Security Vulnerabilities - CVEs Published In August 2023
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-08-14
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted AppleScript binary may result in unexpected app termination or disclosure of process memory.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-14
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-08-14
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. An app may be able to disclose kernel memory.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-08-14
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-08-14
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted font may lead to arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-08-14
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to modify protected parts of the file system.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-08-14
An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4. An app may be able to leak sensitive user information.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-08-14
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-08-14
LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-08-14