CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32810
https://notcve.org/view.php?id=CVE-2022-32810
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges. Se abordó este problema con la administración de memoria mejorada. Este problema es corregido en macOS Monterey versión 12.5, watchOS versión 8.7, iOS versión 15.6 y iPadOS versión 15.6. • https://support.apple.com/en-us/HT213340 https://support.apple.com/en-us/HT213345 https://support.apple.com/en-us/HT213346 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-32793
https://notcve.org/view.php?id=CVE-2022-32793
Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory. Se han abordado varios problemas de escritura fuera de límites con una comprobación de límites mejorada. Este problema es corregido en macOS Monterey versión 12.5, watchOS versión 8.7, tvOS versión 15.6, iOS versión 15.6 y iPadOS versión 15.6. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK https://support.apple.com/en-us/HT213340 https://support.apple.com/en-us/HT213342 https://support.apple.com/en-us/HT213345 https://support.apple.com/en-us/HT213346 https://support.apple.com/kb/HT213446 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0CVE-2022-32785
https://notcve.org/view.php?id=CVE-2022-32785
A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service. Se abordó una desreferencia de puntero null con una comprobación mejorada. Este problema ha sido corregido en iOS versión 15.6 y iPadOS versión 15.6, Security Update 2022-005 Catalina, macOS Big Sur versión 11.6.8, macOS Monterey versión 12.5. • https://support.apple.com/en-us/HT213343 https://support.apple.com/en-us/HT213344 https://support.apple.com/en-us/HT213345 https://support.apple.com/en-us/HT213346 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-32814
https://notcve.org/view.php?id=CVE-2022-32814
A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. Se abordó un problema de confusión de tipos con un manejo de estados mejorado. Este problema ha sido corregido en watchOS versión 8.7, tvOS versión 15.6, iOS versión 15.6 y iPadOS versión 15.6, macOS Monterey versión 12.5. • https://support.apple.com/en-us/HT213340 https://support.apple.com/en-us/HT213342 https://support.apple.com/en-us/HT213345 https://support.apple.com/en-us/HT213346 https://support.apple.com/kb/HT213344 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 1CVE-2022-32205
https://notcve.org/view.php?id=CVE-2022-32205
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method. Un servidor malicioso puede servir cantidades excesivas de encabezados "Set-Cookie:" en una respuesta HTTP a curl y curl versiones anteriores a 7.84.0 las almacena todas. Una cantidad suficientemente grande de cookies (grandes) hace que las subsiguientes peticiones HTTP a este, o a otros servidores con los que coincidan las cookies, creen peticiones que superen el umbral que curl usa internamente para evitar el envío de peticiones locamente grandes (1048576 bytes) y en su lugar devuelva un error. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf https://hackerone.com/reports/1569946 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220915-0003 https://support.apple.com/kb/HT213488 https://www.debian.org/security/2022/dsa- • CWE-770: Allocation of Resources Without Limits or Throttling •