CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2022-26688 – Apple macOS PackageKit PKCoreShove Link Following System Integrity Protection Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-26688
An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files. Se abordó un problema en el manejo de los enlaces simbólicos con una comprobación mejorada. Este problema es corregido en Security Update 2022-003 Catalina, macOS Monterey versión 12.3 y macOS Big Sur versión 11.6.5. • https://support.apple.com/en-us/HT213183 https://support.apple.com/en-us/HT213184 https://support.apple.com/en-us/HT213185 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22676 – Apple macOS PackageKit PKInstallService Directory Traversal System Integrity Protection Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-22676
An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission. Se abordó un problema de comprobación de manejadores de eventos en la API de servicios XPC mediante la eliminación del servicio. Este problema es corregido en macOS Monterey versión 12.2. • https://support.apple.com/en-us/HT213054 •
CVSS: 9.3EPSS: 0%CPEs: 19EXPL: 0CVE-2022-22672
https://notcve.org/view.php?id=CVE-2022-22672
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de corrupción de memoria con una administración de memoria mejorada. Este problema es corregido en iOS versión 15.4 y iPadOS versión 15.4, Security Update 2022-003 Catalina, macOS Monterey versión 12.3 y macOS Big Sur versión 11.6.5. • https://support.apple.com/en-us/HT213182 https://support.apple.com/en-us/HT213183 https://support.apple.com/en-us/HT213184 https://support.apple.com/en-us/HT213185 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-1851 – Out-of-bounds Read in vim/vim
https://notcve.org/view.php?id=CVE-2022-1851
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Una Lectura Fuera de Límites en el repositorio GitHub vim/vim versiones anteriores a 8.2 • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ https://lists.fedoraproject& • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-26764
https://notcve.org/view.php?id=CVE-2022-26764
A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. Se abordó un problema de corrupción de memoria con una comprobación mejorada. Este problema es corregido en watchOS versión 8.6, tvOS versión 15.5, macOS Monterey versión 12.4, iOS versión 15.5 y iPadOS versión 15.5. • https://support.apple.com/en-us/HT213253 https://support.apple.com/en-us/HT213254 https://support.apple.com/en-us/HT213257 https://support.apple.com/en-us/HT213258 • CWE-787: Out-of-bounds Write •