CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40397 – webkitgtk: arbitrary javascript code execution
https://notcve.org/view.php?id=CVE-2023-40397
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution. El problema se solucionó mejorando las comprobaciones. Este problema se solucionó en macOS Ventura 13.5. • http://www.openwall.com/lists/oss-security/2023/09/11/1 https://security.gentoo.org/glsa/202401-04 https://support.apple.com/en-us/HT213843 https://access.redhat.com/security/cve/CVE-2023-40397 https://bugzilla.redhat.com/show_bug.cgi?id=2238945 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32370 – webkitgtk: content security policy blacklist failure
https://notcve.org/view.php?id=CVE-2023-32370
A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail. Se abordó un problema de lógica con una comprobación mejorada. Este problema es corregido en macOS Ventura 13.3. • http://www.openwall.com/lists/oss-security/2023/09/11/1 https://security.gentoo.org/glsa/202401-04 https://support.apple.com/en-us/HT213670 https://access.redhat.com/security/cve/CVE-2023-32370 https://bugzilla.redhat.com/show_bug.cgi?id=2238944 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-28198 – Apple Safari DFG Fixup Phase Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-28198
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. Se ha solucionado un problema de use-after-free con una mejora en la gestión de memoria. Este problema se ha solucionado en iOS 16.4 y iPadOS 16.4, macOS Ventura 13.3. • http://www.openwall.com/lists/oss-security/2023/09/11/1 https://security.gentoo.org/glsa/202401-04 https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213676 https://access.redhat.com/security/cve/CVE-2023-28198 https://bugzilla.redhat.com/show_bug.cgi?id=2238943 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25358 – webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild()
https://notcve.org/view.php?id=CVE-2023-25358
A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. • http://www.openwall.com/lists/oss-security/2023/04/21/3 https://bugs.webkit.org/show_bug.cgi?id=242683 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OKKVEUQAAGH3NHMX3WHWKRPYU4QFKTQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QL5OGMSHRQ26FTYWZUXVNWB2VHOSVXK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC7DMUX37BRCLAI4VPQYHDUVEGTNYN5A https://security.gentoo.org/glsa/202305-32 https:/ • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25360 – webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer()
https://notcve.org/view.php?id=CVE-2023-25360
A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. • http://www.openwall.com/lists/oss-security/2023/04/21/3 https://bugs.webkit.org/show_bug.cgi?id=242686 https://security.gentoo.org/glsa/202305-32 https://access.redhat.com/security/cve/CVE-2023-25360 https://bugzilla.redhat.com/show_bug.cgi?id=2175101 • CWE-416: Use After Free •