CVE-2023-41993
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/09/2023
Last modified:
29/11/2024
Description
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* | 17.0.1 (excluding) | |
| cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* | 17.0.1 (excluding) | |
| cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* | 14.0 (excluding) | |
| cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:* | ||
| cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:* | ||
| cpe:2.3:a:oracle:jdk:1.8.0:update401:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:jre:1.8.0:update401:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:* | ||
| cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://security.gentoo.org/glsa/202401-33
- https://security.netapp.com/advisory/ntap-20240426-0004/
- https://support.apple.com/en-us/HT213940
- https://security.gentoo.org/glsa/202401-33
- https://security.netapp.com/advisory/ntap-20240426-0004/
- https://support.apple.com/en-us/HT213940
- https://webkitgtk.org/security/WSA-2023-0009.html