CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-27966 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to break out of its sandbox | May 15, 2023. 15:44:00 | [support.apple.com] |
| CVE-2023-28182 | The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device | May 15, 2023. 15:43:00 | [support.apple.com][support.apple.com] |
| CVE-2022-43598 | Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT16`. | May 15, 2023. 15:43:00 | [talosintelligence.com][www.debian.org] |
| CVE-2022-43597 | Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT8`. | May 15, 2023. 15:42:00 | [talosintelligence.com][www.debian.org] |
| CVE-2023-27969 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges | May 15, 2023. 15:39:00 | [support.apple.com][support.apple.com] |
| CVE-2023-27960 | This issue was addressed by removing the vulnerable code. This issue is fixed in GarageBand for macOS 10.4.8. An app may be able to gain elevated privileges during the installation of GarageBand | May 15, 2023. 13:50:00 | [support.apple.com] |
| CVE-2023-27970 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges | May 15, 2023. 13:39:00 | [support.apple.com] |
| CVE-2022-48385 | In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 15, 2023. 13:32:00 | [www.unisoc.com] |
| CVE-2022-48386 | the apipe driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed. | May 15, 2023. 13:32:00 | [www.unisoc.com] |
| CVE-2022-48387 | the apipe driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 15, 2023. 13:32:00 | [www.unisoc.com] |
| CVE-2022-48388 | In powerEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | May 15, 2023. 13:32:00 | [www.unisoc.com] |
| CVE-2023-28178 | A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app may be able to bypass Privacy preferences | May 15, 2023. 13:32:00 | [support.apple.com][support.apple.com] |
| CVE-2022-47491 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 15, 2023. 13:31:00 | [www.unisoc.com] |
| CVE-2022-47489 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 15, 2023. 13:31:00 | [www.unisoc.com] |
| CVE-2022-48389 | In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 15, 2023. 13:31:00 | [www.unisoc.com] |
| CVE-2022-47494 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 15, 2023. 13:30:00 | [www.unisoc.com] |
| CVE-2022-47495 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 15, 2023. 13:30:00 | [www.unisoc.com] |
| CVE-2022-47496 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 15, 2023. 13:30:00 | [www.unisoc.com] |
| CVE-2022-47497 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 15, 2023. 13:29:00 | [www.unisoc.com] |
| CVE-2022-47498 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 15, 2023. 13:29:00 | [www.unisoc.com] |
Page 97 of 129
