VDB
CVE-2023-4736
CVE-2023-4736
PUBLISHED
CVSS 8.699999809265137 HIGH
Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgemäßer Speicher- oder Cache-Verarbeitung, unsachgemäßer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.
EPSS 0.03% · 9.2th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.03%
9.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Ubuntu Linux | |
| Xerox | Xerox FreeFlow Print Server v7 | |
| SUSE | SUSE Linux | |
| Dell | Dell NetWorker vProxy<19.9.0.4 | |
| Dell | Dell NetWorker vProxy<19.10 | |
| Debian | Debian Linux | |
| Open Source | Open Source vim <9.0.1833 | |
| Xerox | Xerox FreeFlow Print Server v9 | |
| Amazon | Amazon Linux 2 | |
| Open Source | Open Source vim <9.0.1331 | |
| Dell | Dell ECS <3.8.1.1 |
Exploit Intelligence
- https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71 (nist-nvd)
- campaign_operation_triangulation.yar (github-yara)
- campaign_operation_triangulation.yar (github-yara)
- campaign_operation_triangulation.yar (github-yara)
- campaign_operation_triangulation.yar (github-yara)
- campaign_operation_triangulation.yar (github-yara)
- campaign_operation_triangulation.yar (github-yara)
- campaign_operation_triangulation.yar (github-yara)
- macos_v2_generated.go (github-poc)
- macos_v2_generated.go (github-poc)
…and 12 more exploits
Timeline
- Sep 2, 2023 CVE Published
- Sep 2, 2023 CVE Updated
- Sep 3, 2023 EPSS Score
- Oct 6, 2023 EPSS Score
- Nov 7, 2023 EPSS Score
- Dec 10, 2023 EPSS Score
- Jan 12, 2024 EPSS Score
- Feb 14, 2024 EPSS Score
- Mar 17, 2024 EPSS Score
- Apr 19, 2024 EPSS Score
- May 9, 2024 PoC Published
- May 22, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2249.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2249 advisory
- https://github.com/advisories/GHSA-424w-j4hf-8cgp advisory
- https://github.com/advisories/GHSA-3q9r-pq9x-wfp4 advisory
- https://github.com/advisories/GHSA-93j8-r599-v94c advisory
- https://github.com/advisories/GHSA-x7vr-7frv-2rrh advisory
- https://github.com/advisories/GHSA-mfhq-77wv-g7gh advisory
- https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217/ advisory
- https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51/ advisory
- https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71/ advisory
- https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612/ advisory
- https://huntr.dev/bounties/db7be8d6-6cb7-4ae5-9c4e-805423afa378/ advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2237161 advisory
- https://alas.aws.amazon.com/ALAS-2023-1826.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-October/016483.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-October/016486.html advisory
- https://alas.aws.amazon.com/AL2/ALAS-2023-2266.html advisory
- https://ubuntu.com/security/notices/USN-6452-1 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-November/017223.html advisory
- https://www.dell.com/support/kbdoc/de-de/000221476/dsa-2024-058-security-update-for-dell-networker-vproxy-multiple-components-vulnerabilities advisory
…and 10 more