CVSS: 9.3EPSS: 0%CPEs: 21EXPL: 0CVE-2022-22593
https://notcve.org/view.php?id=CVE-2022-22593
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de desbordamiento del búfer con un manejo de memoria mejorado. Este problema es corregido en iOS versión 15.3 y iPadOS versión 15.3, watchOS versión 8.4, tvOS versión 15.3, Security Update 2022-001 Catalina, macOS Monterey versión 12.2, macOS Big Sur versión 11.6.3. • https://support.apple.com/en-us/HT213053 https://support.apple.com/en-us/HT213054 https://support.apple.com/en-us/HT213055 https://support.apple.com/en-us/HT213056 https://support.apple.com/en-us/HT213057 https://support.apple.com/en-us/HT213059 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22585
https://notcve.org/view.php?id=CVE-2022-22585
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files. Se presentaba un problema en la lógica de comprobación de rutas para los enlaces simbólicos. • https://support.apple.com/en-us/HT213053 https://support.apple.com/en-us/HT213054 https://support.apple.com/en-us/HT213055 https://support.apple.com/en-us/HT213057 https://support.apple.com/en-us/HT213059 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22594 – webkitgtk: A malicious website may exfiltrate data cross-origin
https://notcve.org/view.php?id=CVE-2022-22594
A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information. Se abordó un problema de origen cruzado en la API de IndexDB con una comprobación de entrada mejorada. Este problema es corregido en iOS versión 15.3 y iPadOS versión 15.3, watchOS versión 8.4, tvOS versión 15.3, Safari versión 15.3, macOS Monterey versión 12.2. • https://support.apple.com/en-us/HT213053 https://support.apple.com/en-us/HT213054 https://support.apple.com/en-us/HT213057 https://support.apple.com/en-us/HT213058 https://support.apple.com/en-us/HT213059 https://access.redhat.com/security/cve/CVE-2022-22594 https://bugzilla.redhat.com/show_bug.cgi?id=2045291 • CWE-346: Origin Validation Error •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2022-22579 – Apple macOS ModelIO STL File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-22579
An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution. Se abordó un problema de divulgación de información con una administración de estados mejorada. Este problema es corregido en iOS versión 15.3 y iPadOS versión 15.3, tvOS versión 15.3, Security Update 2022-001 Catalina, macOS Monterey versión 12.2, macOS Big Sur versión 11.6.3. • https://support.apple.com/en-us/HT213053 https://support.apple.com/en-us/HT213054 https://support.apple.com/en-us/HT213055 https://support.apple.com/en-us/HT213056 https://support.apple.com/en-us/HT213057 •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 1CVE-2022-0351 – Access of Memory Location Before Start of Buffer in vim/vim
https://notcve.org/view.php?id=CVE-2022-0351
Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. Acceso a la ubicación de la memoria antes del inicio del búfer en el repositorio GitHub vim/vim anterior a 8.2. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 http://seclists.org/fulldisclosure/2022/Oct/43 https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161 https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://security.gentoo.org/glsa/202208-32 https://support.apple.com/kb/HT213444&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-786: Access of Memory Location Before Start of Buffer •