VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-4trd-avn1-k3gb

Essentials
Severities (25)
References (41)
Severity details (9)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-4trd-avn1-k3gb
Aliases	CVE-2023-41993
Summary	The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Status	Published
Exploitability	2.0
Weighted Severity	8.8
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-754

Improper Check for Unusual or Exceptional Conditions

System	Score	Found at
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41993.json
epss	0.08736	https://api.first.org/data/v1/epss?cve=CVE-2023-41993
epss	0.08736	https://api.first.org/data/v1/epss?cve=CVE-2023-41993
epss	0.08736	https://api.first.org/data/v1/epss?cve=CVE-2023-41993
epss	0.08736	https://api.first.org/data/v1/epss?cve=CVE-2023-41993
epss	0.08736	https://api.first.org/data/v1/epss?cve=CVE-2023-41993
epss	0.08736	https://api.first.org/data/v1/epss?cve=CVE-2023-41993
epss	0.08736	https://api.first.org/data/v1/epss?cve=CVE-2023-41993
epss	0.08736	https://api.first.org/data/v1/epss?cve=CVE-2023-41993
epss	0.08736	https://api.first.org/data/v1/epss?cve=CVE-2023-41993
epss	0.08736	https://api.first.org/data/v1/epss?cve=CVE-2023-41993
epss	0.08736	https://api.first.org/data/v1/epss?cve=CVE-2023-41993
epss	0.08736	https://api.first.org/data/v1/epss?cve=CVE-2023-41993
epss	0.08736	https://api.first.org/data/v1/epss?cve=CVE-2023-41993
epss	0.08736	https://api.first.org/data/v1/epss?cve=CVE-2023-41993
epss	0.08736	https://api.first.org/data/v1/epss?cve=CVE-2023-41993
epss	0.08736	https://api.first.org/data/v1/epss?cve=CVE-2023-41993
cvssv3.1	8.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2023-41993
cvssv3.1	8.8	https://security.gentoo.org/glsa/202401-33
ssvc	Attend	https://security.gentoo.org/glsa/202401-33
cvssv3.1	8.8	https://security.netapp.com/advisory/ntap-20240426-0004/
ssvc	Attend	https://security.netapp.com/advisory/ntap-20240426-0004/
cvssv3.1	8.8	https://support.apple.com/en-us/HT213940
ssvc	Attend	https://support.apple.com/en-us/HT213940

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41993.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-41993
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1745
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32359
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39928
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40414
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41074
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41993
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42875
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42890
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42970
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://webkitgtk.org/security/WSA-2023-0009.html
202401-33		https://security.gentoo.org/glsa/202401-33
2240522		https://bugzilla.redhat.com/show_bug.cgi?id=2240522
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vsphere::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vsphere::
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:::::::*
cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:::::::*
cpe:2.3:a:netapp:oncommand_insight:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight:-:::::::*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
cpe:2.3:a:oracle:graalvm:20.3.13::::enterprise:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.13::::enterprise:::
cpe:2.3:a:oracle:graalvm:21.3.9::::enterprise:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.9::::enterprise:::
cpe:2.3:a:oracle:jdk:1.8.0:update401::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update401::::::
cpe:2.3:a:oracle:jre:1.8.0:update401::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update401::::::
cpe:2.3:a:webkitgtk:webkitgtk\+::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:webkitgtk:webkitgtk\+::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
cpe:2.3:o:fedoraproject:fedora:37:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:::::::*
cpe:2.3:o:fedoraproject:fedora:38:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:::::::*
cpe:2.3:o:fedoraproject:fedora:39:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:::::::*
CVE-2023-41993		https://nvd.nist.gov/vuln/detail/CVE-2023-41993
HT213940		https://support.apple.com/en-us/HT213940
ntap-20240426-0004		https://security.netapp.com/advisory/ntap-20240426-0004/
RHSA-2023:4201		https://access.redhat.com/errata/RHSA-2023:4201
RHSA-2023:4202		https://access.redhat.com/errata/RHSA-2023:4202
RHSA-2025:10364		https://access.redhat.com/errata/RHSA-2025:10364
USN-6426-1		https://usn.ubuntu.com/6426-1/

Data source	KEV
Date added	Sept. 25, 2023
Description	Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required action	Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due date	Oct. 16, 2023
Note	https://support.apple.com/en-us/HT213926, https://support.apple.com/en-us/HT213927, https://support.apple.com/en-us/HT213930; https://nvd.nist.gov/vuln/detail/CVE-2023-41993
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41993.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-41993

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202401-33

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-01-11T02:17:52Z/ Found at https://security.gentoo.org/glsa/202401-33

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20240426-0004/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-01-11T02:17:52Z/ Found at https://security.netapp.com/advisory/ntap-20240426-0004/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT213940

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-01-11T02:17:52Z/ Found at https://support.apple.com/en-us/HT213940

Exploit Prediction Scoring System (EPSS)

Percentile	0.92116
EPSS Score	0.08736
Published At	Aug. 7, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:35:43.449534+00:00	Ubuntu USN Importer	Import	https://usn.ubuntu.com/6426-1/	37.0.0

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41993.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-41993
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1745
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32359
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39928
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40414
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41074
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41993
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42875
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42890
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42970
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://webkitgtk.org/security/WSA-2023-0009.html
202401-33		https://security.gentoo.org/glsa/202401-33
2240522		https://bugzilla.redhat.com/show_bug.cgi?id=2240522
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vsphere::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vsphere::
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:::::::*
cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:::::::*
cpe:2.3:a:netapp:oncommand_insight:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight:-:::::::*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
cpe:2.3:a:oracle:graalvm:20.3.13::::enterprise:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.13::::enterprise:::
cpe:2.3:a:oracle:graalvm:21.3.9::::enterprise:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.9::::enterprise:::
cpe:2.3:a:oracle:jdk:1.8.0:update401::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update401::::::
cpe:2.3:a:oracle:jre:1.8.0:update401::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update401::::::
cpe:2.3:a:webkitgtk:webkitgtk\+::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:webkitgtk:webkitgtk\+::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
cpe:2.3:o:fedoraproject:fedora:37:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:::::::*
cpe:2.3:o:fedoraproject:fedora:38:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:::::::*
cpe:2.3:o:fedoraproject:fedora:39:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:::::::*
CVE-2023-41993		https://nvd.nist.gov/vuln/detail/CVE-2023-41993
HT213940		https://support.apple.com/en-us/HT213940
ntap-20240426-0004		https://security.netapp.com/advisory/ntap-20240426-0004/
RHSA-2023:4201		https://access.redhat.com/errata/RHSA-2023:4201
RHSA-2023:4202		https://access.redhat.com/errata/RHSA-2023:4202
RHSA-2025:10364		https://access.redhat.com/errata/RHSA-2025:10364
USN-6426-1		https://usn.ubuntu.com/6426-1/