diff --git a/2022/22xxx/CVE-2022-22630.json b/2022/22xxx/CVE-2022-22630.json index 1cb9cc42821..84aa0d81511 100644 --- a/2022/22xxx/CVE-2022-22630.json +++ b/2022/22xxx/CVE-2022-22630.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-22630", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.3" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2022" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote user may cause an unexpected app termination or arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213183", + "name": "https://support.apple.com/en-us/HT213183" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213255", + "name": "https://support.apple.com/en-us/HT213255" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213256", + "name": "https://support.apple.com/en-us/HT213256" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution" } ] } diff --git a/2022/42xxx/CVE-2022-42792.json b/2022/42xxx/CVE-2022-42792.json index 38ee78920d3..47d3dce45e7 100644 --- a/2022/42xxx/CVE-2022-42792.json +++ b/2022/42xxx/CVE-2022-42792.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42792", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to read sensitive location information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213489", + "name": "https://support.apple.com/en-us/HT213489" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information" } ] } diff --git a/2022/42xxx/CVE-2022-42807.json b/2022/42xxx/CVE-2022-42807.json index 26394f1cf24..2f3bd27d3a0 100644 --- a/2022/42xxx/CVE-2022-42807.json +++ b/2022/42xxx/CVE-2022-42807.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42807", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A user may accidentally add a participant to a Shared Album by pressing the Delete key" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213488", + "name": "https://support.apple.com/en-us/HT213488" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key" } ] } diff --git a/2022/42xxx/CVE-2022-42834.json b/2022/42xxx/CVE-2022-42834.json index db4b1b78ebd..a63cbe366ab 100644 --- a/2022/42xxx/CVE-2022-42834.json +++ b/2022/42xxx/CVE-2022-42834.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42834", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to access mail folder attachments through a temporary directory used during compression" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213488", + "name": "https://support.apple.com/en-us/HT213488" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213603", + "name": "https://support.apple.com/en-us/HT213603" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213604", + "name": "https://support.apple.com/en-us/HT213604" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression" } ] } diff --git a/2022/42xxx/CVE-2022-42860.json b/2022/42xxx/CVE-2022-42860.json index cc3ffd0b3ce..fd95f111f64 100644 --- a/2022/42xxx/CVE-2022-42860.json +++ b/2022/42xxx/CVE-2022-42860.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42860", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to modify protected parts of the file system" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213488", + "name": "https://support.apple.com/en-us/HT213488" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213493", + "name": "https://support.apple.com/en-us/HT213493" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213494", + "name": "https://support.apple.com/en-us/HT213494" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file system" } ] } diff --git a/2022/46xxx/CVE-2022-46715.json b/2022/46xxx/CVE-2022-46715.json index e376a1400dd..103c40ab8af 100644 --- a/2022/46xxx/CVE-2022-46715.json +++ b/2022/46xxx/CVE-2022-46715.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46715", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to bypass certain Privacy preferences" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213489", + "name": "https://support.apple.com/en-us/HT213489" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to bypass certain Privacy preferences" } ] } diff --git a/2022/46xxx/CVE-2022-46718.json b/2022/46xxx/CVE-2022-46718.json index 470867809fe..153c0029ca2 100644 --- a/2022/46xxx/CVE-2022-46718.json +++ b/2022/46xxx/CVE-2022-46718.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46718", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.1" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to read sensitive location information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213532", + "name": "https://support.apple.com/en-us/HT213532" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213531", + "name": "https://support.apple.com/en-us/HT213531" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213534", + "name": "https://support.apple.com/en-us/HT213534" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213533", + "name": "https://support.apple.com/en-us/HT213533" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information" } ] } diff --git a/2023/23xxx/CVE-2023-23516.json b/2023/23xxx/CVE-2023-23516.json index 586bec0070c..6f3fd1b8b49 100644 --- a/2023/23xxx/CVE-2023-23516.json +++ b/2023/23xxx/CVE-2023-23516.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23516", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.2" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213603", + "name": "https://support.apple.com/en-us/HT213603" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213605", + "name": "https://support.apple.com/en-us/HT213605" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213604", + "name": "https://support.apple.com/en-us/HT213604" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Big Sur 11.7.3, macOS Ventura 13.2. An app may be able to execute arbitrary code with kernel privileges" } ] } diff --git a/2023/23xxx/CVE-2023-23539.json b/2023/23xxx/CVE-2023-23539.json index d2ae84f68b9..70c72dbcf5e 100644 --- a/2023/23xxx/CVE-2023-23539.json +++ b/2023/23xxx/CVE-2023-23539.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23539", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Mounting a maliciously crafted Samba network share may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213605", + "name": "https://support.apple.com/en-us/HT213605" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution" } ] } diff --git a/2023/25xxx/CVE-2023-25515.json b/2023/25xxx/CVE-2023-25515.json index e82282fce84..069a4015419 100644 --- a/2023/25xxx/CVE-2023-25515.json +++ b/2023/25xxx/CVE-2023-25515.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25515", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@nvidia.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nNVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity. \n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-923", + "cweId": "CWE-923" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NVIDIA", + "product": { + "product_data": [ + { + "product_name": "Jetson AGX Xavier series, Jetson Xavier NX", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions prior to 32.7.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5466", + "refsource": "MISC", + "name": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5466" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "PHYSICAL", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/25xxx/CVE-2023-25518.json b/2023/25xxx/CVE-2023-25518.json index 4dabac7ab54..16634e6626f 100644 --- a/2023/25xxx/CVE-2023-25518.json +++ b/2023/25xxx/CVE-2023-25518.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25518", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@nvidia.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nNVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity. \n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-923", + "cweId": "CWE-923" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NVIDIA", + "product": { + "product_data": [ + { + "product_name": "Jetson AGX Xavier series, Jetson Xavier NX", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions prior to 32.7.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5466", + "refsource": "MISC", + "name": "https://https://nvidia.custhelp.com/app/answers/detail/a_id/5466" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "PHYSICAL", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/25xxx/CVE-2023-25520.json b/2023/25xxx/CVE-2023-25520.json index 4e332714d0b..158198c24da 100644 --- a/2023/25xxx/CVE-2023-25520.json +++ b/2023/25xxx/CVE-2023-25520.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25520", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@nvidia.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nNVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of service.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NVIDIA", + "product": { + "product_data": [ + { + "product_name": "Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions prior to 32.7.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5466", + "refsource": "MISC", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5466" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/27xxx/CVE-2023-27930.json b/2023/27xxx/CVE-2023-27930.json index 44c94fa89d7..e6b707b8c36 100644 --- a/2023/27xxx/CVE-2023-27930.json +++ b/2023/27xxx/CVE-2023-27930.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-27930", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to execute arbitrary code with kernel privileges" } ] } diff --git a/2023/27xxx/CVE-2023-27940.json b/2023/27xxx/CVE-2023-27940.json index 4a6d134d65e..62da8d563c4 100644 --- a/2023/27xxx/CVE-2023-27940.json +++ b/2023/27xxx/CVE-2023-27940.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-27940", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A sandboxed app may be able to observe system-wide network connections" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213765", + "name": "https://support.apple.com/en-us/HT213765" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections" } ] } diff --git a/2023/27xxx/CVE-2023-27964.json b/2023/27xxx/CVE-2023-27964.json index 6af4c83285e..33beb651b59 100644 --- a/2023/27xxx/CVE-2023-27964.json +++ b/2023/27xxx/CVE-2023-27964.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-27964", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "AirPods Firmware Update E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213752", + "name": "https://support.apple.com/en-us/HT213752" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones." } ] } diff --git a/2023/28xxx/CVE-2023-28191.json b/2023/28xxx/CVE-2023-28191.json index 4d6cc79d42d..a7d0c8ad959 100644 --- a/2023/28xxx/CVE-2023-28191.json +++ b/2023/28xxx/CVE-2023-28191.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28191", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to bypass Privacy preferences" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences" } ] } diff --git a/2023/28xxx/CVE-2023-28202.json b/2023/28xxx/CVE-2023-28202.json index 3ef5b6d5ca9..da799203dab 100644 --- a/2023/28xxx/CVE-2023-28202.json +++ b/2023/28xxx/CVE-2023-28202.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28202", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app firewall setting may not take effect after exiting the Settings app" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app firewall setting may not take effect after exiting the Settings app" } ] } diff --git a/2023/28xxx/CVE-2023-28204.json b/2023/28xxx/CVE-2023-28204.json index 1fe2e4acab2..19e83a7bd1b 100644 --- a/2023/28xxx/CVE-2023-28204.json +++ b/2023/28xxx/CVE-2023-28204.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28204", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213765", + "name": "https://support.apple.com/en-us/HT213765" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213762", + "name": "https://support.apple.com/en-us/HT213762" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited." } ] } diff --git a/2023/32xxx/CVE-2023-32351.json b/2023/32xxx/CVE-2023-32351.json index 8da9e174536..89e371819f0 100644 --- a/2023/32xxx/CVE-2023-32351.json +++ b/2023/32xxx/CVE-2023-32351.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32351", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to gain elevated privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213763", + "name": "https://support.apple.com/en-us/HT213763" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges" } ] } diff --git a/2023/32xxx/CVE-2023-32352.json b/2023/32xxx/CVE-2023-32352.json index 3c54c1b32c4..4ad0a6f5380 100644 --- a/2023/32xxx/CVE-2023-32352.json +++ b/2023/32xxx/CVE-2023-32352.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32352", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may bypass Gatekeeper checks" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may bypass Gatekeeper checks" } ] } diff --git a/2023/32xxx/CVE-2023-32353.json b/2023/32xxx/CVE-2023-32353.json index 1d6c3728c23..7e151af5626 100644 --- a/2023/32xxx/CVE-2023-32353.json +++ b/2023/32xxx/CVE-2023-32353.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32353", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iTunes for Windows", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to elevate privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213763", + "name": "https://support.apple.com/en-us/HT213763" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges" } ] } diff --git a/2023/32xxx/CVE-2023-32354.json b/2023/32xxx/CVE-2023-32354.json index 0deeadaaa1b..dd6ea8768ec 100644 --- a/2023/32xxx/CVE-2023-32354.json +++ b/2023/32xxx/CVE-2023-32354.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32354", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to disclose kernel memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5. An app may be able to disclose kernel memory" } ] } diff --git a/2023/32xxx/CVE-2023-32355.json b/2023/32xxx/CVE-2023-32355.json index e161762f5e8..3bab6bfb44d 100644 --- a/2023/32xxx/CVE-2023-32355.json +++ b/2023/32xxx/CVE-2023-32355.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32355", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to modify protected parts of the file system" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system" } ] } diff --git a/2023/32xxx/CVE-2023-32357.json b/2023/32xxx/CVE-2023-32357.json index 377dbe53cb7..23eea25f937 100644 --- a/2023/32xxx/CVE-2023-32357.json +++ b/2023/32xxx/CVE-2023-32357.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32357", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to retain access to system configuration files even after its permission is revoked" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to retain access to system configuration files even after its permission is revoked" } ] } diff --git a/2023/32xxx/CVE-2023-32360.json b/2023/32xxx/CVE-2023-32360.json index e7513c3ee08..ed25db65a82 100644 --- a/2023/32xxx/CVE-2023-32360.json +++ b/2023/32xxx/CVE-2023-32360.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32360", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An unauthenticated user may be able to access recently printed documents" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An unauthenticated user may be able to access recently printed documents" } ] } diff --git a/2023/32xxx/CVE-2023-32363.json b/2023/32xxx/CVE-2023-32363.json index f281e484207..d15c1670437 100644 --- a/2023/32xxx/CVE-2023-32363.json +++ b/2023/32xxx/CVE-2023-32363.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32363", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to bypass Privacy preferences" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences" } ] } diff --git a/2023/32xxx/CVE-2023-32365.json b/2023/32xxx/CVE-2023-32365.json index 2938814d577..f2c5b8ba5d0 100644 --- a/2023/32xxx/CVE-2023-32365.json +++ b/2023/32xxx/CVE-2023-32365.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32365", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Shake-to-undo may allow a deleted photo to be re-surfaced without authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213765", + "name": "https://support.apple.com/en-us/HT213765" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, iOS 15.7.6 and iPadOS 15.7.6. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication" } ] } diff --git a/2023/32xxx/CVE-2023-32367.json b/2023/32xxx/CVE-2023-32367.json index ea06e23d147..de3bf3ff2c5 100644 --- a/2023/32xxx/CVE-2023-32367.json +++ b/2023/32xxx/CVE-2023-32367.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32367", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to access user-sensitive data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data" } ] } diff --git a/2023/32xxx/CVE-2023-32368.json b/2023/32xxx/CVE-2023-32368.json index 750042bbf93..d60e784b7e2 100644 --- a/2023/32xxx/CVE-2023-32368.json +++ b/2023/32xxx/CVE-2023-32368.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32368", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a 3D model may result in disclosure of process memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory" } ] } diff --git a/2023/32xxx/CVE-2023-32369.json b/2023/32xxx/CVE-2023-32369.json index 67301dc57c8..ab377b07132 100644 --- a/2023/32xxx/CVE-2023-32369.json +++ b/2023/32xxx/CVE-2023-32369.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32369", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to modify protected parts of the file system" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system" } ] } diff --git a/2023/32xxx/CVE-2023-32371.json b/2023/32xxx/CVE-2023-32371.json index 045a3f956db..ebfcb5b789c 100644 --- a/2023/32xxx/CVE-2023-32371.json +++ b/2023/32xxx/CVE-2023-32371.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32371", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to break out of its sandbox" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox" } ] } diff --git a/2023/32xxx/CVE-2023-32372.json b/2023/32xxx/CVE-2023-32372.json index 575637f648f..8e5ab21281b 100644 --- a/2023/32xxx/CVE-2023-32372.json +++ b/2023/32xxx/CVE-2023-32372.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32372", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing an image may result in disclosure of process memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. Processing an image may result in disclosure of process memory" } ] } diff --git a/2023/32xxx/CVE-2023-32373.json b/2023/32xxx/CVE-2023-32373.json index 9edccde3da0..ca56276765f 100644 --- a/2023/32xxx/CVE-2023-32373.json +++ b/2023/32xxx/CVE-2023-32373.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32373", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213765", + "name": "https://support.apple.com/en-us/HT213765" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213762", + "name": "https://support.apple.com/en-us/HT213762" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." } ] } diff --git a/2023/32xxx/CVE-2023-32375.json b/2023/32xxx/CVE-2023-32375.json index 56165a7efc2..2de0c34b8a9 100644 --- a/2023/32xxx/CVE-2023-32375.json +++ b/2023/32xxx/CVE-2023-32375.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32375", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a 3D model may result in disclosure of process memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory" } ] } diff --git a/2023/32xxx/CVE-2023-32376.json b/2023/32xxx/CVE-2023-32376.json index d96b11e31b0..922830c3bfa 100644 --- a/2023/32xxx/CVE-2023-32376.json +++ b/2023/32xxx/CVE-2023-32376.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32376", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to modify protected parts of the file system" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to modify protected parts of the file system" } ] } diff --git a/2023/32xxx/CVE-2023-32380.json b/2023/32xxx/CVE-2023-32380.json index 48c0ec0697e..16008314b8a 100644 --- a/2023/32xxx/CVE-2023-32380.json +++ b/2023/32xxx/CVE-2023-32380.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32380", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a 3D model may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing a 3D model may lead to arbitrary code execution" } ] } diff --git a/2023/32xxx/CVE-2023-32382.json b/2023/32xxx/CVE-2023-32382.json index 495a890979d..8aa54ec8c9c 100644 --- a/2023/32xxx/CVE-2023-32382.json +++ b/2023/32xxx/CVE-2023-32382.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32382", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing a 3D model may result in disclosure of process memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory" } ] } diff --git a/2023/32xxx/CVE-2023-32384.json b/2023/32xxx/CVE-2023-32384.json index bfe79d45480..19d21d62395 100644 --- a/2023/32xxx/CVE-2023-32384.json +++ b/2023/32xxx/CVE-2023-32384.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32384", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing an image may lead to arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213765", + "name": "https://support.apple.com/en-us/HT213765" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing an image may lead to arbitrary code execution" } ] } diff --git a/2023/32xxx/CVE-2023-32385.json b/2023/32xxx/CVE-2023-32385.json index 905216208a9..0a2d68af534 100644 --- a/2023/32xxx/CVE-2023-32385.json +++ b/2023/32xxx/CVE-2023-32385.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32385", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Opening a PDF file may lead to unexpected app termination" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination" } ] } diff --git a/2023/32xxx/CVE-2023-32386.json b/2023/32xxx/CVE-2023-32386.json index 0581a2f43a3..7e12c458c3e 100644 --- a/2023/32xxx/CVE-2023-32386.json +++ b/2023/32xxx/CVE-2023-32386.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32386", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to observe unprotected user data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to observe unprotected user data" } ] } diff --git a/2023/32xxx/CVE-2023-32387.json b/2023/32xxx/CVE-2023-32387.json index 4f76d5448c2..a120b7372d4 100644 --- a/2023/32xxx/CVE-2023-32387.json +++ b/2023/32xxx/CVE-2023-32387.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32387", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to cause unexpected app termination or arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution" } ] } diff --git a/2023/32xxx/CVE-2023-32388.json b/2023/32xxx/CVE-2023-32388.json index a5dd266e6f2..548cb8bbce4 100644 --- a/2023/32xxx/CVE-2023-32388.json +++ b/2023/32xxx/CVE-2023-32388.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32388", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to bypass Privacy preferences" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213765", + "name": "https://support.apple.com/en-us/HT213765" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences" } ] } diff --git a/2023/32xxx/CVE-2023-32389.json b/2023/32xxx/CVE-2023-32389.json index 55e867cf17a..a7d03d44b44 100644 --- a/2023/32xxx/CVE-2023-32389.json +++ b/2023/32xxx/CVE-2023-32389.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32389", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to disclose kernel memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to disclose kernel memory" } ] } diff --git a/2023/32xxx/CVE-2023-32390.json b/2023/32xxx/CVE-2023-32390.json index cc7524e156b..782cca5ba7b 100644 --- a/2023/32xxx/CVE-2023-32390.json +++ b/2023/32xxx/CVE-2023-32390.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32390", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup" } ] } diff --git a/2023/32xxx/CVE-2023-32391.json b/2023/32xxx/CVE-2023-32391.json index 0798944c0fc..13217ba639f 100644 --- a/2023/32xxx/CVE-2023-32391.json +++ b/2023/32xxx/CVE-2023-32391.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32391", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A shortcut may be able to use sensitive data with certain actions without prompting the user" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213765", + "name": "https://support.apple.com/en-us/HT213765" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6. A shortcut may be able to use sensitive data with certain actions without prompting the user" } ] } diff --git a/2023/32xxx/CVE-2023-32392.json b/2023/32xxx/CVE-2023-32392.json index e040f6779cc..f24748c9ac3 100644 --- a/2023/32xxx/CVE-2023-32392.json +++ b/2023/32xxx/CVE-2023-32392.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32392", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to read sensitive location information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to read sensitive location information" } ] } diff --git a/2023/32xxx/CVE-2023-32394.json b/2023/32xxx/CVE-2023-32394.json index 35e8a696555..393626bab84 100644 --- a/2023/32xxx/CVE-2023-32394.json +++ b/2023/32xxx/CVE-2023-32394.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32394", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A person with physical access to a device may be able to view contact information from the lock screen" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. A person with physical access to a device may be able to view contact information from the lock screen" } ] } diff --git a/2023/32xxx/CVE-2023-32395.json b/2023/32xxx/CVE-2023-32395.json index 05287504cc4..a0826e2b868 100644 --- a/2023/32xxx/CVE-2023-32395.json +++ b/2023/32xxx/CVE-2023-32395.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32395", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to modify protected parts of the file system" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system" } ] } diff --git a/2023/32xxx/CVE-2023-32397.json b/2023/32xxx/CVE-2023-32397.json index ece6841b79f..5dcd4be48dd 100644 --- a/2023/32xxx/CVE-2023-32397.json +++ b/2023/32xxx/CVE-2023-32397.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32397", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to modify protected parts of the file system" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213765", + "name": "https://support.apple.com/en-us/HT213765" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system" } ] } diff --git a/2023/32xxx/CVE-2023-32398.json b/2023/32xxx/CVE-2023-32398.json index 22ab055f84f..53f0d4e3a72 100644 --- a/2023/32xxx/CVE-2023-32398.json +++ b/2023/32xxx/CVE-2023-32398.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213765", + "name": "https://support.apple.com/en-us/HT213765" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to execute arbitrary code with kernel privileges" } ] } diff --git a/2023/32xxx/CVE-2023-32399.json b/2023/32xxx/CVE-2023-32399.json index dfa36b844e3..631c513b12a 100644 --- a/2023/32xxx/CVE-2023-32399.json +++ b/2023/32xxx/CVE-2023-32399.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32399", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to read sensitive location information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to read sensitive location information" } ] } diff --git a/2023/32xxx/CVE-2023-32400.json b/2023/32xxx/CVE-2023-32400.json index 8e5a29ccefd..eefe8632514 100644 --- a/2023/32xxx/CVE-2023-32400.json +++ b/2023/32xxx/CVE-2023-32400.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32400", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Entitlements and privacy permissions granted to this app may be used by a malicious app" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Entitlements and privacy permissions granted to this app may be used by a malicious app" } ] } diff --git a/2023/32xxx/CVE-2023-32402.json b/2023/32xxx/CVE-2023-32402.json index 349958c3f86..f689179b7ab 100644 --- a/2023/32xxx/CVE-2023-32402.json +++ b/2023/32xxx/CVE-2023-32402.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32402", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing web content may disclose sensitive information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213762", + "name": "https://support.apple.com/en-us/HT213762" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information" } ] } diff --git a/2023/32xxx/CVE-2023-32403.json b/2023/32xxx/CVE-2023-32403.json index ff2728d1273..a051829ceca 100644 --- a/2023/32xxx/CVE-2023-32403.json +++ b/2023/32xxx/CVE-2023-32403.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32403", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to read sensitive location information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213765", + "name": "https://support.apple.com/en-us/HT213765" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to read sensitive location information" } ] } diff --git a/2023/32xxx/CVE-2023-32404.json b/2023/32xxx/CVE-2023-32404.json index 4928474a5e2..8a77ad9d78b 100644 --- a/2023/32xxx/CVE-2023-32404.json +++ b/2023/32xxx/CVE-2023-32404.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32404", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to bypass Privacy preferences" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. An app may be able to bypass Privacy preferences" } ] } diff --git a/2023/32xxx/CVE-2023-32405.json b/2023/32xxx/CVE-2023-32405.json index c454c0536f7..fbbbb1b8318 100644 --- a/2023/32xxx/CVE-2023-32405.json +++ b/2023/32xxx/CVE-2023-32405.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32405", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to gain root privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to gain root privileges" } ] } diff --git a/2023/32xxx/CVE-2023-32407.json b/2023/32xxx/CVE-2023-32407.json index 137e4b6f45d..1010e5aaec4 100644 --- a/2023/32xxx/CVE-2023-32407.json +++ b/2023/32xxx/CVE-2023-32407.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32407", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to bypass Privacy preferences" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213765", + "name": "https://support.apple.com/en-us/HT213765" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences" } ] } diff --git a/2023/32xxx/CVE-2023-32408.json b/2023/32xxx/CVE-2023-32408.json index 1fcca56fe35..de4286addec 100644 --- a/2023/32xxx/CVE-2023-32408.json +++ b/2023/32xxx/CVE-2023-32408.json @@ -4,14 +4,139 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32408", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to read sensitive location information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213765", + "name": "https://support.apple.com/en-us/HT213765" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Monterey 12.6.6. An app may be able to read sensitive location information" } ] } diff --git a/2023/32xxx/CVE-2023-32409.json b/2023/32xxx/CVE-2023-32409.json index 5066f9b92fa..74528416e7b 100644 --- a/2023/32xxx/CVE-2023-32409.json +++ b/2023/32xxx/CVE-2023-32409.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32409", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213762", + "name": "https://support.apple.com/en-us/HT213762" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited." } ] } diff --git a/2023/32xxx/CVE-2023-32410.json b/2023/32xxx/CVE-2023-32410.json index 674e8ac0e0e..6a351c3f9fc 100644 --- a/2023/32xxx/CVE-2023-32410.json +++ b/2023/32xxx/CVE-2023-32410.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32410", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to leak sensitive kernel state" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213765", + "name": "https://support.apple.com/en-us/HT213765" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. An app may be able to leak sensitive kernel state" } ] } diff --git a/2023/32xxx/CVE-2023-32411.json b/2023/32xxx/CVE-2023-32411.json index 7a3b2ccbd7c..f7fb2eb97ea 100644 --- a/2023/32xxx/CVE-2023-32411.json +++ b/2023/32xxx/CVE-2023-32411.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32411", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to bypass Privacy preferences" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved entitlements. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences" } ] } diff --git a/2023/32xxx/CVE-2023-32412.json b/2023/32xxx/CVE-2023-32412.json index 409c2968f71..a5ca46dcdd3 100644 --- a/2023/32xxx/CVE-2023-32412.json +++ b/2023/32xxx/CVE-2023-32412.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32412", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to cause unexpected app termination or arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213765", + "name": "https://support.apple.com/en-us/HT213765" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution" } ] } diff --git a/2023/32xxx/CVE-2023-32413.json b/2023/32xxx/CVE-2023-32413.json index 1436ae672c3..efa4891130d 100644 --- a/2023/32xxx/CVE-2023-32413.json +++ b/2023/32xxx/CVE-2023-32413.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32413", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to gain root privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213765", + "name": "https://support.apple.com/en-us/HT213765" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213759", + "name": "https://support.apple.com/en-us/HT213759" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213760", + "name": "https://support.apple.com/en-us/HT213760" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to gain root privileges" } ] } diff --git a/2023/32xxx/CVE-2023-32414.json b/2023/32xxx/CVE-2023-32414.json index 9db270cc935..0612b7c6772 100644 --- a/2023/32xxx/CVE-2023-32414.json +++ b/2023/32xxx/CVE-2023-32414.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32414", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to break out of its sandbox" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox" } ] } diff --git a/2023/32xxx/CVE-2023-32415.json b/2023/32xxx/CVE-2023-32415.json index 16cb2628d4a..192e55c030c 100644 --- a/2023/32xxx/CVE-2023-32415.json +++ b/2023/32xxx/CVE-2023-32415.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32415", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to read sensitive location information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, tvOS 16.5. An app may be able to read sensitive location information" } ] } diff --git a/2023/32xxx/CVE-2023-32417.json b/2023/32xxx/CVE-2023-32417.json index 0b8d48a38b7..68f32ae0e94 100644 --- a/2023/32xxx/CVE-2023-32417.json +++ b/2023/32xxx/CVE-2023-32417.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32417", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features" } ] } diff --git a/2023/32xxx/CVE-2023-32419.json b/2023/32xxx/CVE-2023-32419.json index 7c42527582e..e1d1f7751b5 100644 --- a/2023/32xxx/CVE-2023-32419.json +++ b/2023/32xxx/CVE-2023-32419.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32419", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to cause arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution" } ] } diff --git a/2023/32xxx/CVE-2023-32420.json b/2023/32xxx/CVE-2023-32420.json index 684d2ae54a2..0d22e5b4807 100644 --- a/2023/32xxx/CVE-2023-32420.json +++ b/2023/32xxx/CVE-2023-32420.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32420", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to cause unexpected system termination or read kernel memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to cause unexpected system termination or read kernel memory" } ] } diff --git a/2023/32xxx/CVE-2023-32422.json b/2023/32xxx/CVE-2023-32422.json index a681b3cc8cd..2ca9bdaa5fe 100644 --- a/2023/32xxx/CVE-2023-32422.json +++ b/2023/32xxx/CVE-2023-32422.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32422", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "tvOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to bypass Privacy preferences" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, tvOS 16.5. An app may be able to bypass Privacy preferences" } ] } diff --git a/2023/32xxx/CVE-2023-32423.json b/2023/32xxx/CVE-2023-32423.json index 0d73a331eeb..b275b645fb9 100644 --- a/2023/32xxx/CVE-2023-32423.json +++ b/2023/32xxx/CVE-2023-32423.json @@ -4,14 +4,123 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32423", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing web content may disclose sensitive information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213758", + "name": "https://support.apple.com/en-us/HT213758" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213764", + "name": "https://support.apple.com/en-us/HT213764" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213757", + "name": "https://support.apple.com/en-us/HT213757" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213761", + "name": "https://support.apple.com/en-us/HT213761" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213762", + "name": "https://support.apple.com/en-us/HT213762" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information" } ] } diff --git a/2023/32xxx/CVE-2023-32434.json b/2023/32xxx/CVE-2023-32434.json index 48bbedca115..bcb8c4fca39 100644 --- a/2023/32xxx/CVE-2023-32434.json +++ b/2023/32xxx/CVE-2023-32434.json @@ -4,14 +4,155 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32434", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "12.6" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.8" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.5" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + }, + { + "product_name": "watchOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213811", + "name": "https://support.apple.com/en-us/HT213811" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213814", + "name": "https://support.apple.com/en-us/HT213814" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213813", + "name": "https://support.apple.com/en-us/HT213813" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213810", + "name": "https://support.apple.com/en-us/HT213810" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213808", + "name": "https://support.apple.com/en-us/HT213808" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213812", + "name": "https://support.apple.com/en-us/HT213812" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213809", + "name": "https://support.apple.com/en-us/HT213809" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Big Sur 11.7.8, macOS Monterey 12.6.7, macOS Ventura 13.4.1, watchOS 9.5.2. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7." } ] } diff --git a/2023/32xxx/CVE-2023-32435.json b/2023/32xxx/CVE-2023-32435.json index e1997093483..87b51edee50 100644 --- a/2023/32xxx/CVE-2023-32435.json +++ b/2023/32xxx/CVE-2023-32435.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32435", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.3" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.4" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213670", + "name": "https://support.apple.com/en-us/HT213670" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213676", + "name": "https://support.apple.com/en-us/HT213676" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213671", + "name": "https://support.apple.com/en-us/HT213671" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213811", + "name": "https://support.apple.com/en-us/HT213811" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7." } ] } diff --git a/2023/32xxx/CVE-2023-32439.json b/2023/32xxx/CVE-2023-32439.json index 5824d546c9a..a0b8c2ee5d8 100644 --- a/2023/32xxx/CVE-2023-32439.json +++ b/2023/32xxx/CVE-2023-32439.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32439", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "15.7" + } + ] + } + }, + { + "product_name": "Safari", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "iOS and iPadOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "16.5" + } + ] + } + }, + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213811", + "name": "https://support.apple.com/en-us/HT213811" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213816", + "name": "https://support.apple.com/en-us/HT213816" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213814", + "name": "https://support.apple.com/en-us/HT213814" + }, + { + "refsource": "MISC", + "url": "https://support.apple.com/en-us/HT213813", + "name": "https://support.apple.com/en-us/HT213813" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, Safari 16.5.1, macOS Ventura 13.4.1, iOS 15.7.7 and iPadOS 15.7.7. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." } ] } diff --git a/2023/34xxx/CVE-2023-34241.json b/2023/34xxx/CVE-2023-34241.json index 94f6ddd75dd..0fb217a0413 100644 --- a/2023/34xxx/CVE-2023-34241.json +++ b/2023/34xxx/CVE-2023-34241.json @@ -68,6 +68,11 @@ "url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.6", "refsource": "MISC", "name": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.6" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/06/23/10", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/06/23/10" } ] }, diff --git a/2023/34xxx/CVE-2023-34671.json b/2023/34xxx/CVE-2023-34671.json index 2ad0d81ded0..4d0e65e7608 100644 --- a/2023/34xxx/CVE-2023-34671.json +++ b/2023/34xxx/CVE-2023-34671.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-34671", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-34671", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role in the user profile. An attack could occur over the public Internet in some cases." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://elenos.com", + "refsource": "MISC", + "name": "http://elenos.com" + }, + { + "refsource": "MISC", + "name": "https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-34671", + "url": "https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-34671" } ] } diff --git a/2023/35xxx/CVE-2023-35153.json b/2023/35xxx/CVE-2023-35153.json index 29c0431ece4..c288010eeba 100644 --- a/2023/35xxx/CVE-2023-35153.json +++ b/2023/35xxx/CVE-2023-35153.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-35153", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerability can be exploited by users with edit rights by adding a `AppWithinMinutes.FormFieldCategoryClass` class on a page and setting the payload on the page title. Then, any user visiting `/xwiki/bin/view/AppWithinMinutes/ClassEditSheet` executes the payload. The issue has been patched in XWiki 14.4.8, 14.10.4, and 15.0. As a workaround, update `AppWithinMinutes.ClassEditSheet` with a patch." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", + "cweId": "CWE-80" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "xwiki", + "product": { + "product_data": [ + { + "product_name": "xwiki-platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 5.4.4, < 14.4.8" + }, + { + "version_affected": "=", + "version_value": " >= 14.5, < 14.10.4" + }, + { + "version_affected": "=", + "version_value": ">= 15.0-rc-1, < 15.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4wc6-hqv9-qc97", + "refsource": "MISC", + "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4wc6-hqv9-qc97" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/commit/1b87fec1e5b5ec00b7a8c3c3f94f6c5e22547392#diff-79e725ec7125cced7d302e1a1f955a76745af26ef28a148981b810e85335d302", + "refsource": "MISC", + "name": "https://github.com/xwiki/xwiki-platform/commit/1b87fec1e5b5ec00b7a8c3c3f94f6c5e22547392#diff-79e725ec7125cced7d302e1a1f955a76745af26ef28a148981b810e85335d302" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20365", + "refsource": "MISC", + "name": "https://jira.xwiki.org/browse/XWIKI-20365" + } + ] + }, + "source": { + "advisory": "GHSA-4wc6-hqv9-qc97", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/3xxx/CVE-2023-3317.json b/2023/3xxx/CVE-2023-3317.json index b605b88e314..62730d34aac 100644 --- a/2023/3xxx/CVE-2023-3317.json +++ b/2023/3xxx/CVE-2023-3317.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-3317", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "KErnel version prior to 6.3-rc6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://patchwork.kernel.org/project/linux-wireless/patch/51fd8f76494348aa9ecbf0abc471ebe47a983dfd.1679502607.git.lorenzo@kernel.org/", + "url": "https://patchwork.kernel.org/project/linux-wireless/patch/51fd8f76494348aa9ecbf0abc471ebe47a983dfd.1679502607.git.lorenzo@kernel.org/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel. This flaw could allow an attacker to crash the system after 'features' memory release. This vulnerability could even lead to a kernel information leak problem." } ] }