CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 1CVE-2023-2110 – Obsidian Local File Disclosure
https://notcve.org/view.php?id=CVE-2023-2110
Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian. • https://obsidian.md/changelog/2023-05-03-desktop-v1.2.8 https://starlabs.sg/advisories/23/23-2110 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27948
https://notcve.org/view.php?id=CVE-2023-27948
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory. Se ha solucionado un problema de lectura fuera de los límites mejorando una validación de entrada. Este problema se ha solucionado en macOS Ventura 13.3. • https://support.apple.com/en-us/HT213670 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48503 – webkitgtk: improper bounds checking leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-48503
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution. El problema se solucionó con comprobaciones de límites mejoradas. Este problema se ha solucionado en tvOS 15.6, watchOS 8.7, iOS 15.6, iPadOS 15.6, macOS Monterey 12.5 and Safari 15.6. • https://support.apple.com/en-us/HT213340 https://support.apple.com/en-us/HT213341 https://support.apple.com/en-us/HT213342 https://support.apple.com/en-us/HT213345 https://support.apple.com/en-us/HT213346 https://access.redhat.com/security/cve/CVE-2022-48503 https://bugzilla.redhat.com/show_bug.cgi?id=2218623 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36615
https://notcve.org/view.php?id=CVE-2020-36615
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted font may lead to arbitrary code execution. Se ha solucionado un problema de lectura fuera de los límites mejorando la comprobación de límites. Este problema se ha corregido en macOS Big Sur 11.0.1. • https://support.apple.com/en-us/HT211931 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22646
https://notcve.org/view.php?id=CVE-2022-22646
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to modify protected parts of the file system. Este problema se solucionó eliminando el código vulnerable. Este problema se ha solucionado en macOS Monterey 12.2. • https://support.apple.com/en-us/HT213054 •