Vulnerability-Lookup

alsa-2023:7055

Vulnerability from osv_almalinux

Published

2023-11-14 00:00

Modified

2023-11-23 10:21

Summary

Important: webkit2gtk3 security and bug fix update

Details

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

webkitgtk: arbitrary code execution (CVE-2023-32393)
webkitgtk: bypass Same Origin Policy (CVE-2023-38572)
webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-38592)
webkitgtk: arbitrary code execution (CVE-2023-38594)
webkitgtk: arbitrary code execution (CVE-2023-38595)
webkitgtk: arbitrary code execution (CVE-2023-38597)
webkitgtk: arbitrary code execution (CVE-2023-38600)
webkitgtk: arbitrary code execution (CVE-2023-38611)
webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
webkitgtk: Same Origin Policy bypass via crafted web content (CVE-2023-27932)
webkitgtk: Website may be able to track sensitive user information (CVE-2023-27954)
webkitgtk: use after free vulnerability (CVE-2023-28198)
webkitgtk: content security policy blacklist failure (CVE-2023-32370)
webkitgtk: disclose sensitive information (CVE-2023-38133)
webkitgtk: track sensitive user information (CVE-2023-38599)
webkitgtk: processing web content may lead to arbitrary code execution (CVE-2023-39434)
webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
webkitgtk: attacker with JavaScript execution may be able to execute arbitrary code (CVE-2023-40451)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2023:7055	ADVISORY
	https://access.redhat.com/security/cve/CVE-2022-32885	REPORT
	https://access.redhat.com/security/cve/CVE-2023-27932	REPORT
	https://access.redhat.com/security/cve/CVE-2023-27954	REPORT
	https://access.redhat.com/security/cve/CVE-2023-28198	REPORT
	https://access.redhat.com/security/cve/CVE-2023-32370	REPORT
	https://access.redhat.com/security/cve/CVE-2023-32393	REPORT
	https://access.redhat.com/security/cve/CVE-2023-38133	REPORT
	https://access.redhat.com/security/cve/CVE-2023-38572	REPORT
	https://access.redhat.com/security/cve/CVE-2023-38592	REPORT
	https://access.redhat.com/security/cve/CVE-2023-38594	REPORT
	https://access.redhat.com/security/cve/CVE-2023-38595	REPORT
	https://access.redhat.com/security/cve/CVE-2023-38597	REPORT
	https://access.redhat.com/security/cve/CVE-2023-38599	REPORT
	https://access.redhat.com/security/cve/CVE-2023-38600	REPORT
	https://access.redhat.com/security/cve/CVE-2023-38611	REPORT
	https://access.redhat.com/security/cve/CVE-2023-39434	REPORT
	https://access.redhat.com/security/cve/CVE-2023-40397	REPORT
	https://access.redhat.com/security/cve/CVE-2023-40451	REPORT
	https://bugzilla.redhat.com/2224608	REPORT
	https://bugzilla.redhat.com/2231015	REPORT
	https://bugzilla.redhat.com/2231017	REPORT
	https://bugzilla.redhat.com/2231018	REPORT
	https://bugzilla.redhat.com/2231019	REPORT
	https://bugzilla.redhat.com/2231020	REPORT
	https://bugzilla.redhat.com/2231021	REPORT
	https://bugzilla.redhat.com/2231022	REPORT
	https://bugzilla.redhat.com/2231028	REPORT
	https://bugzilla.redhat.com/2231043	REPORT
	https://bugzilla.redhat.com/2236842	REPORT
	https://bugzilla.redhat.com/2236843	REPORT
	https://bugzilla.redhat.com/2236844	REPORT
	https://bugzilla.redhat.com/2238943	REPORT
	https://bugzilla.redhat.com/2238944	REPORT
	https://bugzilla.redhat.com/2238945	REPORT
	https://bugzilla.redhat.com/2241405	REPORT
	https://bugzilla.redhat.com/2241409	REPORT
	https://errata.almalinux.org/8/ALSA-2023-7055.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.40.5-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.40.5-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.40.5-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.40.5-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: arbitrary code execution (CVE-2023-32393)\n* webkitgtk: bypass Same Origin Policy (CVE-2023-38572)\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-38592)\n* webkitgtk: arbitrary code execution (CVE-2023-38594)\n* webkitgtk: arbitrary code execution (CVE-2023-38595)\n* webkitgtk: arbitrary code execution (CVE-2023-38597)\n* webkitgtk: arbitrary code execution (CVE-2023-38600)\n* webkitgtk: arbitrary code execution (CVE-2023-38611)\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n* webkitgtk: Same Origin Policy bypass via crafted web content (CVE-2023-27932)\n* webkitgtk: Website may be able to track sensitive user information (CVE-2023-27954)\n* webkitgtk: use after free vulnerability (CVE-2023-28198)\n* webkitgtk: content security policy blacklist failure (CVE-2023-32370)\n* webkitgtk: disclose sensitive information (CVE-2023-38133)\n* webkitgtk: track sensitive user information (CVE-2023-38599)\n* webkitgtk: processing web content may lead to arbitrary code execution (CVE-2023-39434)\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n* webkitgtk: attacker with JavaScript execution may be able to execute arbitrary code (CVE-2023-40451)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2023:7055",
  "modified": "2023-11-23T10:21:34Z",
  "published": "2023-11-14T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:7055"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-32885"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-27932"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-27954"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-28198"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-32370"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-32393"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-38133"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-38572"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-38592"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-38594"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-38595"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-38597"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-38599"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-38600"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-38611"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-39434"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-40397"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-40451"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2224608"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2231015"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2231017"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2231018"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2231019"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2231020"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2231021"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2231022"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2231028"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2231043"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2236842"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2236843"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2236844"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2238943"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2238944"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2238945"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2241405"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2241409"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2023-7055.html"
    }
  ],
  "related": [
    "CVE-2023-32393",
    "CVE-2023-38572",
    "CVE-2023-38592",
    "CVE-2023-38594",
    "CVE-2023-38595",
    "CVE-2023-38597",
    "CVE-2023-38600",
    "CVE-2023-38611",
    "CVE-2022-32885",
    "CVE-2023-27932",
    "CVE-2023-27954",
    "CVE-2023-28198",
    "CVE-2023-32370",
    "CVE-2023-38133",
    "CVE-2023-38599",
    "CVE-2023-39434",
    "CVE-2023-40397",
    "CVE-2023-40451"
  ],
  "summary": "Important: webkit2gtk3 security and bug fix update"
}

CVE-2023-38595 (GCVE-0-2023-38595)

Vulnerability from cvelistv5 – Published: 2023-07-27 00:31 – Updated: 2025-02-13 17:02

Summary

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.

Severity

No CVSS data available.

CWE

Processing web content may lead to arbitrary code execution

Assigner

apple

References

10 references

URL	Tags
https://support.apple.com/en-us/HT213847
https://support.apple.com/en-us/HT213846
https://support.apple.com/en-us/HT213841
https://support.apple.com/en-us/HT213843
https://support.apple.com/en-us/HT213848
http://www.openwall.com/lists/oss-security/2023/08/02/1
https://lists.fedoraproject.org/archives/list/pac…
https://www.debian.org/security/2023/dsa-5468
https://lists.fedoraproject.org/archives/list/pac…
https://security.gentoo.org/glsa/202401-04

Impacted products

5 products

Vendor	Product	Version
Apple	Safari	Affected: unspecified , < 16.6 (custom)
Apple	tvOS	Affected: unspecified , < 16.6 (custom)
Apple	iOS and iPadOS	Affected: unspecified , < 16.6 (custom)
Apple	macOS	Affected: unspecified , < 13.5 (custom)
Apple	watchOS	Affected: unspecified , < 9.6 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:46:56.461Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213847"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213846"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213841"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213843"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213848"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/02/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5468"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "9.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing web content may lead to arbitrary code execution",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-05T14:06:34.462Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT213847"
        },
        {
          "url": "https://support.apple.com/en-us/HT213846"
        },
        {
          "url": "https://support.apple.com/en-us/HT213841"
        },
        {
          "url": "https://support.apple.com/en-us/HT213843"
        },
        {
          "url": "https://support.apple.com/en-us/HT213848"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/02/1"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5468"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202401-04"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2023-38595",
    "datePublished": "2023-07-27T00:31:30.328Z",
    "dateReserved": "2023-07-20T15:04:44.407Z",
    "dateUpdated": "2025-02-13T17:02:00.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38597 (GCVE-0-2023-38597)

Vulnerability from cvelistv5 – Published: 2023-07-26 23:55 – Updated: 2025-02-13 17:02

Summary

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

Severity

No CVSS data available.

CWE

Processing web content may lead to arbitrary code execution

Assigner

apple

References

9 references

URL	Tags
https://support.apple.com/en-us/HT213847
https://support.apple.com/en-us/HT213841
https://support.apple.com/en-us/HT213843
https://support.apple.com/en-us/HT213842
http://www.openwall.com/lists/oss-security/2023/08/02/1
https://lists.fedoraproject.org/archives/list/pac…
https://www.debian.org/security/2023/dsa-5468
https://lists.fedoraproject.org/archives/list/pac…
https://security.gentoo.org/glsa/202401-04

Impacted products

4 products

Vendor	Product	Version
Apple	Safari	Affected: unspecified , < 16.6 (custom)
Apple	iOS and iPadOS	Affected: unspecified , < 16.6 (custom)
Apple	macOS	Affected: unspecified , < 13.5 (custom)
Apple	iOS and iPadOS	Affected: unspecified , < 15.7 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:46:56.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213847"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213841"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213843"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213842"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/02/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5468"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing web content may lead to arbitrary code execution",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-05T14:06:26.607Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT213847"
        },
        {
          "url": "https://support.apple.com/en-us/HT213841"
        },
        {
          "url": "https://support.apple.com/en-us/HT213843"
        },
        {
          "url": "https://support.apple.com/en-us/HT213842"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/02/1"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5468"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202401-04"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2023-38597",
    "datePublished": "2023-07-26T23:55:02.370Z",
    "dateReserved": "2023-07-20T15:04:44.407Z",
    "dateUpdated": "2025-02-13T17:02:01.766Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38599 (GCVE-0-2023-38599)

Vulnerability from cvelistv5 – Published: 2023-07-28 04:30 – Updated: 2025-02-13 17:02

Summary

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.

Severity

No CVSS data available.

CWE

A website may be able to track sensitive user information

Assigner

apple

References

11 references

URL	Tags
https://support.apple.com/en-us/HT213847
https://support.apple.com/en-us/HT213846
https://support.apple.com/en-us/HT213841
https://support.apple.com/en-us/HT213843
https://support.apple.com/en-us/HT213842
https://support.apple.com/en-us/HT213848
http://www.openwall.com/lists/oss-security/2023/08/02/1
https://lists.fedoraproject.org/archives/list/pac…
https://www.debian.org/security/2023/dsa-5468
https://lists.fedoraproject.org/archives/list/pac…
https://security.gentoo.org/glsa/202401-04

Impacted products

6 products

Vendor	Product	Version
Apple	Safari	Affected: unspecified , < 16.6 (custom)
Apple	tvOS	Affected: unspecified , < 16.6 (custom)
Apple	iOS and iPadOS	Affected: unspecified , < 16.6 (custom)
Apple	macOS	Affected: unspecified , < 13.5 (custom)
Apple	iOS and iPadOS	Affected: unspecified , < 15.7 (custom)
Apple	watchOS	Affected: unspecified , < 9.6 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:46:56.523Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213847"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213846"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213841"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213843"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213842"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213848"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/02/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5468"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "9.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A website may be able to track sensitive user information",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-05T14:06:36.394Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT213847"
        },
        {
          "url": "https://support.apple.com/en-us/HT213846"
        },
        {
          "url": "https://support.apple.com/en-us/HT213841"
        },
        {
          "url": "https://support.apple.com/en-us/HT213843"
        },
        {
          "url": "https://support.apple.com/en-us/HT213842"
        },
        {
          "url": "https://support.apple.com/en-us/HT213848"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/02/1"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5468"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202401-04"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2023-38599",
    "datePublished": "2023-07-28T04:30:43.299Z",
    "dateReserved": "2023-07-20T15:04:44.407Z",
    "dateUpdated": "2025-02-13T17:02:02.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38600 (GCVE-0-2023-38600)

Vulnerability from cvelistv5 – Published: 2023-07-27 00:22 – Updated: 2025-05-05 15:56

Summary

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Processing web content may lead to arbitrary code execution

Assigner

apple

References

10 references

URL	Tags
https://support.apple.com/en-us/HT213847
https://support.apple.com/en-us/HT213846
https://support.apple.com/en-us/HT213841
https://support.apple.com/en-us/HT213843
https://support.apple.com/en-us/HT213848
http://www.openwall.com/lists/oss-security/2023/08/02/1
https://lists.fedoraproject.org/archives/list/pac…
https://www.debian.org/security/2023/dsa-5468
https://lists.fedoraproject.org/archives/list/pac…
https://security.gentoo.org/glsa/202401-04

Impacted products

5 products

Vendor	Product	Version
Apple	Safari	Affected: unspecified , < 16.6 (custom)
Apple	tvOS	Affected: unspecified , < 16.6 (custom)
Apple	iOS and iPadOS	Affected: unspecified , < 16.6 (custom)
Apple	macOS	Affected: unspecified , < 13.5 (custom)
Apple	watchOS	Affected: unspecified , < 9.6 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:46:56.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213847"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213846"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213841"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213843"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213848"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/02/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5468"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-04"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-38600",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:27:35.928163Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T15:56:19.895Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "9.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing web content may lead to arbitrary code execution",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-05T14:06:32.456Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT213847"
        },
        {
          "url": "https://support.apple.com/en-us/HT213846"
        },
        {
          "url": "https://support.apple.com/en-us/HT213841"
        },
        {
          "url": "https://support.apple.com/en-us/HT213843"
        },
        {
          "url": "https://support.apple.com/en-us/HT213848"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/02/1"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5468"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202401-04"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2023-38600",
    "datePublished": "2023-07-27T00:22:21.257Z",
    "dateReserved": "2023-07-20T15:04:44.408Z",
    "dateUpdated": "2025-05-05T15:56:19.895Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38611 (GCVE-0-2023-38611)

Vulnerability from cvelistv5 – Published: 2023-07-27 00:22 – Updated: 2025-02-13 17:02

Summary

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.

Severity

No CVSS data available.

CWE

Processing web content may lead to arbitrary code execution

Assigner

apple

References

10 references

URL	Tags
https://support.apple.com/en-us/HT213847
https://support.apple.com/en-us/HT213846
https://support.apple.com/en-us/HT213841
https://support.apple.com/en-us/HT213843
https://support.apple.com/en-us/HT213848
http://www.openwall.com/lists/oss-security/2023/08/02/1
https://lists.fedoraproject.org/archives/list/pac…
https://www.debian.org/security/2023/dsa-5468
https://lists.fedoraproject.org/archives/list/pac…
https://security.gentoo.org/glsa/202401-04

Impacted products

5 products

Vendor	Product	Version
Apple	Safari	Affected: unspecified , < 16.6 (custom)
Apple	tvOS	Affected: unspecified , < 16.6 (custom)
Apple	iOS and iPadOS	Affected: unspecified , < 16.6 (custom)
Apple	macOS	Affected: unspecified , < 13.5 (custom)
Apple	watchOS	Affected: unspecified , < 9.6 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:46:56.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213847"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213846"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213841"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213843"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213848"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/02/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5468"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "9.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing web content may lead to arbitrary code execution",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-05T14:06:50.703Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT213847"
        },
        {
          "url": "https://support.apple.com/en-us/HT213846"
        },
        {
          "url": "https://support.apple.com/en-us/HT213841"
        },
        {
          "url": "https://support.apple.com/en-us/HT213843"
        },
        {
          "url": "https://support.apple.com/en-us/HT213848"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/02/1"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5468"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202401-04"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2023-38611",
    "datePublished": "2023-07-27T00:22:12.030Z",
    "dateReserved": "2023-07-20T15:04:44.409Z",
    "dateUpdated": "2025-02-13T17:02:06.908Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-39434 (GCVE-0-2023-39434)

Vulnerability from cvelistv5 – Published: 2023-09-26 20:14 – Updated: 2025-05-02 17:46

Summary

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Processing web content may lead to arbitrary code execution

Assigner

apple

References

8 references

URL	Tags
https://support.apple.com/en-us/HT213938
https://support.apple.com/en-us/HT213940
https://support.apple.com/en-us/HT213937
http://www.openwall.com/lists/oss-security/2023/09/28/3
http://seclists.org/fulldisclosure/2023/Oct/8
http://seclists.org/fulldisclosure/2023/Oct/9
http://seclists.org/fulldisclosure/2023/Oct/3
https://security.gentoo.org/glsa/202401-33

Impacted products

3 products

Vendor	Product	Version
Apple	iOS and iPadOS	Affected: unspecified , < 17 (custom)
Apple	macOS	Affected: unspecified , < 14 (custom)
Apple	watchOS	Affected: unspecified , < 10 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-29T13:17:26.280Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213938"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213940"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213937"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/28/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Oct/8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Oct/9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Oct/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-33"
          },
          {
            "url": "https://webkitgtk.org/security/WSA-2023-0009.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-39434",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:26:40.911919Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-02T17:46:48.633Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing web content may lead to arbitrary code execution",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T15:06:22.265Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT213938"
        },
        {
          "url": "https://support.apple.com/en-us/HT213940"
        },
        {
          "url": "https://support.apple.com/en-us/HT213937"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/28/3"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Oct/8"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Oct/9"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Oct/3"
        },
        {
          "url": "https://security.gentoo.org/glsa/202401-33"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2023-39434",
    "datePublished": "2023-09-26T20:14:45.109Z",
    "dateReserved": "2023-09-14T19:03:36.093Z",
    "dateUpdated": "2025-05-02T17:46:48.633Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-40397 (GCVE-0-2023-40397)

Vulnerability from cvelistv5 – Published: 2023-09-06 20:48 – Updated: 2025-02-13 17:07

Summary

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.

Severity

No CVSS data available.

CWE

A remote attacker may be able to cause arbitrary javascript code execution

Assigner

apple

References

3 references

URL	Tags
https://support.apple.com/en-us/HT213843
http://www.openwall.com/lists/oss-security/2023/09/11/1
https://security.gentoo.org/glsa/202401-04

Impacted products

1 product

Vendor	Product	Version
Apple	macOS	Affected: unspecified , < 13.5 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:31:53.770Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213843"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A remote attacker may be able to cause arbitrary javascript code execution",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-05T14:06:45.711Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT213843"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
        },
        {
          "url": "https://security.gentoo.org/glsa/202401-04"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2023-40397",
    "datePublished": "2023-09-06T20:48:06.383Z",
    "dateReserved": "2023-08-14T20:26:36.254Z",
    "dateUpdated": "2025-02-13T17:07:51.524Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-40451 (GCVE-0-2023-40451)

Vulnerability from cvelistv5 – Published: 2023-09-26 20:14 – Updated: 2025-02-13 17:08

Summary

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.

Severity

No CVSS data available.

CWE

An attacker with JavaScript execution may be able to execute arbitrary code

Assigner

apple

References

4 references

URL	Tags
https://support.apple.com/en-us/HT213941
http://www.openwall.com/lists/oss-security/2023/09/28/3
http://seclists.org/fulldisclosure/2023/Oct/2
https://security.gentoo.org/glsa/202401-33

Impacted products

1 product

Vendor	Product	Version
Apple	Safari	Affected: unspecified , < 17 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-29T13:17:26.800Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213941"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/28/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Oct/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-33"
          },
          {
            "url": "https://webkitgtk.org/security/WSA-2023-0009.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-40451",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-01T19:54:23.789025Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-20T18:34:05.685Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An attacker with JavaScript execution may be able to execute arbitrary code",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T15:06:38.133Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT213941"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/28/3"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Oct/2"
        },
        {
          "url": "https://security.gentoo.org/glsa/202401-33"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2023-40451",
    "datePublished": "2023-09-26T20:14:38.617Z",
    "dateReserved": "2023-08-14T20:26:36.268Z",
    "dateUpdated": "2025-02-13T17:08:21.083Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2023:7055

Vulnerability from osv_almalinux

CVE-2023-38595 (GCVE-0-2023-38595)

CVE-2023-38597 (GCVE-0-2023-38597)

CVE-2023-38599 (GCVE-0-2023-38599)

CVE-2023-38600 (GCVE-0-2023-38600)

CVE-2023-38611 (GCVE-0-2023-38611)

CVE-2023-39434 (GCVE-0-2023-39434)

CVE-2023-40397 (GCVE-0-2023-40397)

CVE-2023-40451 (GCVE-0-2023-40451)

Tags

Sightings

Nomenclature