CVSS: 8.1EPSS: 0%CPEs: 58EXPL: 0CVE-2022-23308 – libxml2: Use-after-free of ID and IDREF attributes
https://notcve.org/view.php?id=CVE-2022-23308
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. El archivo valid.c en libxml2 versiones anteriores a 2.9.13, presenta un uso de memoria previamente liberada de los atributos ID e IDREF. A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XML_PARSE_DTDVALID option and without the XML_PARSE_NOENT option, resulting in a use-after-free issue. • http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/34 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/36 http://seclists.org/fulldisclosure/2022/May/37 http://seclists.org/fulldisclosure/2022/May/38 https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS https://lists.debian.org/debian-lts-announce/2022/04/msg00004. • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2CVE-2022-22620 – Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2022-22620
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Se abordó un problema de uso de memoria previamente liberada con una administración de memoria mejorada. • https://github.com/kmeps4/CVE-2022-22620 https://github.com/springsec/CVE-2022-22620 https://security.gentoo.org/glsa/202208-39 https://support.apple.com/en-us/HT213091 https://support.apple.com/en-us/HT213092 https://support.apple.com/en-us/HT213093 https://access.redhat.com/security/cve/CVE-2022-22620 https://bugzilla.redhat.com/show_bug.cgi?id=2056474 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-22584 – Apple macOS ColorSync ICC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-22584
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file may lead to arbitrary code execution. Se abordó un problema de corrupción de memoria con una comprobación mejorada. Este problema es corregido en tvOS versión 15.3, iOS versión 15.3 y iPadOS versión 15.3, watchOS versión 8.4, macOS Monterey versión 12.2. • https://support.apple.com/en-us/HT213053 https://support.apple.com/en-us/HT213054 https://support.apple.com/en-us/HT213057 https://support.apple.com/en-us/HT213059 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22585
https://notcve.org/view.php?id=CVE-2022-22585
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files. Se presentaba un problema en la lógica de comprobación de rutas para los enlaces simbólicos. • https://support.apple.com/en-us/HT213053 https://support.apple.com/en-us/HT213054 https://support.apple.com/en-us/HT213055 https://support.apple.com/en-us/HT213057 https://support.apple.com/en-us/HT213059 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22590 – webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-22590
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de uso de memoria previamente liberada con una administración de memoria mejorada. Este problema es corregido en iOS versión 15.3 y iPadOS versión 15.3, watchOS versión 8.4, tvOS versión 15.3, Safari versión 15.3, macOS Monterey versión 12.2. • https://security.gentoo.org/glsa/202208-39 https://support.apple.com/en-us/HT213053 https://support.apple.com/en-us/HT213054 https://support.apple.com/en-us/HT213057 https://support.apple.com/en-us/HT213058 https://support.apple.com/en-us/HT213059 https://access.redhat.com/security/cve/CVE-2022-22590 https://bugzilla.redhat.com/show_bug.cgi?id=2053181 • CWE-416: Use After Free •