42828
https://notcve.org/view.php?id=CVE-2023-42828
10 Jan 2024 — This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges. Este problema se solucionó eliminando el código vulnerable. Este problema se solucionó en macOS Ventura 13.5. • https://support.apple.com/en-us/HT213843 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40385
https://notcve.org/view.php?id=CVE-2023-40385
10 Jan 2024 — This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on. Este problema se solucionó eliminando el código vulnerable. Este problema se solucionó en macOS Sonoma 14, Safari 17, iOS 17 y iPadOS 17. • https://support.apple.com/en-us/HT213938 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41994
https://notcve.org/view.php?id=CVE-2023-41994
10 Jan 2024 — A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. A camera extension may be able to access the camera view from apps other than the app for which it was granted permission. Se solucionó un problema lógico con comprobaciones mejoradas. Este problema se solucionó en macOS Sonoma 14. Es posible que una extensión de cámara pueda acceder a la vista de la cámara desde aplicaciones distintas de aquella para la que se le otorgó permiso. • https://support.apple.com/en-us/HT213940 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40393
https://notcve.org/view.php?id=CVE-2023-40393
10 Jan 2024 — An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication. Se solucionó un problema de autenticación con una gestión de estado mejorada. Este problema se solucionó en macOS Sonoma 14. • https://support.apple.com/en-us/HT213940 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40430
https://notcve.org/view.php?id=CVE-2023-40430
10 Jan 2024 — A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access removable volumes without user consent. Se solucionó un problema de lógica con controles mejorados. Este problema se solucionó en macOS Sonoma 14. • https://support.apple.com/en-us/HT213940 • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42933
https://notcve.org/view.php?id=CVE-2023-42933
10 Jan 2024 — This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to gain elevated privileges. Este problema se solucionó con controles mejorados. Este problema se solucionó en macOS Sonoma 14. • https://support.apple.com/en-us/HT213940 •