macOS Ventura
by Apple Inc.
CVEs (438)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-42826 | 0.00 | — | 0.01 | Feb 27, 2023 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution. | |||
| CVE-2022-42838 | 0.00 | — | 0.00 | Feb 27, 2023 | An issue with app access to camera data was addressed with improved logic. This issue is fixed in macOS Ventura 13. A camera extension may be able to continue receiving video after the app which activated was closed. | |||
| CVE-2023-23493 | 0.00 | — | 0.00 | Feb 27, 2023 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3. An encrypted volume may be unmounted and remounted by a different user without prompting for the password. | |||
| CVE-2023-23524 | 0.00 | — | 0.01 | Feb 27, 2023 | A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service. | |||
| CVE-2022-46705 | 0.00 | — | 0.01 | Feb 27, 2023 | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing. | |||
| CVE-2023-23511 | 0.00 | — | 0.00 | Feb 27, 2023 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass Privacy preferences. | |||
| CVE-2023-23520 | 0.00 | — | 0.01 | Feb 27, 2023 | A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root. | |||
| CVE-2023-23519 | 0.00 | — | 0.01 | Feb 27, 2023 | A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing an image may lead to a denial-of-service. | |||
| CVE-2023-23530 | 0.00 | — | 0.00 | Feb 27, 2023 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. | |||
| CVE-2022-32902 | 0.00 | — | 0.00 | Feb 27, 2023 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences. | |||
| CVE-2023-23507 | 0.00 | — | 0.00 | Feb 27, 2023 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2. An app may be able to execute arbitrary code with kernel privileges. | |||
| CVE-2023-23498 | 0.00 | — | 0.00 | Feb 27, 2023 | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.3 and iPadOS 15.7.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account. | |||
| CVE-2023-23510 | 0.00 | — | 0.00 | Feb 27, 2023 | A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.2. An app may be able to access a user’s Safari history. | |||
| CVE-2023-23503 | 0.00 | — | 0.00 | Feb 27, 2023 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass Privacy preferences. | |||
| CVE-2023-23512 | 0.00 | — | 0.01 | Feb 27, 2023 | The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Visiting a website may lead to an app denial-of-service. | |||
| CVE-2023-23497 | 0.00 | — | 0.00 | Feb 27, 2023 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to gain root privileges. | |||
| CVE-2022-46697 | 0.00 | — | 0.00 | Dec 15, 2022 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges. | |||
| CVE-2022-42837 | 0.00 | — | 0.02 | Dec 15, 2022 | An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or… | |||
| CVE-2022-42854 | 0.00 | — | 0.00 | Dec 15, 2022 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1. An app may be able to disclose kernel memory. | |||
| CVE-2022-46701 | 0.00 | — | 0.00 | Dec 15, 2022 | The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges. |
- CVE-2022-42826Feb 27, 2023risk 0.00cvss —epss 0.01
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2022-42838Feb 27, 2023risk 0.00cvss —epss 0.00
An issue with app access to camera data was addressed with improved logic. This issue is fixed in macOS Ventura 13. A camera extension may be able to continue receiving video after the app which activated was closed.
- CVE-2023-23493Feb 27, 2023risk 0.00cvss —epss 0.00
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3. An encrypted volume may be unmounted and remounted by a different user without prompting for the password.
- CVE-2023-23524Feb 27, 2023risk 0.00cvss —epss 0.01
A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service.
- CVE-2022-46705Feb 27, 2023risk 0.00cvss —epss 0.01
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing.
- CVE-2023-23511Feb 27, 2023risk 0.00cvss —epss 0.00
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass Privacy preferences.
- CVE-2023-23520Feb 27, 2023risk 0.00cvss —epss 0.01
A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root.
- CVE-2023-23519Feb 27, 2023risk 0.00cvss —epss 0.01
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing an image may lead to a denial-of-service.
- CVE-2023-23530Feb 27, 2023risk 0.00cvss —epss 0.00
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
- CVE-2022-32902Feb 27, 2023risk 0.00cvss —epss 0.00
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences.
- CVE-2023-23507Feb 27, 2023risk 0.00cvss —epss 0.00
The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2. An app may be able to execute arbitrary code with kernel privileges.
- CVE-2023-23498Feb 27, 2023risk 0.00cvss —epss 0.00
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.3 and iPadOS 15.7.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account.
- CVE-2023-23510Feb 27, 2023risk 0.00cvss —epss 0.00
A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.2. An app may be able to access a user’s Safari history.
- CVE-2023-23503Feb 27, 2023risk 0.00cvss —epss 0.00
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass Privacy preferences.
- CVE-2023-23512Feb 27, 2023risk 0.00cvss —epss 0.01
The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Visiting a website may lead to an app denial-of-service.
- CVE-2023-23497Feb 27, 2023risk 0.00cvss —epss 0.00
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to gain root privileges.
- CVE-2022-46697Dec 15, 2022risk 0.00cvss —epss 0.00
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges.
- CVE-2022-42837Dec 15, 2022risk 0.00cvss —epss 0.02
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or…
- CVE-2022-42854Dec 15, 2022risk 0.00cvss —epss 0.00
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1. An app may be able to disclose kernel memory.
- CVE-2022-46701Dec 15, 2022risk 0.00cvss —epss 0.00
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.
Page 19 of 22