CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40852 – Apple Security Advisory 09-16-2024-1
https://notcve.org/view.php?id=CVE-2024-40852
16 Sep 2024 — This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access. iOS 18 and iPadOS 18 addresses bypass, cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities. • https://support.apple.com/en-us/121250 • CWE-862: Missing Authorization •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-44169 – Apple Security Advisory 09-16-2024-9
https://notcve.org/view.php?id=CVE-2024-44169
16 Sep 2024 — The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination. macOS Sequoia 15 addresses buffer overflow, bypass, cross site scripting, integer overflow, out of bounds access, out of bounds read, out of bounds write, and spoofing vulnerabilities. • https://support.apple.com/en-us/121234 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27874 – Apple Security Advisory 09-16-2024-1
https://notcve.org/view.php?id=CVE-2024-27874
16 Sep 2024 — This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A remote attacker may be able to cause a denial-of-service. iOS 18 and iPadOS 18 addresses bypass, cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities. • https://support.apple.com/en-us/121250 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-44167 – Apple Security Advisory 09-16-2024-9
https://notcve.org/view.php?id=CVE-2024-44167
16 Sep 2024 — This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to overwrite arbitrary files. macOS Sequoia 15 addresses buffer overflow, bypass, cross site scripting, integer overflow, out of bounds access, out of bounds read, out of bounds write, and spoofing vulnerabilities. • https://support.apple.com/en-us/121234 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44147 – Apple Security Advisory 09-16-2024-1
https://notcve.org/view.php?id=CVE-2024-44147
16 Sep 2024 — This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network. iOS 18 and iPadOS 18 addresses bypass, cross site scripting, integer overflow, out of bounds access, and out of bounds read vulnerabilities. • https://support.apple.com/en-us/121250 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27869 – Apple Security Advisory 09-16-2024-1
https://notcve.org/view.php?id=CVE-2024-27869
16 Sep 2024 — The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator. macOS Sequoia 15 addresses buffer overflow, bypass, cross site scripting, integer overflow, out of bounds access, out of bounds read, out of bounds write, and spoofing vulnerabilities. • https://support.apple.com/en-us/121238 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2023-42843 – webkit: visiting a malicious website may lead to address bar spoofing
https://notcve.org/view.php?id=CVE-2023-42843
21 Feb 2024 — An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing. Se solucionó un problema de interfaz de usuario inconsistente con una gestión de estado mejorada. Este problema se solucionó en iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. • http://www.openwall.com/lists/oss-security/2024/03/26/1 • CWE-290: Authentication Bypass by Spoofing •